Changeset 1776 for draft-ietf-httpbis/latest
- Timestamp:
- 14/07/12 17:52:23 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p0-introduction.html
r1772 r1776 523 523 known as HTTP/1.1. 524 524 </p> 525 <p id="rfc.section.1.p.2">The document series is organi sed as follows:</p>525 <p id="rfc.section.1.p.2">The document series is organized as follows:</p> 526 526 <ul> 527 527 <li>HTTP/1.1 Introduction - this document</li> -
draft-ietf-httpbis/latest/p0-introduction.xml
r1772 r1776 128 128 HTTP/1.1. 129 129 </t> 130 <t>The document series is organi sed as follows:</t>130 <t>The document series is organized as follows:</t> 131 131 <t><list style="symbols"> 132 132 <t>HTTP/1.1 Introduction - this document</t> -
draft-ietf-httpbis/latest/p1-messaging.html
r1773 r1776 1522 1522 </p> 1523 1523 <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a> <a id="incomplete.messages" href="#incomplete.messages">Handling Incomplete Messages</a></h2> 1524 <p id="rfc.section.3.4.p.1">Request messages that are prematurely terminated, possibly due to a cancel led connection or a server-imposed time-out exception, <em class="bcp14">MUST</em> result in closure of the connection; sending an HTTP/1.1 error response prior to closing the connection is <em class="bcp14">OPTIONAL</em>.1524 <p id="rfc.section.3.4.p.1">Request messages that are prematurely terminated, possibly due to a canceled connection or a server-imposed time-out exception, <em class="bcp14">MUST</em> result in closure of the connection; sending an HTTP/1.1 error response prior to closing the connection is <em class="bcp14">OPTIONAL</em>. 1525 1525 </p> 1526 1526 <p id="rfc.section.3.4.p.2">Response messages that are prematurely terminated, usually by closure of the connection prior to receiving the expected number … … 2632 2632 <p id="rfc.section.8.1.p.1">HTTP clients are often privy to large amounts of personal information (e.g., the user's name, location, mail address, passwords, 2633 2633 encryption keys, etc.), and <em class="bcp14">SHOULD</em> be very careful to prevent unintentional leakage of this information. We very strongly recommend that a convenient interface 2634 be provided for the user to control dissemination of such information, and that designers and implement ors be particularly2634 be provided for the user to control dissemination of such information, and that designers and implementers be particularly 2635 2635 careful in this area. History shows that errors in this area often create serious security and/or privacy problems and generate 2636 highly adverse publicity for the implement or's company.2636 highly adverse publicity for the implementer's company. 2637 2637 </p> 2638 2638 <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a> <a id="abuse.of.server.log.information" href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2> … … 2673 2673 </p> 2674 2674 <p id="rfc.section.8.5.p.2">Intermediaries that contain a shared cache are especially vulnerable to cache poisoning attacks.</p> 2675 <p id="rfc.section.8.5.p.3">Implement ors need to consider the privacy and security implications of their design and coding decisions, and of the configuration2675 <p id="rfc.section.8.5.p.3">Implementers need to consider the privacy and security implications of their design and coding decisions, and of the configuration 2676 2676 options they provide to operators (especially the default configuration). 2677 2677 </p> … … 2992 2992 </p> 2993 2993 <h2 id="rfc.section.A.2"><a href="#rfc.section.A.2">A.2</a> <a id="changes.from.rfc.2616" href="#changes.from.rfc.2616">Changes from RFC 2616</a></h2> 2994 <p id="rfc.section.A.2.p.1">Clarify that the string "HTTP" in the HTTP-version AB FNproduction is case sensitive. Restrict the version numbers to be single2994 <p id="rfc.section.A.2.p.1">Clarify that the string "HTTP" in the HTTP-version ABNF production is case sensitive. Restrict the version numbers to be single 2995 2995 digits due to the fact that implementations are known to handle multi-digit version numbers incorrectly. (<a href="#http.version" title="Protocol Versioning">Section 2.7</a>) 2996 2996 </p> … … 3021 3021 Remove requirements about when servers are allowed to close connections prematurely. (<a href="#persistent.practical" title="Practical