Changeset 209 for draft-ietf-httpbis/latest/p3-payload.xml

Timestamp:

Feb 12, 2008, 5:46:02 AM (12 years ago)

Author:

julian.reschke@…

Message:

Remove character set defaulting for text media types (to be done: add security considerations WRT charset sniffing); relates to #20.

File:

• draft-ietf-httpbis/latest/p3-payload.xml (modified) (5 diffs)

draft-ietf-httpbis/latest/p3-payload.xml

@@ -348 +348 @@
    <xref target="RFC2277"/>.
 </t>
-
-<section title="Missing Charset" anchor="missing.charset">
-<t>
-   Some HTTP/1.0 software has interpreted a Content-Type header without
-   charset parameter incorrectly to mean "recipient should guess."
-   Senders wishing to defeat this behavior &MAY; include a charset
-   parameter even when the charset is ISO-8859-1 (<xref target="ISO-8859-1"/>) and &SHOULD; do so when
-   it is known that it will not confuse the recipient.
-</t>
-<t>
-   Unfortunately, some older HTTP/1.0 clients did not deal properly with
-   an explicit charset parameter. HTTP/1.1 recipients &MUST; respect the
-   charset label provided by the sender; and those user agents that have
-   a provision to "guess" a charset &MUST; use the charset from the
-   content-type field if they support that charset, rather than the
-   recipient's preference, when initially displaying a document. See
-   <xref target="canonicalization.and.text.defaults"/>.
-</t>
-</section>
 </section>
 
@@ -514 +495 @@
 </t>
 <t>
-   The "charset" parameter is used with some media types to define the
-   character set (<xref target="character.sets"/>) of the data. When no explicit charset
-   parameter is provided by the sender, media subtypes of the "text"
-   type are defined to have a default charset value of "ISO-8859-1" when
-   received via HTTP. Data in character sets other than "ISO-8859-1" or
-   its subsets &MUST; be labeled with an appropriate charset value. See
-   <xref target="missing.charset"/> for compatibility problems.
+   HTTP/1.1 recipients &MUST; respect the    charset label provided by the
+   sender; and those user agents that have a provision to "guess" a charset
+   &MUST; use the charset from the content-type field if they support that
+   charset, rather than the recipient's preference, when initially displaying
+   a document.
 </t>
 </section>
@@ -1454 +1433 @@
    some suggestions for reducing security risks.
 </t>
+<t>
+  <cref anchor="sec.charset.sniffing">
+    Point out the risks related to character set sniffing, in particular for
+    UTF-7. See <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/20#comment:4"/>.
+  </cref>
+</t>
 
 <section title="Privacy Issues Connected to Accept Headers" anchor="privacy.issues.connected.to.accept.headers">
@@ -2367 +2352 @@
   Clarify contexts that charset is used in.
   (<xref target="character.sets"/>)
+</t>
+<t>
+  Remove character set defaulting for text media types.
+  (<xref target="canonicalization.and.text.defaults"/>)
 </t>
 <t>
@@ -2441 +2430 @@
 <section title="Since draft-ietf-httpbis-p3-payload-01">
 <t>
+  Ongoing work on text media type charset defaults (<eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/20"/>):
+  <list style="symbols"> 
+    <t>
+      Remove the ISO-8859-1 default.
+    </t>
+  </list>
+</t>
+<t>
   Ongoing work on ABNF conversion (<eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36"/>):
   <list style="symbols">