05/09/12 03:52:13 (10 years ago)

Update Security Considerations, as per secdir review.

1 edited


  • draft-ietf-httpbis/latest/p6-cache.html

    r1864 r1865  
    452452  }
    453453  @bottom-center {
    454        content: "Expires March 8, 2013";
     454       content: "Expires March 9, 2013";
    455455  }
    456456  @bottom-right {
    492492      <link href="p5-range.html" rel="prev">
    493493      <link href="p7-auth.html" rel="next">
    494       <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.588, 2012-08-25 12:28:24, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
     494      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.588, 2012-08-25 12:28:24, XSLT vendor: SAXON from Saxonica http://www.saxonica.com/">
    495495      <link rel="schema.dct" href="http://purl.org/dc/terms/">
    496496      <meta name="dct.creator" content="Fielding, R.">
    499499      <meta name="dct.creator" content="Reschke, J. F.">
    500500      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p6-cache-latest">
    501       <meta name="dct.issued" scheme="ISO8601" content="2012-09-04">
     501      <meta name="dct.issued" scheme="ISO8601" content="2012-09-05">
    502502      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    503503      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines requirements on HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages.">
    525525            </tr>
    526526            <tr>
    527                <td class="left">Expires: March 8, 2013</td>
     527               <td class="left">Expires: March 9, 2013</td>
    528528               <td class="right">M. Nottingham, Editor</td>
    529529            </tr>
    542542            <tr>
    543543               <td class="left"></td>
    544                <td class="right">September 4, 2012</td>
     544               <td class="right">September 5, 2012</td>
    545545            </tr>
    546546         </tbody>
    568568         in progress”.
    569569      </p>
    570       <p>This Internet-Draft will expire on March 8, 2013.</p>
     570      <p>This Internet-Draft will expire on March 9, 2013.</p>
    571571      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    572572      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
    18401840         as sensitive information.
    18411841      </p>
     1842      <p id="rfc.section.10.p.2">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients
     1843         that trust that content. Because of their nature, these attacks are difficult to mitigate.
     1844      </p>
     1845      <p id="rfc.section.10.p.3">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information
     1846         (e.g., authentication credentials) that is thought to be private, exposing it to unauthorised parties.
     1847      </p>
     1848      <p id="rfc.section.10.p.4">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests
     1849         to caches. Servers who wish to control caching of these responses are encouraged to emit appropriate Cache-Control response
     1850         headers.
     1851      </p>
    18421852      <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a>&nbsp;<a id="acks" href="#acks">Acknowledgments</a></h1>
    18431853      <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
    18861896      <h2 id="rfc.references.2"><a href="#rfc.section.12.2" id="rfc.section.12.2">12.2</a> Informative References
    18871897      </h2>
    1888       <table>         
     1898      <table>           
    18891899         <tr>
    18901900            <td class="reference"><b id="RFC1305">[RFC1305]</b></td>
    19101920            <td class="reference"><b id="RFC5861">[RFC5861]</b></td>
    19111921            <td class="top"><a href="mailto:mnot@yahoo-inc.com" title="Yahoo! Inc.">Nottingham, M.</a>, “<a href="http://tools.ietf.org/html/rfc5861">HTTP Cache-Control Extensions for Stale Content</a>”, RFC&nbsp;5861, April&nbsp;2010.
     1922            </td>
     1923         </tr>
     1924         <tr>
     1925            <td class="reference"><b id="RFC6265">[RFC6265]</b></td>
     1926            <td class="top">Barth, A., “<a href="http://tools.ietf.org/html/rfc6265">HTTP State Management Mechanism</a>”, RFC&nbsp;6265, April&nbsp;2011.
    19121927            </td>
    19131928         </tr>
    22482263                     </ul>
    22492264                  </li>
     2265                  <li><em>RFC6265</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC6265.1">10</a>, <a href="#RFC6265"><b>12.2</b></a></li>
    22502266               </ul>
    22512267            </li>
Note: See TracChangeset for help on using the changeset viewer.