Changeset 1829


Ignore:
Timestamp:
Aug 18, 2012, 9:39:58 PM (7 years ago)
Author:
fielding@…
Message:

(editorial) a few tweaks to remove ambiguous or meaningless text

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.html

    r1828 r1829  
    867867      <p id="rfc.section.2.2.p.1">When considering the design of HTTP, it is easy to fall into a trap of thinking that all user agents are general-purpose browsers
    868868         and all origin servers are large public websites. That is not the case in practice. Common HTTP user agents include household
    869          appliances, stereos, scales, software/firmware updaters, command-line programs, mobile apps, and communication devices in
    870          a multitude of shapes and sizes. Likewise, common HTTP origin servers include home automation units, configurable networking
    871          components, office machines, autonomous robots, news feeds, traffic cameras, ad selectors, and video delivery platforms.
     869         appliances, stereos, scales, firmware update scripts, command-line programs, mobile apps, and communication devices in a multitude
     870         of shapes and sizes. Likewise, common HTTP origin servers include home automation units, configurable networking components,
     871         office machines, autonomous robots, news feeds, traffic cameras, ad selectors, and video delivery platforms.
    872872      </p>
    873873      <p id="rfc.section.2.2.p.2">The term "user agent" does not imply that there is a human user directly interacting with the software agent at the time of
     
    878878      <p id="rfc.section.2.2.p.3">The implementation diversity of HTTP means that we cannot assume the user agent can make interactive suggestions to a user
    879879         or provide adequate warning for security or privacy options. In the few cases where this specification requires reporting
    880          of errors to the user, it is acceptable for such reporting to only be visible in an error console or log file. Likewise, requirements
    881          that an automated action be confirmed by the user before proceeding can me met via advance configuration choices, run-time
    882          options, or simply not proceeding with the unsafe action.
     880         of errors to the user, it is acceptable for such reporting to only be observable in an error console or log file. Likewise,
     881         requirements that an automated action be confirmed by the user before proceeding can me met via advance configuration choices,
     882         run-time options, or simply not proceeding with the unsafe action.
    883883      </p>
    884884      <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="transport-independence" href="#transport-independence">Connections and Transport Independence</a></h2>
     
    938938         to the HTTP communication, though the tunnel might have been initiated by an HTTP request. A tunnel ceases to exist when both
    939939         ends of the relayed connection are closed. Tunnels are used to extend a virtual connection through an intermediary, such as
    940          when transport-layer security is used to establish private communication through a shared firewall proxy.
     940         when transport-layer security is used to establish confidential communication through a shared firewall proxy.
    941941      </p>
    942942      <p id="rfc.section.2.4.p.10"><span id="rfc.iref.i.3"></span>  <span id="rfc.iref.t.3"></span>  <span id="rfc.iref.c.3"></span> The above categories for intermediary only consider those acting as participants in the HTTP communication. There are also
     
    11151115      </p>
    11161116      <p id="rfc.section.2.8.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default
    1117          TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured for privacy through the use of strong encryption prior to sending the first HTTP request.
     1117         TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured through the use of strong encryption prior to sending the first HTTP request.
    11181118      </p>
    11191119      <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.25"></span>  <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
     
    20592059         the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host.
    20602060      </p>
    2061       <p id="rfc.section.6.2.p.10">For organizations that have strong privacy requirements for hiding internal structures, a proxy or gateway <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries with identical received-protocol values into a single such entry.
    2062          For example,
     2061      <p id="rfc.section.6.2.p.10">A proxy or gateway <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries into a single such entry if the entries have identical received-protocol
     2062         values. For example,
    20632063      </p>
    20642064      <div id="rfc.figure.u.56"></div><pre class="text">  Via: 1.0 ricky, 1.1 ethel, 1.1 fred, 1.0 lucy
     
    26122612      </p>
    26132613      <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a>&nbsp;<a id="personal.information" href="#personal.information">Personal Information</a></h2>
    2614       <p id="rfc.section.8.1.p.1">HTTP clients are often privy to large amounts of personal information (e.g., the user's name, location, mail address, passwords,
    2615          encryption keys, etc.), and <em class="bcp14">SHOULD</em> be very careful to prevent unintentional leakage of this information. We very strongly recommend that a convenient interface
    2616          be provided for the user to control dissemination of such information, and that designers and implementers be particularly
    2617          careful in this area. History shows that errors in this area often create serious security and/or privacy problems and generate
    2618          highly adverse publicity for the implementer's company.
     2614      <p id="rfc.section.8.1.p.1">HTTP clients are often privy to large amounts of personal information, including both information provided by the user to
     2615         interact with resources (e.g., the user's name, location, mail address, passwords, encryption keys, etc.) and information
     2616         about the user's browsing activity over time (e.g., history, bookmarks, etc.). HTTP implementations need to prevent unintentional
     2617         leakage of this information.
    26192618      </p>
    26202619      <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a id="abuse.of.server.log.information" href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2>
     
