Context Navigation

← Previous Change
Next Change →

p1-messaging.html

Timestamp:

Jul 23, 2010, 12:51:18 AM (9 years ago)

Author:

fielding@…

Message:

regenerate html

File:

: 1 edited

draft-ietf-httpbis/latest/p1-messaging.html (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

draft-ietf-httpbis/latest/p1-messaging.html

-                      r876
+                      r878
          --- it is only the authoritative interface used for mapping the namespace that is specific to TCP.
       </p>
+      <p id="rfc.section.2.6.1.p.7">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. The userinfo subcomponent (and its "@" delimiter) <em class="bcp14">MUST NOT</em> be used in an "http" URI. URI reference recipients <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent
+         is being used to obscure the authority for the sake of phishing attacks.
+      </p>
       <h3 id="rfc.section.2.6.2"><a href="#rfc.section.2.6.2">2.6.2</a>&nbsp;<a id="https.uri" href="#https.uri">https URI scheme</a></h3>
       <div id="rfc.iref.h.2"></div>
       <div id="rfc.iref.u.4"></div>
       <p id="rfc.section.2.6.2.p.1">The "https" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
+         namespace governed by a potential HTTP origin server listening for SSL/TLS-secured connections on a given TCP port. The host
+         and port are determined in the same way as for the "http" scheme, except that a default TCP port of 443 is assumed if the
+         port subcomponent is empty or not given.
+         namespace governed by a potential HTTP origin server listening for SSL/TLS-secured connections on a given TCP port.
+      </p>
+      <p id="rfc.section.2.6.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default
+         TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured for privacy through the use of strong encryption prior to sending the first HTTP request.
       </p>
       <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.35"></span>  <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
+</pre><p id="rfc.section.2.6.2.p.3">The primary difference between the "http" and "https" schemes is that interaction with the latter is required to be secured
+         for privacy through the use of strong encryption. The URI cannot be sent in a request until the connection is secure. Likewise,
+         the default for caching is that each response that would be considered "public" under the "http" scheme is instead treated
+         as "private" and thus not eligible for shared caching.
+      </p>
+      <p id="rfc.section.2.6.2.p.4">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>.
+</pre><p id="rfc.section.2.6.2.p.4">Unlike the "http" scheme, responses to "https" identified requests are never "public" and thus are ineligible for shared caching.
+         Their default is "private" and may be further constrained via use of the Cache-Control header field.
+      </p>
+      <p id="rfc.section.2.6.2.p.5">Resources made available via the "https" scheme have no shared identity with the "http" scheme even if their resource identifiers
+         only differ by the single "s" in the scheme name. They are different services governed by different authorities. However,
+         some extensions to HTTP that apply to entire host domains, such as the Cookie protocol, do allow one service to effect communication
+         with the other services based on host domain matching.
+      </p>
+      <p id="rfc.section.2.6.2.p.6">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>.
       </p>
       <h3 id="rfc.section.2.6.3"><a href="#rfc.section.2.6.3">2.6.3</a>&nbsp;<a id="uri.comparison" href="#uri.comparison">http and https URI Normalization and Comparison</a></h3>
       <p id="rfc.section.2.6.3.p.1">Since the "http" and "https" schemes conform to the URI generic syntax, such URIs are normalized and compared according to
          the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme.
+         the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.16"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme.
       </p>
       <p id="rfc.section.2.6.3.p.2">If the port is equal to the default port for a scheme, the normal form is to elide the port subcomponent. Likewise, an empty
          path component is equivalent to an absolute path of "/", so the normal form is to provide a path of "/" instead. The scheme
          and host are case-insensitive and normally provided in lowercase; all other components are compared in a case-sensitive manner.
          Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.16"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them.
+         Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.17"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them.
       </p>
       <p id="rfc.section.2.6.3.p.3">For example, the following three URIs are equivalent:</p>
 …
 Host: www.example.org:8001
 </pre>  <p>after connecting to port 8001 of host "www.example.org".</p>
       <p id="rfc.section.4.1.2.p.16">The request-target is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section&nbsp;2.6.1</a>. If the request-target is percent-encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.17"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>), the origin server <em class="bcp14">MUST</em> decode the request-target in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid request-targets with an appropriate status code.
+      <p id="rfc.section.4.1.2.p.16">The request-target is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section&nbsp;2.6.1</a>. If the request-target is percent-encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.18"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>), the origin server <em class="bcp14">MUST</em> decode the request-target in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid request-targets with an appropriate status code.
