Changeset 2069 for draft-ietf-httpbis
- Timestamp:
- 30/12/12 09:01:09 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.html
r2066 r2069 449 449 } 450 450 @bottom-center { 451 content: "Expires July 2, 2013";451 content: "Expires July 3, 2013"; 452 452 } 453 453 @bottom-right { … … 491 491 <meta name="dct.creator" content="Reschke, J. F."> 492 492 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest"> 493 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">493 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 494 494 <meta name="dct.replaces" content="urn:ietf:rfc:2145"> 495 495 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> … … 520 520 <tr> 521 521 <td class="left">Intended status: Standards Track</td> 522 <td class="right">December 29, 2012</td>522 <td class="right">December 30, 2012</td> 523 523 </tr> 524 524 <tr> 525 <td class="left">Expires: July 2, 2013</td>525 <td class="left">Expires: July 3, 2013</td> 526 526 <td class="right"></td> 527 527 </tr> … … 551 551 in progress”. 552 552 </p> 553 <p>This Internet-Draft will expire on July 2, 2013.</p>553 <p>This Internet-Draft will expire on July 3, 2013.</p> 554 554 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 555 555 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 2453 2453 <p id="rfc.section.7.7.p.2">The responsible party is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 2454 2454 <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 2455 <p id="rfc.section.8.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 2456 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 2457 make some suggestions for reducing security risks. 2455 <p id="rfc.section.8.p.1">This section is meant to inform developers, information providers, and users of known security concerns relevant to HTTP/1.1 2456 message syntax, parsing, and routing. 2458 2457 </p> 2459 2458 <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a> <a id="personal.information" href="#personal.information">Personal Information</a></h2> -
draft-ietf-httpbis/latest/p1-messaging.xml
r2066 r2069 3490 3490 <section title="Security Considerations" anchor="security.considerations"> 3491 3491 <t> 3492 This section is meant to inform application developers, information 3493 providers, and users of the security limitations in HTTP/1.1 as 3494 described by this document. The discussion does not include 3495 definitive solutions to the problems revealed, though it does make 3496 some suggestions for reducing security risks. 3492 This section is meant to inform developers, information providers, and 3493 users of known security concerns relevant to HTTP/1.1 message syntax, 3494 parsing, and routing. 3497 3495 </t> 3498 3496 -
draft-ietf-httpbis/latest/p2-semantics.html
r2068 r2069 3745 3745 </div> 3746 3746 <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 3747 <p id="rfc.section.9.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 3748 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 3749 make some suggestions for reducing security risks. 3747 <p id="rfc.section.9.p.1">This section is meant to inform developers, information providers, and users of known security concerns relevant to HTTP/1.1 3748 semantics and its use for transferring information over the Internet. 3750 3749 </p> 3751 3750 <h2 id="rfc.section.9.1"><a href="#rfc.section.9.1">9.1</a> <a id="security.sensitive" href="#security.sensitive">Transfer of Sensitive Information</a></h2> -
draft-ietf-httpbis/latest/p2-semantics.xml
r2068 r2069 4646 4646 <section title="Security Considerations" anchor="security.considerations"> 4647 4647 <t> 4648 This section is meant to inform application developers, information 4649 providers, and users of the security limitations in HTTP/1.1 as 4650 described by this document. The discussion does not include 4651 definitive solutions to the problems revealed, though it does make 4652 some suggestions for reducing security risks. 4648 This section is meant to inform developers, information providers, and 4649 users of known security concerns relevant to HTTP/1.1 semantics and its 4650 use for transferring information over the Internet. 4653 4651 </t> 4654 4652 -
draft-ietf-httpbis/latest/p4-conditional.html
r2066 r2069 449 449 } 450 450 @bottom-center { 451 content: "Expires July 2, 2013";451 content: "Expires July 3, 2013"; 452 452 } 453 453 @bottom-right { … … 491 491 <meta name="dct.creator" content="Reschke, J. F."> 492 492 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p4-conditional-latest"> 493 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">493 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 494 494 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 495 495 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP/1.1 conditional requests, including metadata header fields for indicating state changes, request header fields for making preconditions on such state, and rules for constructing the responses to a conditional request when one or more preconditions evaluate to false."> … … 517 517 </tr> 518 518 <tr> 519 <td class="left">Expires: July 2, 2013</td>520 <td class="right">December 29, 2012</td>519 <td class="left">Expires: July 3, 2013</td> 520 <td class="right">December 30, 2012</td> 521 521 </tr> 522 522 </tbody> … … 545 545 in progress”. 546 546 </p> 547 <p>This Internet-Draft will expire on July 2, 2013.</p>547 <p>This Internet-Draft will expire on July 3, 2013.</p> 548 548 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 549 549 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 1219 1219 <p id="rfc.section.6.2.