Changeset 878 for draft-ietf-httpbis/latest/p1-messaging.html
- Timestamp:
- 23/07/10 07:51:18 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.html
r876 r878 1077 1077 --- it is only the authoritative interface used for mapping the namespace that is specific to TCP. 1078 1078 </p> 1079 <p id="rfc.section.2.6.1.p.7">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. The userinfo subcomponent (and its "@" delimiter) <em class="bcp14">MUST NOT</em> be used in an "http" URI. URI reference recipients <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent 1080 is being used to obscure the authority for the sake of phishing attacks. 1081 </p> 1079 1082 <h3 id="rfc.section.2.6.2"><a href="#rfc.section.2.6.2">2.6.2</a> <a id="https.uri" href="#https.uri">https URI scheme</a></h3> 1080 1083 <div id="rfc.iref.h.2"></div> 1081 1084 <div id="rfc.iref.u.4"></div> 1082 1085 <p id="rfc.section.2.6.2.p.1">The "https" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical 1083 namespace governed by a potential HTTP origin server listening for SSL/TLS-secured connections on a given TCP port. The host 1084 and port are determined in the same way as for the "http" scheme, except that a default TCP port of 443 is assumed if the 1085 port subcomponent is empty or not given. 1086 namespace governed by a potential HTTP origin server listening for SSL/TLS-secured connections on a given TCP port. 1087 </p> 1088 <p id="rfc.section.2.6.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default 1089 TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured for privacy through the use of strong encryption prior to sending the first HTTP request. 1086 1090 </p> 1087 1091 <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.35"></span> <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ] 1088 </pre><p id="rfc.section.2.6.2.p.3">The primary difference between the "http" and "https" schemes is that interaction with the latter is required to be secured 1089 for privacy through the use of strong encryption. The URI cannot be sent in a request until the connection is secure. Likewise, 1090 the default for caching is that each response that would be considered "public" under the "http" scheme is instead treated 1091 as "private" and thus not eligible for shared caching. 1092 </p> 1093 <p id="rfc.section.2.6.2.p.4">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>. 1092 </pre><p id="rfc.section.2.6.2.p.4">Unlike the "http" scheme, responses to "https" identified requests are never "public" and thus are ineligible for shared caching. 1093 Their default is "private" and may be further constrained via use of the Cache-Control header field. 1094 </p> 1095 <p id="rfc.section.2.6.2.p.5">Resources made available via the "https" scheme have no shared identity with the "http" scheme even if their resource identifiers 1096 only differ by the single "s" in the scheme name. They are different services governed by different authorities. However, 1097 some extensions to HTTP that apply to entire host domains, such as the Cookie protocol, do allow one service to effect communication 1098 with the other services based on host domain matching. 1099 </p> 1100 <p id="rfc.section.2.6.2.p.6">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>. 1094 1101 </p> 1095 1102 <h3 id="rfc.section.2.6.3"><a href="#rfc.section.2.6.3">2.6.3</a> <a id="uri.comparison" href="#uri.comparison">http and https URI Normalization and Comparison</a></h3> 1096 1103 <p id="rfc.section.2.6.3.p.1">Since the "http" and "https" schemes conform to the URI generic syntax, such URIs are normalized and compared according to 1097 the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.1 5"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme.1104 the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.16"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme. 1098 1105 </p> 1099 1106 <p id="rfc.section.2.6.3.p.2">If the port is equal to the default port for a scheme, the normal form is to elide the port subcomponent. Likewise, an empty 1100 1107 path component is equivalent to an absolute path of "/", so the normal form is to provide a path of "/" instead. The scheme 1101 1108 and host are case-insensitive and normally provided in lowercase; all other components are compared in a case-sensitive manner. 1102 Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.1 6"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them.1109 Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.17"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them. 1103 1110 </p> 1104 1111 <p id="rfc.section.2.6.3.p.3">For example, the following three URIs are equivalent:</p> … … 1357 1364 Host: www.example.org:8001 1358 1365 </pre> <p>after connecting to port 8001 of host "www.example.org".</p> 1359 <p id="rfc.section.4.1.2.p.16">The request-target is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section 2.6.1</a>. If the request-target is percent-encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.1 7"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>), the origin server <em class="bcp14">MUST</em> decode the request-target in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid request-targets with an appropriate status code.1366 <p id="rfc.section.4.1.2.p.16">The request-target is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section 2.6.1</a>. If the request-target is percent-encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.18"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>), the origin server <em class="bcp14">MUST</em> decode the request-target in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid request-targets with an appropriate status code. 1360 1367 </p> 1361 1368 <p id="rfc.section.4.1.2.p.17">A transparent proxy <em class="bcp14">MUST NOT</em> rewrite the "path-absolute" part of the received request-target when forwarding it to the next inbound server, except as noted … … 1374 1381 </p> 1375 1382 <div class="note" id="rfc.section.4.1.2.p.21"> 1376 <p> <b>Note:</b> Fragments (<a href="#RFC3986" id="rfc.xref.RFC3986.1 8"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>) are not part of the request-target and thus will not be transmitted in an HTTP request.1383 <p> <b>Note:</b> Fragments (<a href="#RFC3986" id="rfc.xref.RFC3986.19"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>) are not part of the request-target and thus will not be transmitted in an HTTP request. 