Changeset 2083 for draft-ietf-httpbis/latest/p2-semantics.xml

Timestamp:

05/01/13 07:12:36 (9 years ago)

Author:

fielding@…

Message:

Requirements are not allowed in appendices. They have been changed to prose.
Changes from RFC2616 have been rewritten for consistency and to remove changes
that are only editorial. Addresses #419

File:

• draft-ietf-httpbis/latest/p2-semantics.xml (modified) (11 diffs)

draft-ietf-httpbis/latest/p2-semantics.xml

@@ -408 +408 @@
    interoperable among systems with varying native encoding formats.
    Representations selected or transferred via HTTP ought to be in canonical
-   form, for many of the same reasons described by MIME
-   <xref target="RFC2049"/>.
+   form, for many of the same reasons described by the Multipurpose Internet
+   Mail Extensions (MIME) <xref target="RFC2045"/>.
    However, the performance characteristics of email deployments (i.e., store
    and forward messages to peers) are significantly different from those
@@ -5277 +5277 @@
 </reference>
 
-<reference anchor="RFC2076">
-  <front>
-    <title abbrev="Internet Message Headers">Common Internet Message Headers</title>
-    <author initials="J." surname="Palme" fullname="Jacob Palme">
-      <organization>Stockholm University/KTH</organization>
-      <address><email>jpalme@dsv.su.se</email></address>
-    </author>
-    <date month="February" year="1997"/>
-  </front>
-  <seriesInfo name="RFC" value="2076"/>
-</reference>
-
 <reference anchor='RFC2295'>
   <front>
@@ -5510 +5498 @@
 </reference>
 
-<reference anchor="RFC6151">
-  <front>
-    <title>Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms</title>
-    <author initials="S." surname="Turner" fullname="S. Turner"/>
-    <author initials="L." surname="Chen" fullname="L. Chen"/>
-    <date year="2011" month="March" />
-  </front>
-  <seriesInfo name="RFC" value="6151" />
-</reference>
-
 <reference anchor="RFC6265">
   <front>
@@ -5567 +5545 @@
 <section title="Differences between HTTP and MIME" anchor="differences.between.http.and.mime">
 <t>
-   HTTP/1.1 uses many of the constructs defined for Internet Mail (<xref target="RFC5322"/>) and the Multipurpose Internet Mail Extensions (MIME <xref target="RFC2045"/>) to
+   HTTP/1.1 uses many of the constructs defined for the
+   Internet Message Format <xref target="RFC5322"/> and the Multipurpose
+   Internet Mail Extensions (MIME) <xref target="RFC2045"/> to
    allow a message body to be transmitted in an open variety of
-   representations and with extensible mechanisms. However, RFC 2045
-   discusses mail, and HTTP has a few features that are different from
-   those described in MIME. These differences were carefully chosen
-   to optimize performance over binary connections, to allow greater
-   freedom in the use of new media types, to make date comparisons
-   easier, and to acknowledge the practice of some early HTTP servers
-   and clients.
+   representations and with extensible header fields. However, RFC 2045
+   is focused only on email; applications of HTTP have many characteristics
+   that differ from email, and hence HTTP has features that differ from MIME.
+   These differences were carefully chosen to optimize performance over binary
+   connections, to allow greater freedom in the use of new media types, to
+   make date comparisons easier, and to acknowledge the practice of some early
+   HTTP servers and clients.
 </t>
 <t>
    This appendix describes specific areas where HTTP differs from MIME.
-   Proxies and gateways to strict MIME environments &SHOULD; be
+   Proxies and gateways to and from strict MIME environments need to be
    aware of these differences and provide the appropriate conversions
-   where necessary. Proxies and gateways from MIME environments to HTTP
-   also need to be aware of the differences because some conversions
-   might be required.
+   where necessary.
 </t>
 