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 1220 1220 <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 1221 <p id="rfc.section.7.p.1">No additional security considerations have been identified beyond those applicable to HTTP in general <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>. 1221 <p id="rfc.section.7.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to the HTTP/1.1 1222 conditional request mechanisms. No additional security considerations have been identified beyond those applicable to HTTP 1223 messaging <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 1222 1224 </p> 1223 1225 <p id="rfc.section.7.p.2">The validators defined by this specification are not intended to ensure the validity of a representation, guard against malicious … … 1315 1317 <a href="#imported.abnf" class="smpl">obs-text</a> = <obs-text, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1316 1318 </pre><p id="rfc.section.B.p.4">The rules below are defined in other parts:</p> 1317 <div id="rfc.figure.u.17"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2. 4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>>1319 <div id="rfc.figure.u.17"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>> 1318 1320 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a> <a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 1319 1321 <div id="rfc.figure.u.18"></div> <pre class="inline"><a href="#header.etag" class="smpl">ETag</a> = entity-tag … … 1439 1441 </ul> 1440 1442 </li> 1441 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3.3</a>, <a href="#rfc.xref.Part2.3">2.3.3</a>, <a href="# Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.4">B</a><ul>1443 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3.3</a>, <a href="#rfc.xref.Part2.3">2.3.3</a>, <a href="#rfc.xref.Part2.4">7</a>, <a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.5">B</a><ul> 1442 1444 <li><em>Section 3.4</em> <a href="#rfc.xref.Part2.2">2.3.3</a></li> 1443 1445 <li><em>Section 5.3.4</em> <a href="#rfc.xref.Part2.3">2.3.3</a></li> 1444 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2. 4">B</a></li>1446 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.5">B</a></li> 1445 1447 </ul> 1446 1448 </li> -
draft-ietf-httpbis/latest/p4-conditional.xml
r2066 r2069 25 25 <!ENTITY header-date "<xref target='Part2' x:rel='#header.date' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 26 26 <!ENTITY messaging "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 27 <!ENTITY semantics "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 27 28 <!ENTITY caching "<xref target='Part6' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 28 29 <!ENTITY header-accept-encoding "<xref target='Part2' x:rel='#header.accept-encoding' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> … … 1145 1146 <section title="Security Considerations" anchor="security.considerations"> 1146 1147 <t> 1147 No additional security considerations have been identified beyond 1148 those applicable to HTTP in general &messaging;. 1148 This section is meant to inform developers, information providers, and 1149 users of known security concerns specific to the HTTP/1.1 conditional 1150 request mechanisms. No additional security considerations have been 1151 identified beyond those applicable to HTTP messaging &messaging; and 1152 semantics &semantics;. 1149 1153 </t> 1150 1154 <t> -
draft-ietf-httpbis/latest/p5-range.html
r2066 r2069 449 449 } 450 450 @bottom-center { 451 content: "Expires July 2, 2013";451 content: "Expires July 3, 2013"; 452 452 } 453 453 @bottom-right { … … 493 493 <meta name="dct.creator" content="Reschke, J. F."> 494 494 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p5-range-latest"> 495 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">495 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 496 496 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 497 497 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines range requests and the rules for constructing and combining responses to those requests."> … … 519 519 </tr> 520 520 <tr> 521 <td class="left">Expires: July 2, 2013</td>521 <td class="left">Expires: July 3, 2013</td> 522 522 <td class="right">J. Reschke, Editor</td> 523 523 </tr> … … 528 528 <tr> 529 529 <td class="left"></td> 530 <td class="right">December 29, 2012</td>530 <td class="right">December 30, 2012</td> 531 531 </tr> 532 532 </tbody> … … 553 553 in progress”. 554 554 </p> 555 <p>This Internet-Draft will expire on July 2, 2013.</p>555 <p>This Internet-Draft will expire on July 3, 2013.</p> 556 556 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 557 557 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 1041 1041 <p id="rfc.section.6.3.p.3">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 1042 1042 <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 1043 <p id="rfc.section.7.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 1044 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 1045 make some suggestions for reducing security risks. 1043 <p id="rfc.section.7.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to the HTTP/1.1 1044 range request mechanisms. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 1046 1045 </p> 1047 1046 <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a> <a id="overlapping.ranges" href="#overlapping.ranges">Overlapping Ranges</a></h2> 1048 <p id="rfc.section.7.1.p.1">Range requests containing overlapping ranges can lead to the situation where aserver is sending far more data than the size1047 <p id="rfc.section.7.1.p.1">Range requests containing overlapping ranges can lead to a situation where the server is sending far more data than the size 1049 1048 of the complete resource representation. 