Changeset 2069 for draft-ietf-httpbis

Timestamp:

30/12/12 09:01:09 (9 years ago)

Author:

fielding@…

Message:

(editorial) make security considerations intro specific to each document and xref to the main ones

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.html (modified) (5 diffs)
• p1-messaging.xml (modified) (1 diff)
• p2-semantics.html (modified) (1 diff)
• p2-semantics.xml (modified) (1 diff)
• p4-conditional.html (modified) (7 diffs)
• p4-conditional.xml (modified) (2 diffs)
• p5-range.html (modified) (8 diffs)
• p5-range.xml (modified) (2 diffs)
• p6-cache.html (modified) (8 diffs)
• p6-cache.xml (modified) (1 diff)
• p7-auth.html (modified) (8 diffs)
• p7-auth.xml (modified) (2 diffs)

draft-ietf-httpbis/latest/p1-messaging.html

@@ -449 +449 @@
   } 
   @bottom-center {
-       content: "Expires July 2, 2013"; 
+       content: "Expires July 3, 2013"; 
   } 
   @bottom-right {
@@ -491 +491 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-29">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-30">
       <meta name="dct.replaces" content="urn:ietf:rfc:2145">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
@@ -520 +520 @@
             <tr>
                <td class="left">Intended status: Standards Track</td>
-               <td class="right">December 29, 2012</td>
+               <td class="right">December 30, 2012</td>
             </tr>
             <tr>
-               <td class="left">Expires: July 2, 2013</td>
+               <td class="left">Expires: July 3, 2013</td>
                <td class="right"></td>
             </tr>
@@ -551 +551 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on July 2, 2013.</p>
+      <p>This Internet-Draft will expire on July 3, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -2453 +2453 @@
       <p id="rfc.section.7.7.p.2">The responsible party is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
       <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.8.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
-         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
-         make some suggestions for reducing security risks.
+      <p id="rfc.section.8.p.1">This section is meant to inform developers, information providers, and users of known security concerns relevant to HTTP/1.1
+         message syntax, parsing, and routing.
       </p>
       <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a>&nbsp;<a id="personal.information" href="#personal.information">Personal Information</a></h2>

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -3490 +3490 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   This section is meant to inform application developers, information
-   providers, and users of the security limitations in HTTP/1.1 as
-   described by this document. The discussion does not include
-   definitive solutions to the problems revealed, though it does make
-   some suggestions for reducing security risks.
+   This section is meant to inform developers, information providers, and
+   users of known security concerns relevant to HTTP/1.1 message syntax,
+   parsing, and routing.
 </t>
 

draft-ietf-httpbis/latest/p2-semantics.html

@@ -3745 +3745 @@
       </div>
       <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.9.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
-         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
-         make some suggestions for reducing security risks.
+      <p id="rfc.section.9.p.1">This section is meant to inform developers, information providers, and users of known security concerns relevant to HTTP/1.1
+         semantics and its use for transferring information over the Internet.
       </p>
       <h2 id="rfc.section.9.1"><a href="#rfc.section.9.1">9.1</a>&nbsp;<a id="security.sensitive" href="#security.sensitive">Transfer of Sensitive Information</a></h2>

draft-ietf-httpbis/latest/p2-semantics.xml

@@ -4646 +4646 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   This section is meant to inform application developers, information
-   providers, and users of the security limitations in HTTP/1.1 as
-   described by this document. The discussion does not include
-   definitive solutions to the problems revealed, though it does make
-   some suggestions for reducing security risks.
+   This section is meant to inform developers, information providers, and
+   users of known security concerns relevant to HTTP/1.1 semantics and its
+   use for transferring information over the Internet.
 </t>
 

