Changeset 2069 for draft-ietf-httpbis/latest/p6-cache.html
- Timestamp:
- 30/12/12 09:01:09 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p6-cache.html
r2066 r2069 452 452 } 453 453 @bottom-center { 454 content: "Expires July 2, 2013";454 content: "Expires July 3, 2013"; 455 455 } 456 456 @bottom-right { … … 498 498 <meta name="dct.creator" content="Reschke, J. F."> 499 499 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p6-cache-latest"> 500 <meta name="dct.issued" scheme="ISO8601" content="2012-12- 29">500 <meta name="dct.issued" scheme="ISO8601" content="2012-12-30"> 501 501 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 502 502 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines requirements on HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages."> … … 524 524 </tr> 525 525 <tr> 526 <td class="left">Expires: July 2, 2013</td>526 <td class="left">Expires: July 3, 2013</td> 527 527 <td class="right">J. Reschke, Editor</td> 528 528 </tr> … … 533 533 <tr> 534 534 <td class="left"></td> 535 <td class="right">December 29, 2012</td>535 <td class="right">December 30, 2012</td> 536 536 </tr> 537 537 </tbody> … … 559 559 in progress”. 560 560 </p> 561 <p>This Internet-Draft will expire on July 2, 2013.</p>561 <p>This Internet-Draft will expire on July 3, 2013.</p> 562 562 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 563 563 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 1781 1781 <p id="rfc.section.9.3.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 1782 1782 <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 1783 <p id="rfc.section.10.p.1">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious 1783 <p id="rfc.section.10.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1 1784 caching. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 1785 </p> 1786 <p id="rfc.section.10.p.2">Caches expose additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious 1784 1787 exploitation. Because cache contents persist after an HTTP request is complete, an attack on the cache can reveal information 1785 1788 long after a user believes that the information has been removed from the network. Therefore, cache contents need to be protected 1786 1789 as sensitive information. 1787 1790 </p> 1788 <p id="rfc.section.10.p. 2">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first1791 <p id="rfc.section.10.p.3">Furthermore, the very use of a cache can bring about privacy concerns. For example, if two users share a cache, and the first 1789 1792 one browses to a site, the second may be able to detect that the other has been to that site, because the resources from it 1790 1793 load more quickly, thanks to the cache. 1791 1794 </p> 1792 <p id="rfc.section.10.p. 3">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients1795 <p id="rfc.section.10.p.4">Implementation flaws might allow attackers to insert content into a cache ("cache poisoning"), leading to compromise of clients 1793 1796 that trust that content. Because of their nature, these attacks are difficult to mitigate. 1794 1797 </p> 1795 <p id="rfc.section.10.p. 4">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information1798 <p id="rfc.section.10.p.5">Likewise, implementation flaws (as well as misunderstanding of cache operation) might lead to caching of sensitive information 1796 1799 (e.g., authentication credentials) that is thought to be private, exposing it to unauthorized parties. 1797 1800 </p> 1798 <p id="rfc.section.10.p. 5">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests1801 <p id="rfc.section.10.p.6">Note that the Set-Cookie response header <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a> does not inhibit caching; a cacheable response with a Set-Cookie header can be (and often is) used to satisfy subsequent requests 1799 1802 to caches. Servers who wish to control caching of these responses are encouraged to emit appropriate Cache-Control response 1800 1803 headers. 1801 1804 </p> 1802 1805 <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a> <a id="acks" href="#acks">Acknowledgments</a></h1> 1803 <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.1 1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.1806 <p id="rfc.section.11.p.1">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>. 1804 1807 </p> 1805 1808 <h1 id="rfc.references"><a id="rfc.section.12" href="#rfc.section.12">12.</a> References … … 1944 1947 character). 1945 1948 </p> 1946 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.1 2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>:1947 </p> 1948 <div id="rfc.figure.u.14"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.1 3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>>1949 <a href="#imported.abnf" class="smpl">field-name</a> = <field-name, defined in <a href="#Part1" id="rfc.xref.Part1.1 4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>>1950 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.1 5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1951 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.1 6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>>1952 1953 <a href="#imported.abnf" class="smpl">port</a> = <port, defined in <a href="#Part1" id="rfc.xref.Part1.1 7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>>1954 <a href="#imported.abnf" class="smpl">pseudonym</a> = <pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.1 8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>>1955 <a href="#imported.abnf" class="smpl">uri-host</a> = <uri-host, defined in <a href="#Part1" id="rfc.xref.Part1. 