1050 1049 </p> 1051 1050 <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a> <a id="acks" href="#acks">Acknowledgments</a></h1> 1052 <p id="rfc.section.8.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1. 3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.1051 <p id="rfc.section.8.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>. 1053 1052 </p> 1054 1053 <h1 id="rfc.references"><a id="rfc.section.9" href="#rfc.section.9">9.</a> References … … 1244 1243 <p id="rfc.section.C.p.2">Note that all rules derived from <a href="#imported.abnf" class="smpl">token</a> are to be compared case-insensitively, like <a href="#range.units" class="smpl">range-unit</a> and <a href="#header.accept-ranges" class="smpl">acceptable-ranges</a>. 1245 1244 </p> 1246 <p id="rfc.section.C.p.3">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1. 4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:1247 </p> 1248 <div id="rfc.figure.u.24"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1. 5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>>1249 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1. 6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1245 <p id="rfc.section.C.p.3">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>: 1246 </p> 1247 <div id="rfc.figure.u.24"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>> 1248 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1250 1249 </pre><p id="rfc.section.C.p.5">The rules below are defined in other parts:</p> 1251 <div id="rfc.figure.u.25"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2. 1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>>1250 <div id="rfc.figure.u.25"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>> 1252 1251 <a href="#imported.abnf" class="smpl">entity-tag</a> = <entity-tag, defined in <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>, <a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a>> 1253 1252 </pre><h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a> <a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> … … 1389 1388 </li> 1390 1389 <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 1391 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3"> 8</a>, <a href="#Part1"><b>9.1</b></a>, <a href="#rfc.xref.Part1.4">C</a>, <a href="#rfc.xref.Part1.5">C</a>, <a href="#rfc.xref.Part1.6">C</a><ul>1390 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">7</a>, <a href="#rfc.xref.Part1.4">8</a>, <a href="#Part1"><b>9.1</b></a>, <a href="#rfc.xref.Part1.5">C</a>, <a href="#rfc.xref.Part1.6">C</a>, <a href="#rfc.xref.Part1.7">C</a><ul> 1392 1391 <li><em>Section 1.2</em> <a href="#rfc.xref.Part1.2">1.2</a></li> 1393 1392 <li><em>Section 2.5</em> <a href="#rfc.xref.Part1.1">1.1</a></li> 1394 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1. 5">C</a></li>1395 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1. 6">C</a></li>1396 <li><em>Section 9</em> <a href="#rfc.xref.Part1. 3">8</a></li>1393 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.6">C</a></li> 1394 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.7">C</a></li> 1395 <li><em>Section 9</em> <a href="#rfc.xref.Part1.4">8</a></li> 1397 1396 </ul> 1398 1397 </li> 1399 <li><em>Part2</em> <a href="# Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.1">C</a><ul>1400 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2. 1">C</a></li>1398 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">7</a>, <a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.2">C</a><ul> 1399 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.2">C</a></li> 1401 1400 </ul> 1402 1401 </li> -
draft-ietf-httpbis/latest/p5-range.xml
r2066 r2069 25 25 <!ENTITY http-date "<xref target='Part2' x:rel='#http.date' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 26 26 <!ENTITY messaging "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 27 <!ENTITY semantics "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 27 28 <!ENTITY entity-tags "<xref target='Part4' x:rel='#header.etag' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 28 29 <!ENTITY weak-and-strong-validators "<xref target='Part4' x:rel='#weak.and.strong.validators' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> … … 906 907 <section title="Security Considerations" anchor="security.considerations"> 907 908 <t> 908 This section is meant to inform application developers, information909 providers, and users of the security limitations in HTTP/1.1 as910 described by this document. The discussion does not include911 definitive solutions to the problems revealed, though it does make912 some suggestions for reducing security risks. 913 </t> 909 This section is meant to inform developers, information providers, and 910 users of known security concerns specific to the HTTP/1.1 range 911 request mechanisms. More general security considerations are addressed 912 in HTTP messaging &messaging; and semantics &semantics;. 913 </t> 914 914 915 <section title="Overlapping Ranges" anchor="overlapping.ranges"> 915 916 <t> 916 Range requests containing overlapping ranges can lead to thesituation917 where aserver is sending far more data than the size of the complete917 Range requests containing overlapping ranges can lead to a situation 918 where the server is sending far more data than the size of the complete 918 919 resource representation. 919 920 </t> -