draft-ietf-httpbis/latest/p4-conditional.html

@@ -449 +449 @@
   } 
   @bottom-center {
-       content: "Expires July 2, 2013"; 
+       content: "Expires July 3, 2013"; 
   } 
   @bottom-right {
@@ -491 +491 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p4-conditional-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-29">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-30">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
       <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP/1.1 conditional requests, including metadata header fields for indicating state changes, request header fields for making preconditions on such state, and rules for constructing the responses to a conditional request when one or more preconditions evaluate to false.">
@@ -517 +517 @@
             </tr>
             <tr>
-               <td class="left">Expires: July 2, 2013</td>
-               <td class="right">December 29, 2012</td>
+               <td class="left">Expires: July 3, 2013</td>
+               <td class="right">December 30, 2012</td>
             </tr>
          </tbody>
@@ -545 +545 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on July 2, 2013.</p>
+      <p>This Internet-Draft will expire on July 3, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -1219 +1219 @@
       <p id="rfc.section.6.2.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
       <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.7.p.1">No additional security considerations have been identified beyond those applicable to HTTP in general <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
+      <p id="rfc.section.7.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to the HTTP/1.1
+         conditional request mechanisms. No additional security considerations have been identified beyond those applicable to HTTP
+         messaging <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
       </p>
       <p id="rfc.section.7.p.2">The validators defined by this specification are not intended to ensure the validity of a representation, guard against malicious
@@ -1315 +1317 @@
   <a href="#imported.abnf" class="smpl">obs-text</a>      = &lt;obs-text, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
 </pre><p id="rfc.section.B.p.4">The rules below are defined in other parts:</p>
-      <div id="rfc.figure.u.17"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>     = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
+      <div id="rfc.figure.u.17"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>     = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
       <div id="rfc.figure.u.18"></div> <pre class="inline"><a href="#header.etag" class="smpl">ETag</a> = entity-tag
@@ -1439 +1441 @@
                      </ul>
                   </li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3.3</a>, <a href="#rfc.xref.Part2.3">2.3.3</a>, <a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.4">B</a><ul>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3.3</a>, <a href="#rfc.xref.Part2.3">2.3.3</a>, <a href="#rfc.xref.Part2.4">7</a>, <a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.5">B</a><ul>
                         <li><em>Section 3.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.2">2.3.3</a></li>
                         <li><em>Section 5.3.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.3">2.3.3</a></li>
-                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.4">B</a></li>
+                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.5">B</a></li>
                      </ul>
                   </li>

draft-ietf-httpbis/latest/p4-conditional.xml

@@ -25 +25 @@
   <!ENTITY header-date                "<xref target='Part2' x:rel='#header.date' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY messaging                  "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY semantics                  "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY caching                    "<xref target='Part6' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY header-accept-encoding     "<xref target='Part2' x:rel='#header.accept-encoding' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
@@ -1145 +1146 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   No additional security considerations have been identified beyond
-   those applicable to HTTP in general &messaging;.
+   This section is meant to inform developers, information providers, and
+   users of known security concerns specific to the HTTP/1.1 conditional
+   request mechanisms. No additional security considerations have been
+   identified beyond those applicable to HTTP messaging &messaging; and
+   semantics &semantics;.
 </t>
 <t>