Considerations">Section 6.3.3</a>) 3022 3022 </p> 3023 <p id="rfc.section.A.2.p.12">Remove requirement to retry requests under certain cir umstances when the server prematurely closes the connection. (<a href="#message.transmission.requirements" title="Message Transmission Requirements">Section 6.4</a>)3023 <p id="rfc.section.A.2.p.12">Remove requirement to retry requests under certain circumstances when the server prematurely closes the connection. (<a href="#message.transmission.requirements" title="Message Transmission Requirements">Section 6.4</a>) 3024 3024 </p> 3025 3025 <p id="rfc.section.A.2.p.13">Change ABNF productions for header fields to only define the field value.</p> -
draft-ietf-httpbis/latest/p1-messaging.xml
r1773 r1776 1821 1821 <t> 1822 1822 Request messages that are prematurely terminated, possibly due to a 1823 cancel led connection or a server-imposed time-out exception, &MUST;1823 canceled connection or a server-imposed time-out exception, &MUST; 1824 1824 result in closure of the connection; sending an HTTP/1.1 error response 1825 1825 prior to closing the connection is &OPTIONAL;. … … 3773 3773 We very strongly recommend that a convenient interface be provided 3774 3774 for the user to control dissemination of such information, and that 3775 designers and implement ors be particularly careful in this area.3775 designers and implementers be particularly careful in this area. 3776 3776 History shows that errors in this area often create serious security 3777 3777 and/or privacy problems and generate highly adverse publicity for the 3778 implement or's company.3778 implementer's company. 3779 3779 </t> 3780 3780 </section> … … 3856 3856 </t> 3857 3857 <t> 3858 Implement ors need to consider the privacy and security3858 Implementers need to consider the privacy and security 3859 3859 implications of their design and coding decisions, and of the 3860 3860 configuration options they provide to operators (especially the … … 5010 5010 <section title="Changes from RFC 2616" anchor="changes.from.rfc.2616"> 5011 5011 <t> 5012 Clarify that the string "HTTP" in the HTTP-version AB FNproduction is case5012 Clarify that the string "HTTP" in the HTTP-version ABNF production is case 5013 5013 sensitive. Restrict the version numbers to be single digits due to the fact 5014 5014 that implementations are known to handle multi-digit version numbers … … 5071 5071 </t> 5072 5072 <t> 5073 Remove requirement to retry requests under certain cir umstances when the5073 Remove requirement to retry requests under certain circumstances when the 5074 5074 server prematurely closes the connection. 5075 5075 (<xref target="message.transmission.requirements"/>) -
draft-ietf-httpbis/latest/p2-semantics.html
r1774 r1776 899 899 <div id="rfc.iref.s.2"></div> 900 900 <h3 id="rfc.section.2.1.1"><a href="#rfc.section.2.1.1">2.1.1</a> <a id="safe.methods" href="#safe.methods">Safe Methods</a></h3> 901 <p id="rfc.section.2.1.1.p.1">Implement ors need to be aware that the software represents the user in their interactions over the Internet, and need to allow901 <p id="rfc.section.2.1.1.p.1">Implementers need to be aware that the software represents the user in their interactions over the Internet, and need to allow 902 902 the user to be aware of any actions they take which might have an unexpected significance to themselves or others. 903 903 </p> … … 2082 2082 </p> 2083 2083 <div class="note" id="rfc.section.4.7.5.p.2"> 2084 <p> <b>Note</b> to implement ors: some deployed proxies are known to return <a href="#status.400" class="smpl">400 (Bad Request)</a> or <a href="#status.500" class="smpl">500 (Internal Server2084 <p> <b>Note</b> to implementers: some deployed proxies are known to return <a href="#status.400" class="smpl">400 (Bad Request)</a> or <a href="#status.500" class="smpl">500 (Internal Server 2085 2085 Error)</a> when DNS lookups time out. 2086 2086 </p> … … 2205 2205 <p id="rfc.section.5.3.p.5">HTTP uses charset in two contexts: within an <a href="#header.accept-charset" class="smpl">Accept-Charset</a> request header field (in which the charset value is an unquoted token) and as the value of a parameter in a <a href="#header.content-type" class="smpl">Content-Type</a> header field (within a request or response), in which case the parameter value of the charset parameter can be quoted. 