       </p>
       <p id="rfc.section.4.1.2.p.17">A transparent proxy <em class="bcp14">MUST NOT</em> rewrite the "path-absolute" part of the received request-target when forwarding it to the next inbound server, except as noted
 …
       </p>
       <div class="note" id="rfc.section.4.1.2.p.21">
          <p> <b>Note:</b> Fragments (<a href="#RFC3986" id="rfc.xref.RFC3986.18"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>) are not part of the request-target and thus will not be transmitted in an HTTP request.
+         <p> <b>Note:</b> Fragments (<a href="#RFC3986" id="rfc.xref.RFC3986.19"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>) are not part of the request-target and thus will not be transmitted in an HTTP request.
          </p>
       </div>
 …
       <div id="rfc.iref.e.1"></div>
       <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;<a id="effective.request.uri" href="#effective.request.uri">Effective Request URI</a></h2>
       <p id="rfc.section.4.3.p.1">HTTP requests often do not carry the absolute URI (<a href="#RFC3986" id="rfc.xref.RFC3986.19"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>) for the resource they are intended for; instead, the value needs to be inferred from the request-target, Host header and
+      <p id="rfc.section.4.3.p.1">HTTP requests often do not carry the absolute URI (<a href="#RFC3986" id="rfc.xref.RFC3986.20"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>) for the resource they are intended for; instead, the value needs to be inferred from the request-target, Host header and
          other context. The result of this process is the "Effective Request URI".
       </p>
 …
                   <li class="indline1"><em>RFC2965</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2965.1">3.2</a>, <a class="iref" href="#RFC2965"><b>13.2</b></a></li>
                   <li class="indline1"><em>RFC3864</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3864.1">10.1</a>, <a class="iref" href="#RFC3864"><b>13.2</b></a></li>
                   <li class="indline1"><em>RFC3986</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.1">1</a>, <a class="iref" href="#rfc.xref.RFC3986.2">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.3">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.4">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.5">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.7">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.8">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.11">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.12">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.15">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.19">4.3</a>, <a class="iref" href="#RFC3986"><b>13.1</b></a><ul class="ind">
                         <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">4.1.2</a></li>
+                  <li class="indline1"><em>RFC3986</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.1">1</a>, <a class="iref" href="#rfc.xref.RFC3986.2">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.3">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.4">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.5">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.7">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.8">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.11">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.12">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.15">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.19">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.20">4.3</a>, <a class="iref" href="#RFC3986"><b>13.1</b></a><ul class="ind">
+                        <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.17">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a></li>
                         <li class="indline1"><em>Section 3.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.8">2.6</a></li>
+                        <li class="indline1"><em>Section 3.2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.15">2.6.1</a></li>
                         <li class="indline1"><em>Section 3.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a></li>
                         <li class="indline1"><em>Section 3.2.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.11">2.6</a></li>
                         <li class="indline1"><em>Section 3.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a></li>
                         <li class="indline1"><em>Section 3.4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.12">2.6</a></li>
                         <li class="indline1"><em>Section 3.5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a></li>
+                        <li class="indline1"><em>Section 3.5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.19">4.1.2</a></li>
                         <li class="indline1"><em>Section 4.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.5">2.6</a></li>
                         <li class="indline1"><em>Section 4.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.7">2.6</a></li>
                         <li class="indline1"><em>Section 4.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.19">4.3</a></li>
                         <li class="indline1"><em>Section 6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.15">2.6.3</a></li>
+                        <li class="indline1"><em>Section 4.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.20">4.3</a></li>
+                        <li class="indline1"><em>Section 6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a></li>
                      </ul>
                   </li>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 878 for draft-ietf-httpbis/latest/p1-messaging.html

Legend:

draft-ietf-httpbis/latest/p1-messaging.html

Download in other formats: