Changeset 1355 for draft-ietf-httpbis/latest/p5-range.xml

Timestamp:

26/07/11 15:53:04 (12 years ago)

Author:

ylafon@…

Message:

Added security consideration on range flooding (See #175)

File:

• draft-ietf-httpbis/latest/p5-range.xml (modified) (2 diffs)

draft-ietf-httpbis/latest/p5-range.xml

@@ -984 +984 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   No additional security considerations have been identified beyond
-   those applicable to HTTP in general &messaging;.
-</t>
+   This section is meant to inform application developers, information
+   providers, and users of the security limitations in HTTP/1.1 as
+   described by this document. The discussion does not include
+   definitive solutions to the problems revealed, though it does make
+   some suggestions for reducing security risks.
+</t>
+<section title="Overlapping Ranges" anchor="overlapping.ranges">
+<t>
+   Range requests containing overlapping ranges may lead to the situation
+   where a server is sending far more data than the size of the complete
+   resource representation.
+</t>
+</section>
 </section>
 
@@ -1693 +1703 @@
 <section title="Since draft-ietf-httpbis-p5-range-15" anchor="changes.since.15">
 <t>
-  None.
+  Closed issues:
+  <list style="symbols">
+    <t>
+      <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/175"/>:
+      "Security consideration: range flooding"
+    </t>
+  </list>
 </t>
 </section>