draft-ietf-httpbis/latest/p6-cache.html
r2066 r2069 452 452 } 453 453 @bottom-center { 454 content: "Expires July 2, 2013";454 content: "Expires July 3, 2013"; 455 455 } 456 456 @bottom-right { … … 498 498 <meta name="dct.creator" content="Reschke, J. F."> 499 499 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p6-cache-latest"> 500 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">500 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 501 501 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 502 502 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines requirements on HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages."> … … 524 524 </tr> 525 525 <tr> 526 <td class="left">Expires: July 2, 2013</td>526 <td class="left">Expires: July 3, 2013</td> 527 527 <td class="right">J. Reschke, Editor</td> 528 528 </tr> … … 533 533 <tr> 534 534 <td class="left"></td> 535 <td class="right">December 29, 2012</td>535 <td class="right">December 30, 2012</td> 536 536 </tr> 537 537 </tbody> … … 559 559 in progress”. 560 560 </p> 561 <p>This Internet-Draft will expire on July 2, 2013.</p>561 <p>This Internet-Draft will expire on July 3, 2013.</p> 562 562 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 563 563 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 1781 1781 <p id="rfc.section.9.3.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 1782 1782 <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 1783 <p id="rfc.section.10.p.1">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious 1783 <p id="rfc.section.10.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1 1784 caching. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 1785 </p> 1786 <p id="rfc.section.10.p.2">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious 1784 1787 exploitation. Because cache contents persist after an HTTP request is complete, an attack on the cache can reveal information 1785 1788 long after a user believes that the information has been removed from the network. Therefore, cache contents need to be protected 1786 1789 as sensitive information. 1787 1790 </p> 1788 <p id="rfc.section.10.p. 2">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first1791 <p id="rfc.section.10.p.3">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first 1789 1792 one browses to a site, the second may be able to detect that the other has been to that site, because the resources from it 1790 1793 load more quickly, thanks to the cache. 1791 1794 </p> 1792 <p id="rfc.section.10.p. 3">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients1795 <p id="rfc.section.10.p.4">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients 1793 1796 that trust that content. Because of their nature, these attacks are difficult to mitigate. 1794 1797 </p> 1795 <p id="rfc.section.10.p. 4">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information1798 <p id="rfc.section.10.p.5">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information 1796 1799 (e.g., authentication credentials) that is thought to be private, exposing it to unauthorized parties. 1797 1800 </p> 1798 <p id="rfc.section.10.p. 5">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests1801 <p id="rfc.section.10.p.6">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests 1799 1802 to caches. Servers who wish to control caching of these responses are encouraged to emit appropriate Cache-Control response 1800 1803 headers. 1801 1804 </p> 1802 1805 <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a> <a id="acks" href="#acks">Acknowledgments</a></h1> 1803 <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.1 1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.1806 <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>. 1804 1807 </p> 1805 1808 <h1 id="rfc.references"><a id="rfc.section.12" href="#rfc.section.12">12.</a> References … … 1944 1947 character). 1945 1948 </p> 1946 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.1 2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:1947 </p> 1948 <div id="rfc.figure.u.14"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.1 3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>>1949 <a href="#imported.abnf" class="smpl">field-name</a> = <field-name, defined in <a href="#Part1" id="rfc.xref.Part1.1 4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>>1950 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.1 5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1951 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.1 6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1952 1953 <a href="#imported.abnf" class="smpl">port</a> = <port, defined in <a href="#Part1" id="rfc.xref.Part1.1 7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>>1954 <a href="#imported.abnf" class="smpl">pseudonym</a> = <pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.1 8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>>1955 <a href="#imported.abnf" class="smpl">uri-host</a> = <uri-host, defined in <a href="#Part1" id="rfc.xref.Part1. 19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>>1949 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>: 1950 </p> 1951 <div id="rfc.figure.u.14"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>> 1952 <a href="#imported.abnf" class="smpl">field-name</a> = <field-name, defined in <a href="#Part1" id="rfc.xref.Part1.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>> 1953 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1954 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1955 1956 <a href="#imported.abnf" class="smpl">port</a> = <port, defined in <a href="#Part1" id="rfc.xref.Part1.