    26602659      <p id="rfc.section.8.5.p.4">Users need to be aware that intermediaries are no more trustworthy than the people who run them; HTTP itself cannot solve
    26612660         this problem.
    2662       </p>
    2663       <p id="rfc.section.8.5.p.5">The judicious use of cryptography, when appropriate, might suffice to protect against a broad range of security and privacy
    2664          attacks. Such cryptography is beyond the scope of the HTTP/1.1 specification.
    26652661      </p>
    26662662      <h2 id="rfc.section.8.6"><a href="#rfc.section.8.6">8.6</a>&nbsp;<a id="attack.protocol.element.size.overflows" href="#attack.protocol.element.size.overflows">Protocol Element Size Overflows</a></h2>
  • draft-ietf-httpbis/latest/p1-messaging.xml

    r1826 r1829  
    399399   servers are large public websites. That is not the case in practice.
    400400   Common HTTP user agents include household appliances, stereos, scales,
    401    software/firmware updaters, command-line programs, mobile apps,
     401   firmware update scripts, command-line programs, mobile apps,
    402402   and communication devices in a multitude of shapes and sizes.  Likewise,
    403403   common HTTP origin servers include home automation units, configurable
     
    419419   warning for security or privacy options.  In the few cases where this
    420420   specification requires reporting of errors to the user, it is acceptable
    421    for such reporting to only be visible in an error console or log file.
     421   for such reporting to only be observable in an error console or log file.
    422422   Likewise, requirements that an automated action be confirmed by the user
    423423   before proceeding can me met via advance configuration choices,
     
    551551   both ends of the relayed connection are closed. Tunnels are used to
    552552   extend a virtual connection through an intermediary, such as when
    553    transport-layer security is used to establish private communication
     553   transport-layer security is used to establish confidential communication
    554554   through a shared firewall proxy.
    555555</t>
     
    938938   requirements for the "https" scheme, except that a default TCP port
    939939   of 443 is assumed if the port subcomponent is empty or not given,
    940    and the TCP connection &MUST; be secured for privacy through the
     940   and the TCP connection &MUST; be secured through the
    941941   use of strong encryption prior to sending the first HTTP request.
    942942</t>
     
    28422842</t>
    28432843<t>
    2844    For organizations that have strong privacy requirements for hiding
    2845    internal structures, a proxy or gateway &MAY; combine an ordered
    2846    subsequence of Via header field entries with identical received-protocol
    2847    values into a single such entry. For example,
     2844   A proxy or gateway &MAY; combine an ordered subsequence of Via header
     2845   field entries into a single such entry if the entries have identical
     2846   received-protocol values. For example,
    28482847</t>
    28492848<figure><artwork type="example">
     
    37043703<section title="Personal Information" anchor="personal.information">
    37053704<t>
    3706    HTTP clients are often privy to large amounts of personal information
     3705   HTTP clients are often privy to large amounts of personal information,
     3706   including both information provided by the user to interact with resources
    37073707   (e.g., the user's name, location, mail address, passwords, encryption
    3708    keys, etc.), and &SHOULD; be very careful to prevent unintentional
    3709    leakage of this information.
    3710    We very strongly recommend that a convenient interface be provided
    3711    for the user to control dissemination of such information, and that
    3712    designers and implementers be particularly careful in this area.
    3713    History shows that errors in this area often create serious security
    3714    and/or privacy problems and generate highly adverse publicity for the
    3715    implementer's company.
     3708   keys, etc.) and information about the user's browsing activity over
     3709   time (e.g., history, bookmarks, etc.). HTTP implementations need to
     3710   prevent unintentional leakage of this information.
    37163711</t>
    37173712</section>
     
    38013796   Users need to be aware that intermediaries are no more trustworthy than
    38023797   the people who run them; HTTP itself cannot solve this problem.
    3803 </t>
    3804 <t>
    3805    The judicious use of cryptography, when appropriate, might suffice to
    3806    protect against a broad range of security and privacy attacks. Such
    3807    cryptography is beyond the scope of the HTTP/1.1 specification.
    38083798</t>
    38093799</section>
Note: See TracChangeset for help on using the changeset viewer.