Changeset 978 for draft-ietf-httpbis/orig/rfc2818.html
- Timestamp:
- 04/08/10 15:03:20 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/orig/rfc2818.html
r598 r978 37 37 } 38 38 39 dl.empty dd { 39 ul.empty { 40 list-style-type: none; 41 } 42 ul.empty li { 40 43 margin-top: .5em; 41 44 } … … 118 121 } 119 122 table.header { 123 border-spacing: 1px; 120 124 width: 95%; 121 125 font-size: 10pt; … … 129 133 white-space: nowrap; 130 134 } 131 t d.header{135 table.header td { 132 136 background-color: gray; 133 137 width: 50%; … … 185 189 margin-left: 0em; 186 190 margin-right: 0em; 191 } 192 .avoidbreak { 193 page-break-inside: avoid; 187 194 } 188 195 .bcp14 { … … 323 330 <link rel="Alternate" title="Authorative ASCII Version" href="http://www.ietf.org/rfc/rfc2818.txt"> 324 331 <link rel="Help" title="Additional Information on tools.ietf.org" href="http://tools.ietf.org/html/rfc2818"> 325 <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.438, 2009-05-27 13:34:05, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/"> 326 <link rel="schema.DC" href="http://purl.org/dc/elements/1.1/"> 327 <meta name="DC.Creator" content="Rescorla, E."> 328 <meta name="DC.Identifier" content="urn:ietf:rfc:2818"> 329 <meta name="DC.Date.Issued" scheme="ISO8601" content="2000-05"> 330 <meta name="DC.Description.Abstract" content="This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP [RFC2817]."> 331 <meta name="DC.isPartOf" content="urn:ISSN:2070-1721"> 332 <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.520, 2010-07-14 12:36:35, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/"> 333 <link rel="schema.dct" href="http://purl.org/dc/terms/"> 334 <meta name="dct.creator" content="Rescorla, E."> 335 <meta name="dct.identifier" content="urn:ietf:rfc:2818"> 336 <meta name="dct.issued" scheme="ISO8601" content="2000-05"> 337 <meta name="dct.abstract" content="This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP [RFC2817]."> 338 <meta name="dct.isPartOf" content="urn:issn:2070-1721"> 339 <meta name="description" content="This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP [RFC2817]."> 332 340 </head> 333 341 <body> 334 <table summary="header information" class="header" border="0" cellpadding="1" cellspacing="1"> 335 <tr> 336 <td class="header left">Network Working Group</td> 337 <td class="header right">E. Rescorla</td> 338 </tr> 339 <tr> 340 <td class="header left">Request for Comments: 2818</td> 341 <td class="header right">RTFM, Inc.</td> 342 </tr> 343 <tr> 344 <td class="header left">Category: Informational</td> 345 <td class="header right">May 2000</td> 346 </tr> 342 <table class="header"> 343 <tbody> 344 <tr> 345 <td class="left">Network Working Group</td> 346 <td class="right">E. Rescorla</td> 347 </tr> 348 <tr> 349 <td class="left">Request for Comments: 2818</td> 350 <td class="right">RTFM, Inc.</td> 351 </tr> 352 <tr> 353 <td class="left">Category: Informational</td> 354 <td class="right">May 2000</td> 355 </tr> 356 </tbody> 347 357 </table> 348 358 <p class="title">HTTP Over TLS</p> … … 385 395 <li class="tocline0"><a href="#rfc.authors">Author's Address</a></li> 386 396 <li class="tocline0">A. <a href="#rfc.section.A">Security Considerations</a></li> 397 <li class="tocline0"><a href="#rfc.index">Index</a></li> 387 398 <li class="tocline0"><a href="#rfc.ipr">Intellectual Property and Copyright Statements</a></li> 388 <li class="tocline0"><a href="#rfc.index">Index</a></li>389 399 </ul> 390 400 <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a> Introduction … … 426 436 not show in the HTTP protocol data; two cases in particular deserve special note: 427 437 </p> 428 < dl class="empty">429 < dd>A HTTP response without a Content-Length header. Since data length in this situation is signalled by connection close a premature438 <ul class="empty"> 439 <li>A HTTP response without a Content-Length header. Since data length in this situation is signalled by connection close a premature 430 440 close generated by the server cannot be distinguished from a spurious close generated by an attacker. 