@@ -5590 +5568 @@
   <x:anchor-alias value="MIME-Version"/>
 <t>
-   HTTP is not a MIME-compliant protocol. However, HTTP/1.1 messages &MAY;
+   HTTP is not a MIME-compliant protocol. However, messages can
    include a single MIME-Version header field to indicate what
    version of the MIME protocol was used to construct the message. Use
    of the MIME-Version header field indicates that the message is in
    full conformance with the MIME protocol (as defined in <xref target="RFC2045"/>).
-   Proxies/gateways are responsible for ensuring full conformance (where
+   Senders are responsible for ensuring full conformance (where
    possible) when exporting HTTP messages to strict MIME environments.
 </t>
-<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="MIME-Version"/>
-  <x:ref>MIME-Version</x:ref> = 1*<x:ref>DIGIT</x:ref> "." 1*<x:ref>DIGIT</x:ref>
-</artwork></figure>
-<t>
-   MIME version "1.0" is the default for use in HTTP/1.1. However,
-   HTTP/1.1 message parsing and semantics are defined by this document
-   and not the MIME specification.
-</t>
 </section>
 
 <section title="Conversion to Canonical Form" anchor="conversion.to.canonical.form">
 <t>
-   MIME requires that an Internet mail body-part be converted to
-   canonical form prior to being transferred, as described in <xref target="RFC2049" x:fmt="of" x:sec="4"/>.
-   <xref target="canonicalization.and.text.defaults"/> of this document describes the forms
-   allowed for subtypes of the "text" media type when transmitted over
-   HTTP. <xref target="RFC2046"/> requires that content with a type of "text" represent
-   line breaks as CRLF and forbids the use of CR or LF outside of line
-   break sequences. HTTP allows CRLF, bare CR, and bare LF to indicate a
-   line break within text content when a message is transmitted over
-   HTTP.
-</t>
-<t>
-   Where it is possible, a proxy or gateway from HTTP to a strict MIME
-   environment &SHOULD; translate all line breaks within the text media
+   MIME requires that an Internet mail body-part be converted to canonical
+   form prior to being transferred, as described in <xref target="RFC2049"
+   x:fmt="of" x:sec="4"/>. <xref target="canonicalization.and.text.defaults"/>
+   of this document describes the forms allowed for subtypes of the "text"
+   media type when transmitted over HTTP. <xref target="RFC2046"/> requires
+   that content with a type of "text" represent line breaks as CRLF and
+   forbids the use of CR or LF outside of line break sequences. HTTP allows
+   CRLF, bare CR, and bare LF to indicate a line break within text content.
+</t>
+<t>
+   A proxy or gateway from HTTP to a strict MIME
+   environment ought to translate all line breaks within the text media
    types described in <xref target="canonicalization.and.text.defaults"/>
    of this document to the RFC 2049 canonical form of CRLF. Note, however,
@@ -5642 +5611 @@
    HTTP/1.1 uses a restricted set of date formats (&http-date;) to
    simplify the process of date comparison. Proxies and gateways from
-   other protocols &SHOULD; ensure that any <x:ref>Date</x:ref> header field
+   other protocols ought to ensure that any <x:ref>Date</x:ref> header field
    present in a message conforms to one of the HTTP/1.1 formats and rewrite
    the date if necessary.
@@ -5648 +5617 @@
 </section>
 
-<section title="Introduction of Content-Encoding" anchor="introduction.of.content-encoding">
+<section title="Conversion of Content-Encoding" anchor="conversion.content-encoding">
 <t>
    MIME does not include any concept equivalent to HTTP/1.1's
    <x:ref>Content-Encoding</x:ref> header field. Since this acts as a modifier
    on the media type, proxies and gateways from HTTP to MIME-compliant
-   protocols &MUST; either change the value of the <x:ref>Content-Type</x:ref>
+   protocols ought to either change the value of the <x:ref>Content-Type</x:ref>
    header field or decode the representation before forwarding the message.
    (Some experimental applications of Content-Type for Internet mail have used
@@ -5662 +5631 @@
 </section>
 