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>> 1957 <a href="#imported.abnf" class="smpl">pseudonym</a> = <pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>> 1958 <a href="#imported.abnf" class="smpl">uri-host</a> = <uri-host, defined in <a href="#Part1" id="rfc.xref.Part1.20"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>> 1956 1959 </pre><p id="rfc.section.B.p.4">The rules below are defined in other parts:</p> 1957 <div id="rfc.figure.u.15"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2. 8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>>1960 <div id="rfc.figure.u.15"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>> 1958 1961 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a> <a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 1959 1962 <div id="rfc.figure.u.16"></div> <pre class="inline"><a href="#header.age" class="smpl">Age</a> = delta-seconds … … 2128 2131 </li> 2129 2132 <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 2130 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">1 1</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a><ul>2133 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">10</a>, <a href="#rfc.xref.Part1.12">11</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a>, <a href="#rfc.xref.Part1.20">B</a><ul> 2131 2134 <li><em>Section 1.2</em> <a href="#rfc.xref.Part1.2">1.4</a></li> 2132 2135 <li><em>Section 2.5</em> <a href="#rfc.xref.Part1.1">1.3</a></li> 2133 <li><em>Section 2.7</em> <a href="#rfc.xref.Part1.1 7">B</a>, <a href="#rfc.xref.Part1.19">B</a></li>2134 <li><em>Section 3.2</em> <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.1 4">B</a></li>2135 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.1 3">B</a></li>2136 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.1 5">B</a>, <a href="#rfc.xref.Part1.16">B</a></li>2136 <li><em>Section 2.7</em> <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.20">B</a></li> 2137 <li><em>Section 3.2</em> <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.15">B</a></li> 2138 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.14">B</a></li> 2139 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a></li> 2137 2140 <li><em>Section 5.5</em> <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a></li> 2138 <li><em>Section 5.7.1</em> <a href="#rfc.xref.Part1.1 8">B</a></li>2141 <li><em>Section 5.7.1</em> <a href="#rfc.xref.Part1.19">B</a></li> 2139 2142 <li><em>Section 5.7.2</em> <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a></li> 2140 <li><em>Section 9</em> <a href="#rfc.xref.Part1.1 1">11</a></li>2143 <li><em>Section 9</em> <a href="#rfc.xref.Part1.12">11</a></li> 2141 2144 </ul> 2142 2145 </li> 2143 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="# Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.8">B</a><ul>2146 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.8">10</a>, <a href="#Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.9">B</a><ul> 2144 2147 <li><em>Section 4.2.1</em> <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.6">6</a></li> 2145 2148 <li><em>Section 6</em> <a href="#rfc.xref.Part2.3">4.1.2</a></li> 2146 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2. 8">B</a></li>2149 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.9">B</a></li> 2147 2150 <li><em>Section 7.1.1.2</em> <a href="#rfc.xref.Part2.4">4.1.3</a></li> 2148 2151 <li><em>Section 7.2.1</em> <a href="#rfc.xref.Part2.5">4.3</a></li> -
draft-ietf-httpbis/latest/p6-cache.xml
r2066 r2069 2078 2078 <section anchor="security.considerations" title="Security Considerations"> 2079 2079 <t> 2080 This section is meant to inform developers, information providers, and 2081 users of known security concerns specific to HTTP/1.1 caching. 2082 More general security considerations are addressed in HTTP messaging 2083 &messaging; and semantics &semantics;. 2084 </t> 2085 <t> 2080 2086 Caches expose additional potential vulnerabilities, since the contents of 2081 2087 the cache represent an attractive target for malicious exploitation. -
draft-ietf-httpbis/latest/p7-auth.html
r2066 r2069 449 449 } 450 450 @bottom-center { 451 content: "Expires July 2, 2013";451 content: "Expires July 3, 2013"; 452 452 } 453 453 @bottom-right { … … 489 489 <meta name="dct.creator" content="Reschke, J. F."> 490 490 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 491 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">491 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 492 492 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 493 493 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework."> … … 517 517 <tr> 518 518 <td class="left">Intended status: Standards Track</td> 519 <td class="right">December 29, 2012</td>519 <td class="right">December 30, 2012</td> 520 520 </tr> 521 521 <tr> 522 <td class="left">Expires: July 2, 2013</td>522 <td class="left">Expires: July 3, 2013</td> 523 523 <td class="right"></td> 524 524 </tr> … … 546 546 in progress”. 547 547 </p> 548 <p>This Internet-Draft will expire on July 2, 2013.</p>548 <p>This Internet-Draft will expire on July 3, 2013.</p> 549 549 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 550 550 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 932 932 <p id="rfc.section.5.3.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 933 933 <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 934 <p id="rfc.section.6.