Sep 9, 2012, 7:46:17 PM (7 years ago)

Be more consistent regarding targeting conformance requirements.
Only define conformance criteria once, but repeat required nits.

Remove antiquated requirement about media type parameters not being
recognized by 1993-era browsers.

Add reference to TLS in p1.

1 edited


  • draft-ietf-httpbis/latest/p1-messaging.xml

    r1874 r1875  
    478478   are minimal, such as for proxy requests for "http" URIs, whereas
    479479   other requests might require translation to and from entirely different
    480    application-layer protocols. Proxies are often used to group an
     480   application-level protocols. Proxies are often used to group an
    481481   organization's HTTP requests through a common intermediary for the
    482482   sake of security, annotation services, or shared caching.
    533533   both ends of the relayed connection are closed. Tunnels are used to
    534534   extend a virtual connection through an intermediary, such as when
    535    transport-layer security is used to establish confidential communication
    536    through a shared firewall proxy.
     535   Transport Layer Security (TLS, <xref target="RFC5246"/>) is used to
     536   establish confidential communication through a shared firewall proxy.
    538538<t><iref primary="true" item="interception proxy"/>
    617617   on senders, recipients, clients, servers, user agents, intermediaries,
    618618   origin servers, proxies, gateways, or caches, depending on what behavior
    619    is being constrained by the requirement.
     619   is being constrained by the requirement. Additional (social) requirements
     620   are placed on implementations, resource owners, and protocol element
     621   registrations when they apply beyond the scope of a single communication.
    1051    Implementations &MUST-NOT; send whitespace between the start-line and
     1053   A sender &MUST-NOT; send whitespace between the start-line and
    10521054   the first header field. The presence of such whitespace in a request
    10531055   might be an attempt to trick a server into ignoring that field or
    17091711   Since there is no way to distinguish a successfully completed,
    17101712   close-delimited message from a partially-received message interrupted
    1711    by network failure, implementations &SHOULD; use encoding or
     1713   by network failure, a server &SHOULD; use encoding or
    17121714   length-delimited messages whenever possible.  The close-delimiting
    17131715   feature exists primarily for backwards compatibility with HTTP/1.0.
    30973099   Upgrade cannot be used to insist on a protocol change; its acceptance and
    30983100   use by the server is optional. The capabilities and nature of the
    3099    application-layer communication after the protocol change is entirely
     3101   application-level communication after the protocol change is entirely
    31003102   dependent upon the new protocol chosen, although the first action
    31013103   after changing the protocol &MUST; be a response to the initial HTTP
    3124    The Upgrade header field only applies to switching application-layer
    3125    protocols on the existing transport-layer connection; it cannot be used
     3126   The Upgrade header field only applies to switching application-level
     3127   protocols on the existing connection; it cannot be used
    31263128   to switch to a protocol on a different connection. For that purpose, it is
    31273129   more appropriate to use a <x:ref>3xx (Redirection)</x:ref> response
    35823584<section title="Attacks Based On File and Path Names" anchor="attack.pathname">
    3584    Implementations of HTTP origin servers &SHOULD; be careful to restrict
     3586   Origin servers &SHOULD; be careful to restrict
    35853587   the documents returned by HTTP requests to be only those that were
    35863588   intended by the server administrators. If an HTTP server translates
    35963598   files, configuration files, and script code) &MUST; be protected from
    35973599   inappropriate retrieval, since they might contain sensitive
    3598    information. Experience has shown that minor bugs in such HTTP server
    3599    implementations have turned into security risks.
     3600   information.
    3663    Other fields (including but not limited to request methods, response status
    3664    phrases, header field-names, and body chunks) &SHOULD; be limited by
    3665    implementations carefully, so as to not impede interoperability.
     3664   Recipients &SHOULD; carefully limit the extent to which they read other
     3665   fields, including (but not limited to) request methods, response status
     3666   phrases, header field-names, and body chunks, so as to avoid denial of
     3667   service attacks without impeding interoperability.
     4561<reference anchor='RFC5246'>
     4562   <front>
     4563      <title>The Transport Layer Security (TLS) Protocol Version 1.2</title>
     4564      <author initials='T.' surname='Dierks' fullname='T. Dierks'>
     4565         <organization />
     4566      </author>
     4567      <author initials='E.' surname='Rescorla' fullname='E. Rescorla'>
     4568         <organization>RTFM, Inc.</organization>
     4569      </author>
     4570      <date year='2008' month='August' />
     4571   </front>
     4572   <seriesInfo name='RFC' value='5246' />
    45594575<reference anchor="RFC5322">
    45604576  <front>
Note: See TracChangeset for help on using the changeset viewer.