-<section title="No Content-Transfer-Encoding" anchor="no.content-transfer-encoding">
+<section title="Conversion of Content-Transfer-Encoding" anchor="conversion.content-transfer-encoding">
   <iref item="Content-Transfer-Encoding header field" x:for-anchor=""/>
 <t>
    HTTP does not use the Content-Transfer-Encoding field of MIME.
-   Proxies and gateways from MIME-compliant protocols to HTTP &MUST;
-   remove any Content-Transfer-Encoding
-   prior to delivering the response message to an HTTP client.
+   Proxies and gateways from MIME-compliant protocols to HTTP need to remove
+   any Content-Transfer-Encoding prior to delivering the response message to
+   an HTTP client.
 </t>
 <t>
@@ -5675 +5644 @@
    and encoding for safe transport on that protocol, where "safe
    transport" is defined by the limitations of the protocol being used.
-   Such a proxy or gateway &SHOULD; label the data with an appropriate
-   Content-Transfer-Encoding if doing so will improve the likelihood of
-   safe transport over the destination protocol.
+   Such a proxy or gateway ought to transform and label the data with an
+   appropriate Content-Transfer-Encoding if doing so will improve the
+   likelihood of safe transport over the destination protocol.
 </t>
 </section>
@@ -5683 +5652 @@
 <section title="MHTML and Line Length Limitations" anchor="mhtml.line.length">
 <t>
-   HTTP implementations that share code with MHTML <xref target="RFC2557"/> implementations
-   need to be aware of MIME line length limitations. Since HTTP does not
-   have this limitation, HTTP does not fold long lines. MHTML messages
-   being transported by HTTP follow all conventions of MHTML, including
-   line length limitations and folding, canonicalization, etc., since
-   HTTP transports all message-bodies as payload (see <xref target="multipart.types"/>) and
-   does not interpret the content or any MIME header lines that might be
-   contained therein.
-</t>
-</section>
-</section>
-
-<section title="Additional Features" anchor="additional.features">
-<t>
-   <xref target="RFC1945"/> and <xref target="RFC2068"/> document protocol elements used by some
-   existing HTTP implementations, but not consistently and correctly
-   across most HTTP/1.1 applications. Implementers are advised to be
-   aware of these features, but cannot rely upon their presence in, or
-   interoperability with, other HTTP/1.1 applications. Some of these
-   describe proposed experimental features, and some describe features
-   that experimental deployment found lacking that are now addressed in
-   the base HTTP/1.1 specification.
-</t>
-<t>
-   A number of other header fields, such as Content-Disposition and Title,
-   from SMTP and MIME are also often implemented (see <xref target="RFC6266"/>
-   and <xref target="RFC2076"/>).
-</t>
-</section>
-
-<section title="Changes from RFC 2616" anchor="changes.from.rfc.2616">
-<t>
-   Request semantics embedded in a URI should be disabled when those
-   semantics are inconsistent with the request method, since this is a
-   common cause of interoperability failure.
-</t>
-<t>
-  The term "representation" is introduced, replacing both "entity" and
-  "variant."
-  (<xref target="representations" />)
-</t>
-<t>
-  Rules for identifying the payload of a message have been defined.
-  (<xref target="identifying.payload" />)
-</t>
-<t>
-  "Server-Driven" and "agent-driven" content negotiation are now called
-  "proactive" and "reactive" content negotiation (respectively).
-  (<xref target="content.negotiation" />)
-</t>
-<t>
-  <x:ref>Content-Location</x:ref> no longer sets a base URI, due to poor
-  implementation support (which was caused by too many broken servers emitting
-  bogus Content-Location header fields, and also the potentially undesirable
-  effect of potentially breaking relative links in content-negotiated
-  resources).
-  (<xref target="header.content-location"/>)
-</t>
-<t>
-  GET requests can have a body; it just has no meaning.
-  (<xref target="GET"/>)
-</t>
-<t>
-  The definition of POST has been clarified.
-  (<xref target="POST"/>)
-</t>
-<t>
-  Servers are no longer required to handle all Content-* header fields in 
-  requests.
-  (<xref target="PUT"/>)
-</t>
-<t>
-  Use of <x:ref>Content-Range</x:ref> is explicitly banned on PUT requests.
-  (<xref target="PUT"/>)
