Ignore:
Timestamp:
14/09/13 23:59:24 (7 years ago)
Author:
fielding@…
Message:

rephrase misused SHOULDs; addresses #472

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.html

    r2393 r2398  
    15551555         the user agent <em class="bcp14">MUST</em> count the terminating CRLF octets as part of the message body length.
    15561556      </p>
    1557       <p id="rfc.section.3.5.p.2">In the interest of robustness, servers <em class="bcp14">SHOULD</em> ignore at least one empty line received where a request-line is expected. In other words, if a server is reading the protocol
    1558          stream at the beginning of a message and receives a CRLF first, the server <em class="bcp14">SHOULD</em> ignore the CRLF.
     1557      <p id="rfc.section.3.5.p.2">In the interest of robustness, a server that is expecting to receive and parse a request-line <em class="bcp14">SHOULD</em> ignore at least one empty line (CRLF) received prior to the request-line.
    15591558      </p>
    15601559      <p id="rfc.section.3.5.p.3">Although the line terminator for the start-line and header fields is the sequence CRLF, recipients <em class="bcp14">MAY</em> recognize a single LF as a line terminator and ignore any preceding CR.
     
    26442643      <p id="rfc.section.9.3.p.3">This specification also provides a way for servers to reject messages that have request-targets that are too long (<a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 6.5.12</a> of <a href="#Part2" id="rfc.xref.Part2.30"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>) or request entities that are too large (<a href="p2-semantics.html#status.4xx" title="Client Error 4xx">Section 6.5</a> of <a href="#Part2" id="rfc.xref.Part2.31"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). Additional status codes related to capacity limits have been defined by extensions to HTTP <a href="#RFC6585" id="rfc.xref.RFC6585.1"><cite title="Additional HTTP Status Codes">[RFC6585]</cite></a>.
    26452644      </p>
    2646       <p id="rfc.section.9.3.p.4">Recipients <em class="bcp14">SHOULD</em> carefully limit the extent to which they read other fields, including (but not limited to) request methods, response status
    2647          phrases, header field-names, and body chunks, so as to avoid denial of service attacks without impeding interoperability.
     2645      <p id="rfc.section.9.3.p.4">Recipients ought to carefully limit the extent to which they read other fields, including (but not limited to) request methods,
     2646         response status phrases, header field-names, and body chunks, so as to avoid denial of service attacks without impeding interoperability.
    26482647      </p>
    26492648      <h2 id="rfc.section.9.4"><a href="#rfc.section.9.4">9.4</a>&nbsp;<a id="message.integrity" href="#message.integrity">Message Integrity</a></h2>
     
    26702669         needs to be securely stored and appropriate guidelines followed for its analysis. Anonymization of personal information within
    26712670         individual entries helps, but is generally not sufficient to prevent real log traces from being re-identified based on correlation
    2672          with other access characteristics. As such, access traces that are keyed to a specific client should not be published even
    2673          if the key is pseudonymous.
    2674       </p>
    2675       <p id="rfc.section.9.5.p.3">To minimize the risk of theft or accidental publication, log information should be purged of personally identifiable information,
     2671         with other access characteristics. As such, access traces that are keyed to a specific client are unsafe to publish even if
     2672         the key is pseudonymous.
     2673      </p>
     2674      <p id="rfc.section.9.5.p.3">To minimize the risk of theft or accidental publication, log information ought to be purged of personally identifiable information,
    26762675         including user identifiers, IP addresses, and user-provided query parameters, as soon as that information is no longer necessary
    26772676         to support operational needs for security, auditing, or fraud control.
Note: See TracChangeset for help on using the changeset viewer.