draft-ietf-httpbis/latest/p5-range.html

@@ -449 +449 @@
   } 
   @bottom-center {
-       content: "Expires July 2, 2013"; 
+       content: "Expires July 3, 2013"; 
   } 
   @bottom-right {
@@ -493 +493 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p5-range-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-29">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-30">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
       <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines range requests and the rules for constructing and combining responses to those requests.">
@@ -519 +519 @@
             </tr>
             <tr>
-               <td class="left">Expires: July 2, 2013</td>
+               <td class="left">Expires: July 3, 2013</td>
                <td class="right">J. Reschke, Editor</td>
             </tr>
@@ -528 +528 @@
             <tr>
                <td class="left"></td>
-               <td class="right">December 29, 2012</td>
+               <td class="right">December 30, 2012</td>
             </tr>
          </tbody>
@@ -553 +553 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on July 2, 2013.</p>
+      <p>This Internet-Draft will expire on July 3, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -1041 +1041 @@
       <p id="rfc.section.6.3.p.3">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
       <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.7.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
-         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
-         make some suggestions for reducing security risks.
+      <p id="rfc.section.7.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to the HTTP/1.1
+         range request mechanisms. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
       </p>
       <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a id="overlapping.ranges" href="#overlapping.ranges">Overlapping Ranges</a></h2>
-      <p id="rfc.section.7.1.p.1">Range requests containing overlapping ranges can lead to the situation where a server is sending far more data than the size
+      <p id="rfc.section.7.1.p.1">Range requests containing overlapping ranges can lead to a situation where the server is sending far more data than the size
          of the complete resource representation.
       </p>
       <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="acks" href="#acks">Acknowledgments</a></h1>
-      <p id="rfc.section.8.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
+      <p id="rfc.section.8.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
       </p>
       <h1 id="rfc.references"><a id="rfc.section.9" href="#rfc.section.9">9.</a> References
@@ -1244 +1243 @@
       <p id="rfc.section.C.p.2">Note that all rules derived from <a href="#imported.abnf" class="smpl">token</a> are to be compared case-insensitively, like <a href="#range.units" class="smpl">range-unit</a> and <a href="#header.accept-ranges" class="smpl">acceptable-ranges</a>.
       </p>
-      <p id="rfc.section.C.p.3">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
-      </p>
-      <div id="rfc.figure.u.24"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">OWS</a>        = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
-  <a href="#imported.abnf" class="smpl">token</a>      = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
+      <p id="rfc.section.C.p.3">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
+      </p>
+      <div id="rfc.figure.u.24"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">OWS</a>        = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
+  <a href="#imported.abnf" class="smpl">token</a>      = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
 </pre><p id="rfc.section.C.p.5">The rules below are defined in other parts:</p>
-      <div id="rfc.figure.u.25"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>  = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
+      <div id="rfc.figure.u.25"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>  = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
   <a href="#imported.abnf" class="smpl">entity-tag</a> = &lt;entity-tag, defined in <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>, <a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a>&gt;
 </pre><h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
@@ -1389 +1388 @@
             </li>
             <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
-                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">8</a>, <a href="#Part1"><b>9.1</b></a>, <a href="#rfc.xref.Part1.4">C</a>, <a href="#rfc.xref.Part1.5">C</a>, <a href="#rfc.xref.Part1.6">C</a><ul>
+                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">7</a>, <a href="#rfc.xref.Part1.4">8</a>, <a href="#Part1"><b>9.1</b></a>, <a href="#rfc.xref.Part1.5">C</a>, <a href="#rfc.xref.Part1.6">C</a>, <a href="#rfc.xref.Part1.7">C</a><ul>
                         <li><em>Section 1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.2</a></li>
                         <li><em>Section 2.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a></li>
-                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.5">C</a></li>
-                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.6">C</a></li>
-                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.3">8</a></li>
+                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.6">C</a></li>
+                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.7">C</a></li>
+                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.4">8</a></li>
                      </ul>
                   </li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.1">C</a><ul>
-                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">C</a></li>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">7</a>, <a href="#Part2"><b>9.1</b></a>, <a href="#rfc.xref.Part2.2">C</a><ul>
+                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.2">C</a></li>
                      </ul>
                   </li>

draft-ietf-httpbis/latest/p5-range.xml

@@ -25 +25 @@
   <!ENTITY http-date                  "<xref target='Part2' x:rel='#http.date' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY messaging                  "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY semantics                  "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY entity-tags                "<xref target='Part4' x:rel='#header.etag' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY weak-and-strong-validators "<xref target='Part4' x:rel='#weak.and.strong.validators' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
@@ -906 +907 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   This section is meant to inform application developers, information
-   providers, and users of the security limitations in HTTP/1.1 as
-   described by this document. The discussion does not include
-   definitive solutions to the problems revealed, though it does make
-   some suggestions for reducing security risks.
-</t>
+   This section is meant to inform developers, information providers, and
+   users of known security concerns specific to the HTTP/1.1 range
+   request mechanisms. More general security considerations are addressed
+   in HTTP messaging &messaging; and semantics &semantics;.
+</t>
+
 <section title="Overlapping Ranges" anchor="overlapping.ranges">
 <t>
-   Range requests containing overlapping ranges can lead to the situation
-   where a server is sending far more data than the size of the complete
+   Range requests containing overlapping ranges can lead to a situation
+   where the server is sending far more data than the size of the complete
    resource representation.
 </t>

