Changeset 1903


Ignore:
Timestamp:
Sep 18, 2012, 12:53:38 AM (7 years ago)
Author:
fielding@…
Message:

https requires and end-to-end secured connection. Addresses #383

Refer just to TLS, not SSL/TLS.

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.html

    r1901 r1903  
    449449  }
    450450  @bottom-center {
    451        content: "Expires March 21, 2013";
     451       content: "Expires March 22, 2013";
    452452  }
    453453  @bottom-right {
     
    492492      <meta name="dct.creator" content="Reschke, J. F.">
    493493      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest">
    494       <meta name="dct.issued" scheme="ISO8601" content="2012-09-17">
     494      <meta name="dct.issued" scheme="ISO8601" content="2012-09-18">
    495495      <meta name="dct.replaces" content="urn:ietf:rfc:2145">
    496496      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
     
    524524            </tr>
    525525            <tr>
    526                <td class="left">Expires: March 21, 2013</td>
     526               <td class="left">Expires: March 22, 2013</td>
    527527               <td class="right">greenbytes</td>
    528528            </tr>
    529529            <tr>
    530530               <td class="left"></td>
    531                <td class="right">September 17, 2012</td>
     531               <td class="right">September 18, 2012</td>
    532532            </tr>
    533533         </tbody>
     
    556556         in progress”.
    557557      </p>
    558       <p>This Internet-Draft will expire on March 21, 2013.</p>
     558      <p>This Internet-Draft will expire on March 22, 2013.</p>
    559559      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    560560      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    10811081      <p id="rfc.section.2.7.1.p.7">Although HTTP is independent of the transport protocol, the "http" scheme is specific to TCP-based services because the name
    10821082         delegation process depends on TCP for establishing authority. An HTTP service based on some other underlying connection protocol
    1083          would presumably be identified using a different URI scheme, just as the "https" scheme (below) is used for servers that require
    1084          an SSL/TLS transport layer on a connection. Other protocols might also be used to provide access to "http" identified resources
     1083         would presumably be identified using a different URI scheme, just as the "https" scheme (below) is used for resources that
     1084         require an end-to-end secured connection. Other protocols might also be used to provide access to "http" identified resources
    10851085         — it is only the authoritative interface used for mapping the namespace that is specific to TCP.
    10861086      </p>
     
    10951095      <div id="rfc.iref.u.4"></div>
    10961096      <p id="rfc.section.2.7.2.p.1">The "https" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
    1097          namespace governed by a potential HTTP origin server listening for SSL/TLS-secured connections on a given TCP port.
     1097         namespace governed by a potential HTTP origin server listening to a given TCP port for TLS-secured connections <a href="#RFC5246" id="rfc.xref.RFC5246.2"><cite title="The Transport Layer Security (TLS) Protocol Version 1.2">[RFC5246]</cite></a>.
    10981098      </p>
    10991099      <p id="rfc.section.2.7.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default
    1100          TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured through the use of strong encryption prior to sending the first HTTP request.
     1100         TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured, end-to-end, through the use of strong encryption prior to sending the first HTTP request.
    11011101      </p>
    11021102      <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.25"></span>  <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
     
    17901790         effective request URI is constructed as follows.
    17911791      </p>
    1792       <p id="rfc.section.5.5.p.4">If the request is received over an SSL/TLS-secured TCP connection, then the effective request URI's scheme is "https"; otherwise,
     1792      <p id="rfc.section.5.5.p.4">If the request is received over a TLS-secured TCP connection, then the effective request URI's scheme is "https"; otherwise,
    17931793         the scheme is "http".
    17941794      </p>
     
    18101810      <p>has an effective request URI of</p>  <pre class="text">http://www.example.org:8080/pub/WWW/TheProject.html
    18111811</pre> <div id="rfc.figure.u.49"></div>
    1812       <p>Example 2: the following message received over an SSL/TLS-secured TCP connection</p>  <pre class="text">OPTIONS * HTTP/1.1
     1812      <p>Example 2: the following message received over a TLS-secured TCP connection</p>  <pre class="text">OPTIONS * HTTP/1.1
    18131813Host: www.example.org
    18141814</pre> <div id="rfc.figure.u.50"></div>
     
    37373737                     </ul>
    37383738                  </li>
    3739                   <li><em>RFC5246</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5246.1">2.3</a>, <a href="#RFC5246"><b>10.2</b></a></li>
     3739                  <li><em>RFC5246</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5246.1">2.3</a>, <a href="#rfc.xref.RFC5246.2">2.7.2</a>, <a href="#RFC5246"><b>10.2</b></a></li>
    37403740                  <li><em>RFC5322</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5322.1">2.1</a>, <a href="#rfc.xref.RFC5322.2">3</a>, <a href="#rfc.xref.RFC5322.3">5.7</a>, <a href="#RFC5322"><b>10.2</b></a><ul>
    37413741                        <li><em>Section 3.6.7</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5322.3">5.7</a></li>
  • draft-ietf-httpbis/latest/p1-messaging.xml

    r1901 r1903  
    886886   An HTTP service based on some other underlying connection protocol
    887887   would presumably be identified using a different URI scheme, just as
    888    the "https" scheme (below) is used for servers that require an SSL/TLS
    889    transport layer on a connection. Other protocols might also be used to
     888   the "https" scheme (below) is used for resources that require an
     889   end-to-end secured connection. Other protocols might also be used to
    890890   provide access to "http" identified resources &mdash; it is only the
    891891   authoritative interface used for mapping the namespace that is
     
    916916   The "https" URI scheme is hereby defined for the purpose of minting
    917917   identifiers according to their association with the hierarchical
    918    namespace governed by a potential HTTP origin server listening for
    919    SSL/TLS-secured connections on a given TCP port.
     918   namespace governed by a potential HTTP origin server listening to a
     919   given TCP port for TLS-secured connections <xref target="RFC5246"/>.
    920920</t>
    921921<t>
     
    923923   requirements for the "https" scheme, except that a default TCP port
    924924   of 443 is assumed if the port subcomponent is empty or not given,
    925    and the TCP connection &MUST; be secured through the
     925   and the TCP connection &MUST; be secured, end-to-end, through the
    926926   use of strong encryption prior to sending the first HTTP request.
    927927</t>
     
    23622362</t>
    23632363<t>
    2364    If the request is received over an SSL/TLS-secured TCP connection,
     2364   If the request is received over a TLS-secured TCP connection,
    23652365   then the effective request URI's scheme is "https"; otherwise, the
    23662366   scheme is "http".
     
    24052405<figure>
    24062406<preamble>
    2407    Example 2: the following message received over an SSL/TLS-secured TCP
    2408    connection
     2407   Example 2: the following message received over a TLS-secured TCP connection
    24092408</preamble>
    24102409<artwork type="example" x:indent-with="  ">
Note: See TracChangeset for help on using the changeset viewer.