19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>>1949 <p id="rfc.section.B.p.2">The rules below are defined in <a href="#Part1" id="rfc.xref.Part1.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>: 1950 </p> 1951 <div id="rfc.figure.u.14"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#whitespace" title="Whitespace">Section 3.2.3</a>> 1952 <a href="#imported.abnf" class="smpl">field-name</a> = <field-name, defined in <a href="#Part1" id="rfc.xref.Part1.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>> 1953 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1954 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in <a href="#Part1" id="rfc.xref.Part1.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#field.components" title="Field value components">Section 3.2.6</a>> 1955 1956 <a href="#imported.abnf" class="smpl">port</a> = <port, defined in <a href="#Part1" id="rfc.xref.Part1.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>> 1957 <a href="#imported.abnf" class="smpl">pseudonym</a> = <pseudonym, defined in <a href="#Part1" id="rfc.xref.Part1.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#header.via" title="Via">Section 5.7.1</a>> 1958 <a href="#imported.abnf" class="smpl">uri-host</a> = <uri-host, defined in <a href="#Part1" id="rfc.xref.Part1.20"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.7</a>> 1956 1959 </pre><p id="rfc.section.B.p.4">The rules below are defined in other parts:</p> 1957 <div id="rfc.figure.u.15"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2. 8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>>1960 <div id="rfc.figure.u.15"></div><pre class="inline"> <a href="#imported.abnf" class="smpl">HTTP-date</a> = <HTTP-date, defined in <a href="#Part2" id="rfc.xref.Part2.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, <a href="p2-semantics.html#http.date" title="Date/Time Formats">Section 7.1.1.1</a>> 1958 1961 </pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a> <a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 1959 1962 <div id="rfc.figure.u.16"></div> <pre class="inline"><a href="#header.age" class="smpl">Age</a> = delta-seconds … … 2128 2131 </li> 2129 2132 <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 2130 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">1 1</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a><ul>2133 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.3</a>, <a href="#rfc.xref.Part1.2">1.4</a>, <a href="#rfc.xref.Part1.3">3.1</a>, <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a>, <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a>, <a href="#rfc.xref.Part1.11">10</a>, <a href="#rfc.xref.Part1.12">11</a>, <a href="#Part1"><b>12.1</b></a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">B</a>, <a href="#rfc.xref.Part1.15">B</a>, <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a>, <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.19">B</a>, <a href="#rfc.xref.Part1.20">B</a><ul> 2131 2134 <li><em>Section 1.2</em> <a href="#rfc.xref.Part1.2">1.4</a></li> 2132 2135 <li><em>Section 2.5</em> <a href="#rfc.xref.Part1.1">1.3</a></li> 2133 <li><em>Section 2.7</em> <a href="#rfc.xref.Part1.1 7">B</a>, <a href="#rfc.xref.Part1.19">B</a></li>2134 <li><em>Section 3.2</em> <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.1 4">B</a></li>2135 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.1 3">B</a></li>2136 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.1 5">B</a>, <a href="#rfc.xref.Part1.16">B</a></li>2136 <li><em>Section 2.7</em> <a href="#rfc.xref.Part1.18">B</a>, <a href="#rfc.xref.Part1.20">B</a></li> 2137 <li><em>Section 3.2</em> <a href="#rfc.xref.Part1.5">4.3</a>, <a href="#rfc.xref.Part1.15">B</a></li> 2138 <li><em>Section 3.2.3</em> <a href="#rfc.xref.Part1.14">B</a></li> 2139 <li><em>Section 3.2.6</em> <a href="#rfc.xref.Part1.16">B</a>, <a href="#rfc.xref.Part1.17">B</a></li> 2137 2140 <li><em>Section 5.5</em> <a href="#rfc.xref.Part1.4">4</a>, <a href="#rfc.xref.Part1.6">6</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">6</a></li> 2138 <li><em>Section 5.7.1</em> <a href="#rfc.xref.Part1.1 8">B</a></li>2141 <li><em>Section 5.7.1</em> <a href="#rfc.xref.Part1.19">B</a></li> 2139 2142 <li><em>Section 5.7.2</em> <a href="#rfc.xref.Part1.9">7.2.1.6</a>, <a href="#rfc.xref.Part1.10">7.2.2.9</a></li> 2140 <li><em>Section 9</em> <a href="#rfc.xref.Part1.1 1">11</a></li>2143 <li><em>Section 9</em> <a href="#rfc.xref.Part1.12">11</a></li> 2141 2144 </ul> 2142 2145 </li> 2143 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="# Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.8">B</a><ul>2146 <li><em>Part2</em> <a href="#rfc.xref.Part2.1">2</a>, <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.3">4.1.2</a>, <a href="#rfc.xref.Part2.4">4.1.3</a>, <a href="#rfc.xref.Part2.5">4.3</a>, <a href="#rfc.xref.Part2.6">6</a>, <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.8">10</a>, <a href="#Part2"><b>12.1</b></a>, <a href="#rfc.xref.Part2.9">B</a><ul> 2144 2147 <li><em>Section 4.2.1</em> <a href="#rfc.xref.Part2.2">4</a>, <a href="#rfc.xref.Part2.6">6</a></li> 2145 2148 <li><em>Section 6</em> <a href="#rfc.xref.Part2.3">4.1.2</a></li> 2146 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2. 8">B</a></li>2149 <li><em>Section 7.1.1.1</em> <a href="#rfc.xref.Part2.7">7.3</a>, <a href="#rfc.xref.Part2.9">B</a></li> 2147 2150 <li><em>Section 7.1.1.2</em> <a href="#rfc.xref.Part2.4">4.1.3</a></li> 2148 2151 <li><em>Section 7.2.1</em> <a href="#rfc.xref.Part2.5">4.3</a></li>
Note: See TracChangeset
for help on using the changeset viewer.