-</t>
-<t>
-  The CONNECT method is now defined by this specification, taking over from
-  <xref target="RFC2817"/>.
-  (<xref target="CONNECT"/>)
-</t>
-<t>
-  The requirements upon and semantics of CONNECT request and response bodies 
-  have been clarified.
-  (<xref target="CONNECT"/>)
-</t>
-<t>
-  The <x:ref>OPTIONS</x:ref> and <x:ref>TRACE</x:ref> request methods are
-  now defined as being safe.
-  (<xref target="OPTIONS"/> and <xref target="TRACE"/>)
-</t>
-<t>
-  The <x:ref>Max-Forwards</x:ref> header field is now restricted to the
-  OPTIONS and TRACE methods (previously, extension methods could have used it
-  as well).
-  (<xref target="header.max-forwards"/>)
-</t>
-<t>
-  The ABNF for the "<x:ref>Expect</x:ref>" header field has been both fixed
-  (allowing parameters for value-less expectations as well) and simplified
-  (allowing trailing semicolons after "100-continue" when they were invalid
-  before).
-  (<xref target="header.expect"/>)
-</t>
-<t>
-  Special casing for ISO-8859-1 in <x:ref>Accept-Charset</x:ref> has been
-  removed.
-  (<xref target="header.accept-charset"/>)
-</t>
-<t>
-  Requirements for sending the Date header field have been clarified.
-  (<xref target="header.date"/>)
-</t>
-<t>
-  The <x:ref>Referer</x:ref> header field can now have a value of
-  "about:blank" as an alternative to not sending a Referer header field.
-  (<xref target="header.referer"/>)
-</t>
-<t>
-  The <x:ref>201 (Created)</x:ref> status code can indicate that more than
-  one resource has been created (as well as just one). 
-</t>
-<t>
-  The definition of <x:ref>203 (Non-Authoritative Information)</x:ref> has
-  been broadened to include cases of payload transformations as well.
-  (<xref target="status.203"/>)
-</t>
-<t>
-  Redirect status codes <x:ref>301</x:ref>, <x:ref>302</x:ref>, and
-  <x:ref>307</x:ref> no longer have normative requirements on response
-  payloads and user interaction.
-  (<xref target="status.3xx"/>)
-</t>
-<t>
-  The request methods that are safe to automatically redirect is no
-  longer a closed set; user agents are able to make that determination
-  based upon the request method semantics.
-  (<xref target="status.3xx"/>)
-</t>
-<t>
-  The syntax of the <x:ref>Location</x:ref> header field has been corrected
-  to allow URI references (including relative references and fragments), along
-  with some clarifications as to when use of fragments would not be
-  appropriate.
-  (<xref target="header.location"/>)
-</t>
-<t>
-  The 303 (See Other) status code is now cacheable, if explicit freshness
-  information is available.
-  (<xref target="status.303" />)
-</t>
-<t>
-  User agents are now allowed to rewrite the method from POST to GET
-  for status codes <x:ref>301</x:ref> and <x:ref>302</x:ref>.
-  (Sections <xref format="counter" target="status.301"/>,
-  <xref format="counter" target="status.302"/> and
-  <xref format="counter" target="status.307"/>)
-</t>
-<t>
-  The <x:ref>305 (Use Proxy)</x:ref> status code is now deprecated, because
-  user agents did not implement it. It used to indicate that the target
-  resource needed to be accessed through the proxy given by the
-  <x:ref>Location</x:ref> field. The recipient was expected to repeat this
-  single request via the proxy.
-  (<xref target="status.305"/>)
-</t>
-<t>
-  The <x:ref>400 (Bad Request)</x:ref> status code has been made more generic;
-  it isn't limited to syntax errors.
-  (<xref target="status.400"/>)
-</t>
-<t>
-  The <x:ref>403 (Forbidden)</x:ref> status code has been clarified, 
-  especially with regards to authentication.
-  (<xref target="status.403"/>)
-</t>
-<t>
-  The <x:ref>426 (Upgrade Required)</x:ref> status code has been incorporated
-  from <xref target="RFC2817"/>.
-  (<xref target="status.426"/>)
-</t>
-<t>
-  <x:ref>Allow</x:ref> has been reclassified as a response header field,
-  removing the option to specify it in a PUT request.
-  (<xref target="header.allow"/>)
-</t>  
-<t>  
-  Requirements relating to the content of the Allow header have been relaxed;
-  correspondingly, clients are not required to always trust its value.
-  (<xref target="header.allow"/>)
-</t>
-<t>
-  The requirement to generate a <x:ref>Via</x:ref> header field has been moved
-  from the description of the <x:ref>Server</x:ref> header field to
-  &header-via;.
