Ignore:
Timestamp:
Jul 26, 2011, 8:53:04 AM (8 years ago)
Author:
ylafon@…
Message:

Added security consideration on range flooding (See #175)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p5-range.html

    r1350 r1355  
    359359  }
    360360  @bottom-center {
    361        content: "Expires January 26, 2012";
     361       content: "Expires January 27, 2012";
    362362  }
    363363  @bottom-right {
     
    406406      <meta name="dct.creator" content="Reschke, J. F.">
    407407      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p5-range-latest">
    408       <meta name="dct.issued" scheme="ISO8601" content="2011-07-25">
     408      <meta name="dct.issued" scheme="ISO8601" content="2011-07-26">
    409409      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    410410      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 5 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 5 defines range-specific requests and the rules for constructing and combining responses to those requests.">
     
    432432            </tr>
    433433            <tr>
    434                <td class="left">Expires: January 26, 2012</td>
     434               <td class="left">Expires: January 27, 2012</td>
    435435               <td class="right">J. Mogul</td>
    436436            </tr>
     
    489489            <tr>
    490490               <td class="left"></td>
    491                <td class="right">July 25, 2011</td>
     491               <td class="right">July 26, 2011</td>
    492492            </tr>
    493493         </tbody>
     
    517517         in progress”.
    518518      </p>
    519       <p>This Internet-Draft will expire on January 26, 2012.</p>
     519      <p>This Internet-Draft will expire on January 27, 2012.</p>
    520520      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    521521      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    571571            </ul>
    572572         </li>
    573          <li>7.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a></li>
     573         <li>7.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a><ul>
     574               <li>7.1&nbsp;&nbsp;&nbsp;<a href="#overlapping.ranges">Overlapping Ranges</a></li>
     575            </ul>
     576         </li>
    574577         <li>8.&nbsp;&nbsp;&nbsp;<a href="#ack">Acknowledgments</a></li>
    575578         <li>9.&nbsp;&nbsp;&nbsp;<a href="#rfc.references">References</a><ul>
     
    10321035      <p id="rfc.section.6.3.p.3">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
    10331036      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
    1034       <p id="rfc.section.7.p.1">No additional security considerations have been identified beyond those applicable to HTTP in general <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>.
     1037      <p id="rfc.section.7.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
     1038         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
     1039         make some suggestions for reducing security risks.
     1040      </p>
     1041      <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a id="overlapping.ranges" href="#overlapping.ranges">Overlapping Ranges</a></h2>
     1042      <p id="rfc.section.7.1.p.1">Range requests containing overlapping ranges may lead to the situation where a server is sending far more data than the size
     1043         of the complete resource representation.
    10351044      </p>
    10361045      <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1>
     
    13921401      <p id="rfc.section.D.16.p.1">None.</p>
    13931402      <h2 id="rfc.section.D.17"><a href="#rfc.section.D.17">D.17</a>&nbsp;<a id="changes.since.15" href="#changes.since.15">Since draft-ietf-httpbis-p5-range-15</a></h2>
    1394       <p id="rfc.section.D.17.p.1">None.</p>
     1403      <p id="rfc.section.D.17.p.1">Closed issues: </p>
     1404      <ul>
     1405         <li> &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/175">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/175</a>&gt;: "Security consideration: range flooding"
     1406         </li>
     1407      </ul>
    13951408      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
    13961409      <p class="noprint"><a href="#rfc.index.2">2</a> <a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.M">M</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.S">S</a>
     
    14681481            </li>
    14691482            <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
    1470                   <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a>, <a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.2</a>, <a href="#rfc.xref.Part1.6">7</a>, <a href="#Part1"><b>9.1</b></a><ul>
     1483                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a>, <a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.2</a>, <a href="#Part1"><b>9.1</b></a><ul>
    14711484                        <li><em>Section 1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a></li>
    14721485                        <li><em>Section 1.2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a></li>
Note: See TracChangeset for help on using the changeset viewer.