draft-ietf-httpbis/latest/p6-cache.html

@@ -452 +452 @@
   } 
   @bottom-center {
-       content: "Expires July 2, 2013"; 
+       content: "Expires July 3, 2013"; 
   } 
   @bottom-right {
@@ -498 +498 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p6-cache-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-29">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-30">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
       <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines requirements on HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages.">
@@ -524 +524 @@
             </tr>
             <tr>
-               <td class="left">Expires: July 2, 2013</td>
+               <td class="left">Expires: July 3, 2013</td>
                <td class="right">J. Reschke, Editor</td>
             </tr>
@@ -533 +533 @@
             <tr>
                <td class="left"></td>
-               <td class="right">December 29, 2012</td>
+               <td class="right">December 30, 2012</td>
             </tr>
          </tbody>
@@ -559 +559 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on July 2, 2013.</p>
+      <p>This Internet-Draft will expire on July 3, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -1781 +1781 @@
       <p id="rfc.section.9.3.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
       <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.10.p.1">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious
+      <p id="rfc.section.10.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1
+         caching. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
+      </p>
+      <p id="rfc.section.10.p.2">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious
          exploitation. Because cache contents persist after an HTTP request is complete, an attack on the cache can reveal information
          long after a user believes that the information has been removed from the network. Therefore, cache contents need to be protected
          as sensitive information.
       </p>
-      <p id="rfc.section.10.p.2">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first
+      <p id="rfc.section.10.p.3">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first
          one browses to a site, the second may be able to detect that the other has been to that site, because the resources from it
          load more quickly, thanks to the cache.
       </p>
-      <p id="rfc.section.10.p.3">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients
+      <p id="rfc.section.10.p.4">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients
          that trust that content. Because of their nature, these attacks are difficult to mitigate.
       </p>
-      <p id="rfc.section.10.p.4">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information
+      <p id="rfc.section.10.p.5">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information
          (e.g., authentication credentials) that is thought to be private, exposing it to unauthorized parties.
       </p>
-      <p id="rfc.section.10.p.5">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests
+      <p id="rfc.section.10.p.6">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests
          to caches. Servers who wish to control caching of these responses are encouraged to emit appropriate Cache-Control response
          headers.
       </p>
       <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a>&nbsp;<a id="acks" href="#acks">Acknowledgments</a></h1>
-      <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
+      <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
       </p>
       <h1 id="rfc.references"><a id="rfc.section.12" href="#rfc.section.12">12.</a> References
@@ -1944 +1947 @@
          character).
       </p>
-      <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
-      </p>
-      <div id="rfc.figure.u.14"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
-  <a href="#imported.abnf" class="smpl">field-name</a>    = &lt;field-name, defined in <a href="#Part1" id="rfc.xref.Part1.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>&gt;
-  <a href="#imported.abnf" class="smpl">quoted-string</a> = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
-  <a href="#imported.abnf" class="smpl">token</a>         = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
-
-  <a href="#imported.abnf" class="smpl">port</a>          = &lt;port, defined in <a href="#Part1" id="rfc.xref.Part1.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>&gt;
-  <a href="#imported.abnf" class="smpl">pseudonym</a>     = &lt;pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>&gt; 