-  (<xref target="header.server"/>)
-</t>
-<t>
-  The contexts that charset is used in have been clarified.
-  (<xref target="charset"/>)
-</t>
-<t>
-  The default charset of "ISO-8859-1" for text media types has been removed;
-  the default now is whatever the media type definition says.
-  (<xref target="canonicalization.and.text.defaults"/>)
-</t>
-<t>
-  Registration of Content Codings now requires IETF Review.
-  (<xref target="content.coding.registry"/>)
-</t>
-<t>
-  The Content-MD5 header field has been removed, because it was inconsistently
-  implemented with respect to partial responses, and also because of known
-  deficiencies in the hash algorithm itself (see <xref target="RFC6151"/> for
-  details).
-</t>
-<t>
-  This specification introduces a Method Registry.
-  (<xref target="method.registry"/>)
-</t>
-<t>
-  The Status Code Registry is now defined by this specification; previously,
-  it was defined in <xref target="RFC2817" x:fmt="of" x:sec="7.1"/>.
-  (<xref target="status.code.registry"/>)
-</t>
-<t>
-  References to the "identity" transfer coding token have been removed.
-  (<xref target="no.content-transfer-encoding"/>)
-</t>
-<t>
-  The Content-Disposition header field is now defined by <xref
-  target="RFC6266"/>.
-  (<xref target="additional.features"/>)
+   HTTP implementations that share code with MHTML <xref target="RFC2557"/>
+   implementations need to be aware of MIME line length limitations.
+   Since HTTP does not have this limitation, HTTP does not fold long lines.
+   MHTML messages being transported by HTTP follow all conventions of MHTML,
+   including line length limitations and folding, canonicalization, etc.,
+   since HTTP transfers message-bodies as payload and, aside from the
+   "multipart/byteranges" type (&multipart-byteranges;), does not interpret
+   the content or any MIME header lines that might be contained therein.
+</t>
+</section>
+</section>
+
+<section title="Significant changes from RFC 2616" anchor="changes.from.rfc.2616">
+<t>
+   The primary changes in this revision have been editorial in nature:
+   extracting the messaging syntax and partitioning HTTP semantics into
+   separate documents for the core features, conditional requests, partial
+   requests, caching, and authentication.  The conformance language has been
+   revised to clearly target requirements and the terminology has been
+   improved to distinguish payload from representations and representations
+   from resources.
+   An algorithm has been added for determining if a payload is associated with
+   a specific identifier (<xref target="identifying.payload" />).
+</t>
+<t>
+   A new requirement has been added that semantics embedded in a URI
+   should be disabled when those semantics are inconsistent with the request
+   method, since this is a common cause of interoperability failure.
+</t>
+<t>
+   The default charset of ISO-8859-1 for text media types has been removed;
+   the default is now whatever the media type definition says
+   (<xref target="canonicalization.and.text.defaults"/>). Likewise,
+   special treatment of ISO-8859-1 has been removed from the
+   <x:ref>Accept-Charset</x:ref> header field
+   (<xref target="header.accept-charset"/>).
+</t>
+<t>
+   The Content-Disposition header field has been removed since it is now
+   defined by <xref target="RFC6266"/>.
+</t>
+<t>
+   The definition of <x:ref>Content-Location</x:ref> has been changed to no
+   longer affect the base URI for resolving relative URI references, due to
+   poor implementation support and the undesirable effect of potentially
+   breaking relative links in content-negotiated resources
+   (<xref target="header.content-location"/>).
+</t>
+<t>
+   The Content-MD5 header field has been removed because it was inconsistently
+   implemented with respect to partial responses.
+</t>
+<t>
+   To be consistent with the method-neutral parsing algorithm of
+   <xref target="Part1"/>, the definition of GET has been relaxed so that
+   requests can have a body, even though a body has no meaning for GET
+   (<xref target="GET"/>).
+</t>
+<t>
+   Servers are no longer required to handle all Content-* header fields and
+   use of <x:ref>Content-Range</x:ref> has been explicitly banned in PUT
+   requests (<xref target="PUT"/>).
+</t>
+<t>
+   Definition of the CONNECT method has been moved from