2206 2206 </p> 2207 <p id="rfc.section.5.3.p.6">Implement ors need to be aware of IETF character set requirements <a href="#RFC3629" id="rfc.xref.RFC3629.1"><cite title="UTF-8, a transformation format of ISO 10646">[RFC3629]</cite></a> <a href="#RFC2277" id="rfc.xref.RFC2277.1"><cite title="IETF Policy on Character Sets and Languages">[RFC2277]</cite></a>.2207 <p id="rfc.section.5.3.p.6">Implementers need to be aware of IETF character set requirements <a href="#RFC3629" id="rfc.xref.RFC3629.1"><cite title="UTF-8, a transformation format of ISO 10646">[RFC3629]</cite></a> <a href="#RFC2277" id="rfc.xref.RFC2277.1"><cite title="IETF Policy on Character Sets and Languages">[RFC2277]</cite></a>. 2208 2208 </p> 2209 2209 <h2 id="rfc.section.5.4"><a href="#rfc.section.5.4">5.4</a> <a id="content.codings" href="#content.codings">Content Codings</a></h2> … … 2763 2763 </p> 2764 2764 <div class="note" id="rfc.section.9.4.p.10"> 2765 <p> <b>Note:</b> When making the choice of linguistic preference available to the user, we remind implement ors of the fact that users are not2765 <p> <b>Note:</b> When making the choice of linguistic preference available to the user, we remind implementers of the fact that users are not 2766 2766 familiar with the details of language matching as described above, and ought to be provided appropriate guidance. As an example, 2767 2767 users might assume that on selecting "en-gb", they will be served any kind of English document if British English is not available. … … 3058 3058 <div class="note" id="rfc.section.9.17.p.7"> 3059 3059 <p> <b>Note:</b> Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks 3060 against software that is known to contain security holes. Server implement ors are encouraged to make this field a configurable3060 against software that is known to contain security holes. Server implementers are encouraged to make this field a configurable 3061 3061 option. 3062 3062 </p> … … 3605 3605 </p> 3606 3606 <p id="rfc.section.11.1.p.2">Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks 3607 against software that is known to contain security holes. Implement ors <em class="bcp14">SHOULD</em> make the <a href="#header.server" class="smpl">Server</a> header field a configurable option.3607 against software that is known to contain security holes. Implementers <em class="bcp14">SHOULD</em> make the <a href="#header.server" class="smpl">Server</a> header field a configurable option. 3608 3608 </p> 3609 3609 <p id="rfc.section.11.1.p.3">Proxies which serve as a portal through a network firewall <em class="bcp14">SHOULD</em> take special precautions regarding the transfer of header information that identifies the hosts behind the firewall. In particular, … … 3934 3934 <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a> <a id="additional.features" href="#additional.features">Additional Features</a></h1> 3935 3935 <p id="rfc.section.B.p.1"> <a href="#RFC1945" id="rfc.xref.RFC1945.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a> and <a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> document protocol elements used by some existing HTTP implementations, but not consistently and correctly across most HTTP/1.1 3936 applications. Implement ors are advised to be aware of these features, but cannot rely upon their presence in, or interoperability3936 applications. Implementers are advised to be aware of these features, but cannot rely upon their presence in, or interoperability 3937 3937 with, other HTTP/1.1 applications. Some of these describe proposed experimental features, and some describe features that 3938 3938 experimental deployment found lacking that are now addressed in the base HTTP/1.1 specification. -
draft-ietf-httpbis/latest/p2-semantics.xml
