Changeset 1829 for draft-ietf-httpbis/latest/p1-messaging.xml
- Timestamp:
- 19/08/12 04:39:58 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.xml
r1826 r1829 399 399 servers are large public websites. That is not the case in practice. 400 400 Common HTTP user agents include household appliances, stereos, scales, 401 software/firmware updaters, command-line programs, mobile apps,401 firmware update scripts, command-line programs, mobile apps, 402 402 and communication devices in a multitude of shapes and sizes. Likewise, 403 403 common HTTP origin servers include home automation units, configurable … … 419 419 warning for security or privacy options. In the few cases where this 420 420 specification requires reporting of errors to the user, it is acceptable 421 for such reporting to only be visible in an error console or log file.421 for such reporting to only be observable in an error console or log file. 422 422 Likewise, requirements that an automated action be confirmed by the user 423 423 before proceeding can me met via advance configuration choices, … … 551 551 both ends of the relayed connection are closed. Tunnels are used to 552 552 extend a virtual connection through an intermediary, such as when 553 transport-layer security is used to establish privatecommunication553 transport-layer security is used to establish confidential communication 554 554 through a shared firewall proxy. 555 555 </t> … … 938 938 requirements for the "https" scheme, except that a default TCP port 939 939 of 443 is assumed if the port subcomponent is empty or not given, 940 and the TCP connection &MUST; be secured for privacythrough the940 and the TCP connection &MUST; be secured through the 941 941 use of strong encryption prior to sending the first HTTP request. 942 942 </t> … … 2842 2842 </t> 2843 2843 <t> 2844 For organizations that have strong privacy requirements for hiding 2845 internal structures, a proxy or gateway &MAY; combine an ordered 2846 subsequence of Via header field entries with identical received-protocol 2847 values into a single such entry. For example, 2844 A proxy or gateway &MAY; combine an ordered subsequence of Via header 2845 field entries into a single such entry if the entries have identical 2846 received-protocol values. For example, 2848 2847 </t> 2849 2848 <figure><artwork type="example"> … … 3704 3703 <section title="Personal Information" anchor="personal.information"> 3705 3704 <t> 3706 HTTP clients are often privy to large amounts of personal information 3705 HTTP clients are often privy to large amounts of personal information, 3706 including both information provided by the user to interact with resources 3707 3707 (e.g., the user's name, location, mail address, passwords, encryption 3708 keys, etc.), and &SHOULD; be very careful to prevent unintentional 3709 leakage of this information. 3710 We very strongly recommend that a convenient interface be provided 3711 for the user to control dissemination of such information, and that 3712 designers and implementers be particularly careful in this area. 3713 History shows that errors in this area often create serious security 3714 and/or privacy problems and generate highly adverse publicity for the 3715 implementer's company. 3708 keys, etc.) and information about the user's browsing activity over 3709 time (e.g., history, bookmarks, etc.). HTTP implementations need to 3710 prevent unintentional leakage of this information. 3716 3711 </t> 3717 3712 </section> … … 3801 3796 Users need to be aware that intermediaries are no more trustworthy than 3802 3797 the people who run them; HTTP itself cannot solve this problem. 3803 </t>3804 <t>3805 The judicious use of cryptography, when appropriate, might suffice to3806 protect against a broad range of security and privacy attacks. Such3807 cryptography is beyond the scope of the HTTP/1.1 specification.3808 3798 </t> 3809 3799 </section>
Note: See TracChangeset
for help on using the changeset viewer.