-  <a href="#imported.abnf" class="smpl">uri-host</a>      = &lt;uri-host, defined in <a href="#Part1" id="rfc.xref.Part1.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>&gt;
+      <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
+      </p>
+      <div id="rfc.figure.u.14"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
+  <a href="#imported.abnf" class="smpl">field-name</a>    = &lt;field-name, defined in <a href="#Part1" id="rfc.xref.Part1.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>&gt;
+  <a href="#imported.abnf" class="smpl">quoted-string</a> = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
+  <a href="#imported.abnf" class="smpl">token</a>         = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
+
+  <a href="#imported.abnf" class="smpl">port</a>          = &lt;port, defined in <a href="#Part1" id="rfc.xref.Part1.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>&gt;
+  <a href="#imported.abnf" class="smpl">pseudonym</a>     = &lt;pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>&gt; 
+  <a href="#imported.abnf" class="smpl">uri-host</a>      = &lt;uri-host, defined in <a href="#Part1" id="rfc.xref.Part1.20"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>&gt;
 </pre><p id="rfc.section.B.p.4">The rules below are defined in other parts:</p>
-      <div id="rfc.figure.u.15"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>     = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
+      <div id="rfc.figure.u.15"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">HTTP-date</a>     = &lt;HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>&gt;
 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
       <div id="rfc.figure.u.16"></div> <pre class="inline"><a href="#header.age" class="smpl">Age</a> = delta-seconds
@@ -2128 +2131 @@
             </li>
             <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
-                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">11</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a><ul>
+                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">10</a>, <a href="#rfc.xref.Part1.12">11</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a>, <a href="#rfc.xref.Part1.20">B</a><ul>
                         <li><em>Section 1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.4</a></li>
                         <li><em>Section 2.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.3</a></li>
-                        <li><em>Section 2.7</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.19">B</a></li>
-                        <li><em>Section 3.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.14">B</a></li>
-                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.13">B</a></li>
-                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a></li>
+                        <li><em>Section 2.7</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.20">B</a></li>
+                        <li><em>Section 3.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.15">B</a></li>
+                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.14">B</a></li>
+                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a></li>
                         <li><em>Section 5.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a></li>
-                        <li><em>Section 5.7.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.18">B</a></li>
+                        <li><em>Section 5.7.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.19">B</a></li>
                         <li><em>Section 5.7.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a></li>
-                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.11">11</a></li>
+                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.12">11</a></li>
                      </ul>
                   </li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.8">B</a><ul>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.8">10</a>, <a href="#Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.9">B</a><ul>
                         <li><em>Section 4.2.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.6">6</a></li>
                         <li><em>Section 6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.3">4.1.2</a></li>
-                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.8">B</a></li>
+                        <li><em>Section 7.1.1.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.9">B</a></li>
                         <li><em>Section 7.1.1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.4">4.1.3</a></li>
                         <li><em>Section 7.2.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.5">4.3</a></li>

