Ignore:
Timestamp:
15/01/14 17:14:38 (7 years ago)
Author:
julian.reschke@…
Message:

augment security considerations with pointers to current research (see #549)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p4-conditional.html

    r2531 r2547  
    448448  }
    449449  @bottom-center {
    450        content: "Expires July 7, 2014";
     450       content: "Expires July 19, 2014";
    451451  }
    452452  @bottom-right {
     
    491491      <meta name="dct.creator" content="Reschke, J. F.">
    492492      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p4-conditional-latest">
    493       <meta name="dct.issued" scheme="ISO8601" content="2014-01-03">
     493      <meta name="dct.issued" scheme="ISO8601" content="2014-01-15">
    494494      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    495495      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP/1.1 conditional requests, including metadata header fields for indicating state changes, request header fields for making preconditions on such state, and rules for constructing the responses to a conditional request when one or more preconditions evaluate to false.">
     
    517517            </tr>
    518518            <tr>
    519                <td class="left">Expires: July 7, 2014</td>
    520                <td class="right">January 3, 2014</td>
     519               <td class="left">Expires: July 19, 2014</td>
     520               <td class="right">January 15, 2014</td>
    521521            </tr>
    522522         </tbody>
     
    546546            in progress”.
    547547         </p>
    548          <p>This Internet-Draft will expire on July 7, 2014.</p>
     548         <p>This Internet-Draft will expire on July 19, 2014.</p>
    549549      </div>
    550550      <div id="rfc.copyrightnotice">
     
    13111311            conditional request mechanisms. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
    13121312         </p>
    1313          <p id="rfc.section.8.p.2">The validators defined by this specification are not intended to ensure the validity of a representation, guard against malicious
     1313         <p id="rfc.section.8.p.2">The list of considerations below is not exhaustive — security analysis in an ongoing activity. Various organizations, such
     1314            as the "Open Web Application Security Project" (OWASP, &lt;<a href="https://www.owasp.org/">https://www.owasp.org/</a>&gt;), provide information about current research.
     1315         </p>
     1316         <p id="rfc.section.8.p.3">The validators defined by this specification are not intended to ensure the validity of a representation, guard against malicious
    13141317            changes, or detect man-in-the-middle attacks. At best, they enable more efficient cache updates and optimistic concurrent
    13151318            writes when all participants are behaving nicely. At worst, the conditions will fail and the client will receive a response
    13161319            that is no more harmful than an HTTP exchange without conditional requests.
    13171320         </p>
    1318          <p id="rfc.section.8.p.3">An entity-tag can be abused in ways that create privacy risks. For example, a site might deliberately construct a semantically
     1321         <p id="rfc.section.8.p.4">An entity-tag can be abused in ways that create privacy risks. For example, a site might deliberately construct a semantically
    13191322            invalid entity-tag that is unique to the user or user agent, send it in a cacheable response with a long freshness time, and
    13201323            then read that entity-tag in later conditional requests as a means of re-identifying that user or user agent. Such an identifying
     
    14661469               <li>&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/542">http://tools.ietf.org/wg/httpbis/trac/ticket/542</a>&gt;: "improve introduction of list rule"
    14671470               </li>
     1471               <li>&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/549">http://tools.ietf.org/wg/httpbis/trac/ticket/549</a>&gt;: "augment security considerations with pointers to current research"
     1472               </li>
    14681473            </ul>
    14691474         </div>
Note: See TracChangeset for help on using the changeset viewer.