1377 1384 </p> 1378 1385 </div> … … 1400 1407 <div id="rfc.iref.e.1"></div> 1401 1408 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a id="effective.request.uri" href="#effective.request.uri">Effective Request URI</a></h2> 1402 <p id="rfc.section.4.3.p.1">HTTP requests often do not carry the absolute URI (<a href="#RFC3986" id="rfc.xref.RFC3986. 19"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>) for the resource they are intended for; instead, the value needs to be inferred from the request-target, Host header and1409 <p id="rfc.section.4.3.p.1">HTTP requests often do not carry the absolute URI (<a href="#RFC3986" id="rfc.xref.RFC3986.20"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>) for the resource they are intended for; instead, the value needs to be inferred from the request-target, Host header and 1403 1410 other context. The result of this process is the "Effective Request URI". 1404 1411 </p> … … 3740 3747 <li class="indline1"><em>RFC2965</em> <a class="iref" href="#rfc.xref.RFC2965.1">3.2</a>, <a class="iref" href="#RFC2965"><b>13.2</b></a></li> 3741 3748 <li class="indline1"><em>RFC3864</em> <a class="iref" href="#rfc.xref.RFC3864.1">10.1</a>, <a class="iref" href="#RFC3864"><b>13.2</b></a></li> 3742 <li class="indline1"><em>RFC3986</em> <a class="iref" href="#rfc.xref.RFC3986.1">1</a>, <a class="iref" href="#rfc.xref.RFC3986.2">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.3">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.4">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.5">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.7">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.8">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.11">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.12">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.15">2.6. 3</a>, <a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.19">4.3</a>, <a class="iref" href="#RFC3986"><b>13.1</b></a><ul class="ind">3743 <li class="indline1"><em>Section 2.1</em> <a class="iref" href="#rfc.xref.RFC3986.1 6">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">4.1.2</a></li>3749 <li class="indline1"><em>RFC3986</em> <a class="iref" href="#rfc.xref.RFC3986.1">1</a>, <a class="iref" href="#rfc.xref.RFC3986.2">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.3">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.4">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.5">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.7">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.8">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.11">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.12">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.15">2.6.1</a>, <a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.17">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.19">4.1.2</a>, <a class="iref" href="#rfc.xref.RFC3986.20">4.3</a>, <a class="iref" href="#RFC3986"><b>13.1</b></a><ul class="ind"> 3750 <li class="indline1"><em>Section 2.1</em> <a class="iref" href="#rfc.xref.RFC3986.17">2.6.3</a>, <a class="iref" href="#rfc.xref.RFC3986.18">4.1.2</a></li> 3744 3751 <li class="indline1"><em>Section 3.2</em> <a class="iref" href="#rfc.xref.RFC3986.8">2.6</a></li> 3752 <li class="indline1"><em>Section 3.2.1</em> <a class="iref" href="#rfc.xref.RFC3986.15">2.6.1</a></li> 3745 3753 <li class="indline1"><em>Section 3.2.2</em> <a class="iref" href="#rfc.xref.RFC3986.13">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.14">2.6.1</a></li> 3746 3754 <li class="indline1"><em>Section 3.2.3</em> <a class="iref" href="#rfc.xref.RFC3986.11">2.6</a></li> 3747 3755 <li class="indline1"><em>Section 3.3</em> <a class="iref" href="#rfc.xref.RFC3986.9">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.10">2.6</a></li> 3748 3756 <li class="indline1"><em>Section 3.4</em> <a class="iref" href="#rfc.xref.RFC3986.12">2.6</a></li> 3749 <li class="indline1"><em>Section 3.5</em> <a class="iref" href="#rfc.xref.RFC3986.1 8">4.1.2</a></li>3757 <li class="indline1"><em>Section 3.5</em> <a class="iref" href="#rfc.xref.RFC3986.19">4.1.2</a></li> 3750 3758 <li class="indline1"><em>Section 4.1</em> <a class="iref" href="#rfc.xref.RFC3986.5">2.6</a></li> 3751 3759 <li class="indline1"><em>Section 4.2</em> <a class="iref" href="#rfc.xref.RFC3986.7">2.6</a></li> 3752 <li class="indline1"><em>Section 4.3</em> <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986. 19">4.3</a></li>3753 <li class="indline1"><em>Section 6</em> <a class="iref" href="#rfc.xref.RFC3986.1 5">2.6.3</a></li>3760 <li class="indline1"><em>Section 4.3</em> <a class="iref" href="#rfc.xref.RFC3986.6">2.6</a>, <a class="iref" href="#rfc.xref.RFC3986.20">4.3</a></li> 3761 <li class="indline1"><em>Section 6</em> <a class="iref" href="#rfc.xref.RFC3986.16">2.6.3</a></li> 3754 3762 </ul> 3755 3763 </li>
Note: See TracChangeset
for help on using the changeset viewer.