+   <xref target="RFC2817"/> to this specification (<xref target="CONNECT"/>).
+</t>
+<t>
+   The <x:ref>OPTIONS</x:ref> (<xref target="OPTIONS"/>) and
+   <x:ref>TRACE</x:ref> (<xref target="TRACE"/>) request methods have been
+   defined as being safe.
+</t>
+<t>
+   The definition of <x:ref>Expect</x:ref> has been both fixed to allow
+   parameters for value-less expectations and simplified to allow trailing
+   semicolons after "100-continue" (<xref target="header.expect"/>).
+</t>
+<t>
+   The <x:ref>Max-Forwards</x:ref> header field
+   (<xref target="header.max-forwards"/>) has been restricted to the
+   <x:ref>OPTIONS</x:ref> and <x:ref>TRACE</x:ref> methods; previously,
+   extension methods could have used it as well.
+</t>
+<t>
+   The "about:blank" URI has been suggested as a value for the
+   <x:ref>Referer</x:ref> header field when no referring URI is applicable,
+   which distinguishes that case from others where the Referer field is
+   not sent or has been removed (<xref target="header.referer"/>).
+</t>
+<t>
+   The <x:ref>201 (Created)</x:ref> status description has been changed to
+   allow for the possibility that more than one resource has been created
+   (<xref target="status.201"/>).
+</t>
+<t>
+   The definition of <x:ref>203 (Non-Authoritative Information)</x:ref> has
+   been broadened to include cases of payload transformations as well
+   (<xref target="status.203"/>).
+</t>
+<t>
+   The redirect status codes <x:ref>301</x:ref>, <x:ref>302</x:ref>, and
+   <x:ref>307</x:ref> no longer have normative requirements on response
+   payloads and user interaction (<xref target="status.3xx"/>).
+</t>
+<t>
+   The request methods that are safe to automatically redirect is no
+   longer a closed set; user agents are able to make that determination
+   based upon the request method semantics (<xref target="status.3xx"/>).
+</t>
+<t>
+   The description of 303 (See Other) status code has been changed to allow
+   it to be cached if explicit freshness information is given, and a specific
+   definition has been added for a 303 response to GET
+   (<xref target="status.303"/>).
+</t>
+<t>
+   The status codes <x:ref>301</x:ref> and <x:ref>302</x:ref>
+   (sections <xref format="counter" target="status.301"/> and
+   <xref format="counter" target="status.302"/>) have been changed to allow
+   user agents to rewrite the method from POST to GET.
+</t>
+<t>
+   The <x:ref>305 (Use Proxy)</x:ref> status code has been deprecated due to
+   security concerns regarding in-band configuration of a proxy
+   (<xref target="status.305"/>).
+</t>
+<t>
+   The <x:ref>400 (Bad Request)</x:ref> status code has been relaxed so that
+   it isn't limited to syntax errors (<xref target="status.400"/>).
+</t>
+<t>
+   The <x:ref>426 (Upgrade Required)</x:ref> status code has been incorporated
+   from <xref target="RFC2817"/> (<xref target="status.426"/>).
+</t>
+<t>
+   <x:ref>Allow</x:ref> has been reclassified as a response header field,
+   removing the option to specify it in a PUT request.
+   Requirements relating to the content of Allow have been relaxed;
+   correspondingly, clients are not required to always trust its value
+   (<xref target="header.allow"/>).
+</t>
+<t>
+   The target of requirements on HTTP-date and the Date header field have been
+   reduced to those systems generating the date, rather than all systems
+   sending a date (<xref target="origination.date"/>).
+</t>
+<t>
+   The syntax of the <x:ref>Location</x:ref> header field has been changed
+   to allow all URI references, including relative references and fragments,
+   along with some clarifications as to when use of fragments would not be
+   appropriate (<xref target="header.location"/>).
+</t>
+<t>
+   A Method Registry has been defined (<xref target="method.registry"/>).
+</t>
+<t>
+   The Status Code Registry (<xref target="status.code.registry"/>) has been
+   redefined by this specification; previously, it was defined in
+   <xref target="RFC2817" x:fmt="of" x:sec="7.1"/>.
+</t>
+<t>
+   Registration of Content Codings has been changed to require IETF Review
+   (<xref target="content.coding.registry"/>).
 </t>
 </section>
@@ -6001 +5901 @@
 <x:ref>Location</x:ref> = URI-reference
 
-<x:ref>MIME-Version</x:ref> = 1*DIGIT "." 1*DIGIT
 <x:ref>Max-Forwards</x:ref> = 1*DIGIT