draft-ietf-httpbis/latest/p6-cache.xml

@@ -2078 +2078 @@
 <section anchor="security.considerations" title="Security Considerations">
 <t>
+   This section is meant to inform developers, information providers, and
+   users of known security concerns specific to HTTP/1.1 caching.
+   More general security considerations are addressed in HTTP messaging
+   &messaging; and semantics &semantics;.
+</t>
+<t>
    Caches expose additional potential vulnerabilities, since the contents of
    the cache represent an attractive target for malicious exploitation.

draft-ietf-httpbis/latest/p7-auth.html

@@ -449 +449 @@
   } 
   @bottom-center {
-       content: "Expires July 2, 2013"; 
+       content: "Expires July 3, 2013"; 
   } 
   @bottom-right {
@@ -489 +489 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-29">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-30">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
       <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework.">
@@ -517 +517 @@
             <tr>
                <td class="left">Intended status: Standards Track</td>
-               <td class="right">December 29, 2012</td>
+               <td class="right">December 30, 2012</td>
             </tr>
             <tr>
-               <td class="left">Expires: July 2, 2013</td>
+               <td class="left">Expires: July 3, 2013</td>
                <td class="right"></td>
             </tr>
@@ -546 +546 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on July 2, 2013.</p>
+      <p>This Internet-Draft will expire on July 3, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -932 +932 @@
       <p id="rfc.section.5.3.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
       <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
-      <p id="rfc.section.6.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
-         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
-         make some suggestions for reducing security risks.
+      <p id="rfc.section.6.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1
+         authentication. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
       </p>
       <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;<a id="auth.credentials.and.idle.clients" href="#auth.credentials.and.idle.clients">Authentication Credentials and Idle Clients</a></h2>
@@ -968 +967 @@
          Lawrence C. Stewart for their work on that specification. See <a href="http://tools.ietf.org/html/rfc2617#section-6">Section 6</a> of <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a> for further acknowledgements.
       </p>
-      <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> for the Acknowledgments related to this document revision.
+      <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> for the Acknowledgments related to this document revision.
       </p>
       <h1 id="rfc.references"><a id="rfc.section.8" href="#rfc.section.8">8.</a> References
@@ -1060 +1059 @@
          character).
       </p>
-      <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
-      </p>
-      <div id="rfc.figure.u.9"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">BWS</a>           = &lt;BWS, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
-  <a href="#imported.abnf" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
-  <a href="#imported.abnf" class="smpl">quoted-string</a> = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
-  <a href="#imported.abnf" class="smpl">token</a>         = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
+      <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:
+      </p>
+      <div id="rfc.figure.u.9"></div><pre class="inline">  <a href="#imported.abnf" class="smpl">BWS</a>           = &lt;BWS, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
+  <a href="#imported.abnf" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>&gt;
+  <a href="#imported.abnf" class="smpl">quoted-string</a> = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
+  <a href="#imported.abnf" class="smpl">token</a>         = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>&gt;
 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
       <div id="rfc.figure.u.10"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials
@@ -1165 +1164 @@
             </li>
             <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
-                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.4">2.3.1</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a>, <a href="#rfc.xref.Part1.7">7</a>, <a href="#Part1"><b>8.1</b></a>, <a href="#rfc.xref.Part1.8">B</a>, <a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a><ul>
+                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.4">2.3.1</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">7</a>, <a href="#Part1"><b>8.1</b></a>, <a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a><ul>
                         <li><em>Section 1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.2</a></li>
                         <li><em>Section 2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.4">2.3.1</a></li>
                         <li><em>Section 2.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.1</a></li>
-                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a></li>
-                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a></li>
+                        <li><em>Section 3.2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a></li>
+                        <li><em>Section 3.2.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a></li>
                         <li><em>Section 5.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.5">4.2</a>, <a href="#rfc.xref.Part1.6">4.4</a></li>
-                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.7">7</a></li>
+                        <li><em>Section 9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.8">7</a></li>
                      </ul>
                   </li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.1</a>, <a href="#Part2"><b>8.1</b></a><ul>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.1</a>, <a href="#rfc.xref.Part2.2">6</a>, <a href="#Part2"><b>8.1</b></a><ul>
                         <li><em>Section 6.5.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">2.1</a></li>
                      </ul>

draft-ietf-httpbis/latest/p7-auth.xml

@@ -17 +17 @@
   <!ENTITY mdash "&#8212;">
   <!ENTITY Note "<x:h xmlns:x='http://purl.org/net/xml2rfc/ext'>Note:</x:h>">
+  <!ENTITY messaging                    "<xref target='Part1' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY semantics                    "<xref target='Part2' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY architecture                 "<xref target='Part1' x:rel='#architecture' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY conformance                  "<xref target='Part1' x:rel='#conformance' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
@@ -677 +679 @@
 <section title="Security Considerations" anchor="security.considerations">
 <t>
-   This section is meant to inform application developers, information
-   providers, and users of the security limitations in HTTP/1.1 as
-   described by this document. The discussion does not include
-   definitive solutions to the problems revealed, though it does make
-   some suggestions for reducing security risks.
+   This section is meant to inform developers, information providers, and
+   users of known security concerns specific to HTTP/1.1 authentication.
+   More general security considerations are addressed in HTTP messaging
+   &messaging; and semantics &semantics;.
 </t>