04/07/11 16:12:46 (12 years ago)

mention NTLM as something that violates the stalessness requirement (see #288)

1 edited


  • draft-ietf-httpbis/latest/p1-messaging.html

    r1323 r1324  
    359359  }
    360360  @bottom-center {
    361        content: "Expires January 2, 2012";
     361       content: "Expires January 5, 2012";
    362362  }
    363363  @bottom-right {
    410410      <meta name="dct.creator" content="Reschke, J. F.">
    411411      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest">
    412       <meta name="dct.issued" scheme="ISO8601" content="2011-07-01">
     412      <meta name="dct.issued" scheme="ISO8601" content="2011-07-04">
    413413      <meta name="dct.replaces" content="urn:ietf:rfc:2145">
    414414      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    442442            </tr>
    443443            <tr>
    444                <td class="left">Expires: January 2, 2012</td>
     444               <td class="left">Expires: January 5, 2012</td>
    445445               <td class="right">HP</td>
    446446            </tr>
    495495            <tr>
    496496               <td class="left"></td>
    497                <td class="right">July 1, 2011</td>
     497               <td class="right">July 4, 2011</td>
    498498            </tr>
    499499         </tbody>
    525525         in progress”.
    526526      </p>
    527       <p>This Internet-Draft will expire on January 2, 2012.</p>
     527      <p>This Internet-Draft will expire on January 5, 2012.</p>
    528528      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    529529      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
    938938      </p>
    939939      <p id="rfc.section.2.2.p.3">Recipients <em class="bcp14">MUST</em> consider every message in a connection in isolation; because HTTP is a stateless protocol, it cannot be assumed that two requests
    940          on the same connection are from the same client or share any other common attributes.
     940         on the same connection are from the same client or share any other common attributes. In particular, intermediaries might
     941         mix requests from different clients into a single server connection. Note that some existing HTTP extensions (e.g., <a href="#RFC4559" id="rfc.xref.RFC4559.1"><cite title="SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows">[RFC4559]</cite></a>) violate this requirement, thereby potentially causing interoperability and security problems.
    941942      </p>
    942943      <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="transport-independence" href="#transport-independence">Connections and Transport Independence</a></h2>
    28492850      <h2 id="rfc.references.2"><a href="#rfc.section.13.2" id="rfc.section.13.2">13.2</a> Informative References
    28502851      </h2>
    2851       <table>                                                 
     2852      <table>                                                   
    28522853         <tr>
    28532854            <td class="reference"><b id="BCP97">[BCP97]</b></td>
    29492950            <td class="reference"><b id="RFC4395">[RFC4395]</b></td>
    29502951            <td class="top"><a href="mailto:tony+urireg@maillennium.att.com" title="AT&amp;T Laboratories">Hansen, T.</a>, <a href="mailto:hardie@qualcomm.com" title="Qualcomm, Inc.">Hardie, T.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems">L. Masinter</a>, “<a href="http://tools.ietf.org/html/rfc4395">Guidelines and Registration Procedures for New URI Schemes</a>”, BCP&nbsp;115, RFC&nbsp;4395, February&nbsp;2006.
     2952            </td>
     2953         </tr>
     2954         <tr>
     2955            <td class="reference"><b id="RFC4559">[RFC4559]</b></td>
     2956            <td class="top">Jaganathan, K., Zhu, L., and J. Brezak, “<a href="http://tools.ietf.org/html/rfc4559">SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows</a>”, RFC&nbsp;4559, June&nbsp;2006.
    29512957            </td>
    29522958         </tr>
    39223928                  <li><em>RFC4288</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4288.1">10.3</a>, <a href="#RFC4288"><b>13.2</b></a></li>
    39233929                  <li><em>RFC4395</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4395.1">10.2</a>, <a href="#RFC4395"><b>13.2</b></a></li>
     3930                  <li><em>RFC4559</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4559.1">2.2</a>, <a href="#RFC4559"><b>13.2</b></a></li>
    39243931                  <li><em>RFC5226</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5226.1">6.2.3</a>, <a href="#rfc.xref.RFC5226.2">9.8.1</a>, <a href="#RFC5226"><b>13.2</b></a><ul>
    39253932                        <li><em>Section 4.1</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5226.1">6.2.3</a>, <a href="#rfc.xref.RFC5226.2">9.8.1</a></li>
Note: See TracChangeset for help on using the changeset viewer.