r1774 r1776 417 417 <iref item="Safe Methods" primary="true"/> 418 418 <t> 419 Implement ors need to be aware that the software represents the user in419 Implementers need to be aware that the software represents the user in 420 420 their interactions over the Internet, and need to allow 421 421 the user to be aware of any actions they take which might have an … … 2174 2174 <x:note> 2175 2175 <t> 2176 <x:h>Note</x:h> to implement ors: some deployed proxies are known to2176 <x:h>Note</x:h> to implementers: some deployed proxies are known to 2177 2177 return <x:ref>400 (Bad Request)</x:ref> or <x:ref>500 (Internal Server 2178 2178 Error)</x:ref> when DNS lookups time out. … … 2405 2405 </t> 2406 2406 <t> 2407 Implement ors need to be aware of IETF character set requirements <xref target="RFC3629"/>2407 Implementers need to be aware of IETF character set requirements <xref target="RFC3629"/> 2408 2408 <xref target="RFC2277"/>. 2409 2409 </t> … … 3328 3328 <t> 3329 3329 &Note; When making the choice of linguistic preference available to 3330 the user, we remind implement ors of the fact that users are not3330 the user, we remind implementers of the fact that users are not 3331 3331 familiar with the details of language matching as described above, 3332 3332 and ought to be provided appropriate guidance. As an example, users … … 3961 3961 allow the server machine to become more vulnerable to attacks 3962 3962 against software that is known to contain security holes. Server 3963 implement ors are encouraged to make this field a configurable3963 implementers are encouraged to make this field a configurable 3964 3964 option. 3965 3965 </t> … … 4485 4485 Revealing the specific software version of the server might allow the 4486 4486 server machine to become more vulnerable to attacks against software 4487 that is known to contain security holes. Implement ors &SHOULD; make the4487 that is known to contain security holes. Implementers &SHOULD; make the 4488 4488 <x:ref>Server</x:ref> header field a configurable option. 4489 4489 </t> … … 5475 5475 <xref target="RFC1945"/> and <xref target="RFC2068"/> document protocol elements used by some 5476 5476 existing HTTP implementations, but not consistently and correctly 5477 across most HTTP/1.1 applications. Implement ors are advised to be5477 across most HTTP/1.1 applications. Implementers are advised to be 5478 5478 aware of these features, but cannot rely upon their presence in, or 5479 5479 interoperability with, other HTTP/1.1 applications. Some of these -
draft-ietf-httpbis/latest/p5-range.html
r1773 r1776 653 653 </ul> 654 654 <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a> <a id="introduction" href="#introduction">Introduction</a></h1> 655 <p id="rfc.section.1.p.1">HTTP clients often encounter interrupted data transfers as a result of cancel led requests or dropped connections. When a client655 <p id="rfc.section.1.p.1">HTTP clients often encounter interrupted data transfers as a result of canceled requests or dropped connections. When a client 656 656 has stored a partial representation, it is desirable to request the remainder of that representation in a subsequent request 657 657 rather than transfer the entire representation. There are also a number of Web applications that benefit from being able to -
draft-ietf-httpbis/latest/p5-range.xml
r1773 r1776 133 133 <t> 134 134 HTTP clients often encounter interrupted data transfers as a result 135 of cancel led requests or dropped connections. When a client has stored135 of canceled requests or dropped connections. When a client has stored 136 136 a partial representation, it is desirable to request the remainder 137 137 of that representation in a subsequent request rather than transfer -
draft-ietf-httpbis/latest/p6-cache.html
r1775 r1776 2048 2048 <li> <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/355">http://tools.ietf.org/wg/httpbis/trac/ticket/355</a>>: "Case sensitivity of header fields in CC values" 2049 2049 </li> 2050 <li> <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/356">http://tools.ietf.org/wg/httpbis/trac/ticket/356</a>>: "Spurious 'MAY 's"2050 <li> <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/356">http://tools.ietf.org/wg/httpbis/trac/ticket/356</a>>: "Spurious 'MAYs'" 2051 2051 </li> 2052 2052 <li> <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/360">http://tools.ietf.org/wg/httpbis/trac/ticket/360</a>>: "enhance considerations for new cache control directives" -
draft-ietf-httpbis/latest/p6-cache.xml
r1775 r1776 2674 2674 <t> 2675 2675 <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/356"/>: 2676 "Spurious 'MAY 's"2676 "Spurious 'MAYs'" 2677 2677 </t> 2678 2678 <t>
Note: See TracChangeset
for help on using the changeset viewer.