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 935 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 936 make some suggestions for reducing security risks. 934 <p id="rfc.section.6.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1 935 authentication. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 937 936 </p> 938 937 <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a> <a id="auth.credentials.and.idle.clients" href="#auth.credentials.and.idle.clients">Authentication Credentials and Idle Clients</a></h2> … … 968 967 Lawrence C. Stewart for their work on that specification. See <a href="http://tools.ietf.org/html/rfc2617#section-6">Section 6</a> of <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a> for further acknowledgements. 969 968 </p> 970 <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1. 7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> for the Acknowledgments related to this document revision.969 <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> for the Acknowledgments related to this document revision. 971 970 </p> 972 971 <h1 id="rfc.references"><a id="rfc.section.8" href="#rfc.section.8">8.</a> References … … 1060 1059 character). 1061 1060 </p> 1062 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1. 8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:1063 </p> 1064 <div id="rfc.figure.u.9"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">BWS</a> = <BWS, defined in <a href="#Part1" id="rfc.xref.Part1. 9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>>1065 <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.1 0"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>>1066 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.1 1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1067 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.1 2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1061 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>: 1062 </p> 1063 <div id="rfc.figure.u.9"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">BWS</a> = <BWS, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>> 1064 <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>> 1065 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1066 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1068 1067 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a> <a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 1069 1068 <div id="rfc.figure.u.10"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials … … 1165 1164 </li> 1166 1165 <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 1167 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.4">2.3.1</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a>, <a href="#rfc.xref.Part1.7"> 7</a>, <a href="#Part1"><b>8.1</b></a>, <a href="#rfc.xref.Part1.8">B</a>, <a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a><ul>1166 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.4">2.3.1</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">7</a>, <a href="#Part1"><b>8.1</b></a>, <a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a><ul> 1168 1167 <li><em>Section 1.2</em> <a href="#rfc.xref.Part1.2">1.2</a></li> 1169 1168 <li><em>Section 2.3</em> <a href="#rfc.xref.Part1.4">2.3.1</a></li> 1170 1169 <li><em>Section 2.5</em> <a href="#rfc.xref.Part1.1">1.1</a></li> 1171 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1. 9">B</a>, <a href="#rfc.xref.Part1.10">B</a></li>1172 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.1 1">B</a>, <a href="#rfc.xref.Part1.12">B</a></li>1170 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a></li> 1171 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a></li> 1173 1172 <li><em>Section 5.5</em> <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a></li> 1174 <li><em>Section 9</em> <a href="#rfc.xref.Part1. 7">7</a></li>1173 <li><em>Section 9</em> <a href="#rfc.xref.Part1.8">7</a></li> 1175 1174 </ul> 1176 1175 </li> 1177 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2.1</a>, <a href="# Part2"><b>8.1</b></a><ul>1176 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2.1</a>, <a href="#rfc.xref.Part2.2">6</a>, <a href="#Part2"><b>8.1</b></a><ul> 1178 1177 <li><em>Section 6.5.3</em> <a href="#rfc.xref.Part2.1">2.1</a></li> 1179 1178 </ul> -
draft-ietf-httpbis/latest/p7-auth.xml
r2066 r2069 17 17 <!ENTITY mdash "—"> 18 18 <!ENTITY Note "<x:h xmlns:x='http://purl.org/net/xml2rfc/ext'>Note:</x:h>"> 19 <!ENTITY messaging "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 20 <!ENTITY semantics "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 19 21 <!ENTITY architecture "<xref target='Part1' x:rel='#architecture' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 20 22 <!ENTITY conformance "<xref target='Part1' x:rel='#conformance' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> … … 677 679 <section title="Security Considerations" anchor="security.considerations"> 678 680 <t> 679 This section is meant to inform application developers, information 680 providers, and users of the security limitations in HTTP/1.1 as 681 described by this document. The discussion does not include 682 definitive solutions to the problems revealed, though it does make 683 some suggestions for reducing security risks. 681 This section is meant to inform developers, information providers, and 682 users of known security concerns specific to HTTP/1.1 authentication. 683 More general security considerations are addressed in HTTP messaging 684 &messaging; and semantics &semantics;. 684 685 </t> 685 686
Note: See TracChangeset
for help on using the changeset viewer.