431 </ dd>432 < dd>A HTTP response with a valid Content-Length header closed before all data has been read. Because TLS does not provide document441 </li> 442 <li>A HTTP response with a valid Content-Length header closed before all data has been read. Because TLS does not provide document 433 443 oriented protection, it is impossible to determine whether the server has miscomputed the Content-Length or an attacker has 434 444 truncated the connection. 435 </ dd>436 </ dl>445 </li> 446 </ul> 437 447 <p id="rfc.section.2.2.1.p.3">There is one exception to the above rule. When encountering a premature close, a client <em class="bcp14">SHOULD</em> treat as completed all requests for which it has received as much data as specified in the Content-Length header. 438 448 </p> … … 511 521 <h1 id="rfc.references"><a href="#rfc.section.4" id="rfc.section.4">4.</a> References 512 522 </h1> 513 <table summary="References">523 <table> 514 524 <tr> 515 525 <td class="reference"><b id="RFC2459">[RFC2459]</b></td> … … 532 542 </td> 533 543 </tr> 534 <!--WARNING: unused reference 'RFC2817'-->535 544 <tr> 536 545 <td class="reference"><b id="RFC2817">[RFC2817]</b></td> … … 539 548 </tr> 540 549 </table> 541 <h1 id="rfc.authors"><a href="#rfc.authors">Author's Address</a></h1> 542 <address class="vcard"><span class="vcardline"><span class="fn">Eric Rescorla</span><span class="n hidden"><span class="family-name">Rescorla</span><span class="given-name">Eric</span></span></span><span class="org vcardline">RTFM, Inc.</span><span class="adr"><span class="street-address vcardline">30 Newell Road, #16</span><span class="vcardline"><span class="locality">East Palo Alto</span>, <span class="region">CA</span> <span class="postal-code">94303</span></span></span><span class="vcardline tel">Phone: <a href="tel:(650)328-8631"><span class="value">(650) 328-8631</span></a></span><span class="vcardline">Email: <a href="mailto:ekr@rtfm.com"><span class="email">ekr@rtfm.com</span></a></span></address> 543 <h1 id="rfc.section.A"><a href="#rfc.section.A">A.</a> Security Considerations 550 <div class="avoidbreak"> 551 <h1 id="rfc.authors"><a href="#rfc.authors">Author's Address</a></h1> 552 <address class="vcard"><span class="vcardline"><span class="fn">Eric Rescorla</span><span class="n hidden"><span class="family-name">Rescorla</span><span class="given-name">Eric</span></span></span><span class="org vcardline">RTFM, Inc.</span><span class="adr"><span class="street-address vcardline">30 Newell Road, #16</span><span class="vcardline"><span class="locality">East Palo Alto</span>, <span class="region">CA</span> <span class="postal-code">94303</span></span></span><span class="vcardline tel">Phone: <a href="tel:(650)328-8631"><span class="value">(650) 328-8631</span></a></span><span class="vcardline">Email: <a href="mailto:ekr@rtfm.com"><span class="email">ekr@rtfm.com</span></a></span></address> 553 </div> 554 <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a> Security Considerations 544 555 </h1> 545 556 <p id="rfc.section.A.p.1">This entire document is about security.</p> 546 <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1>547 <p>Copyright © The Internet Society (2000). All Rights Reserved.</p>548 <p>This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise549 explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without550 restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative551 works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references552 to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards553 in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to554 translate it into languages other than English.555 </p>556 <p>The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.</p>557 <p>This document and the information contained herein is provided on an “AS IS” basis and THE INTERNET SOCIETY AND THE INTERNET558 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE559 OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR560 PURPOSE.561 </p>562 <h1><a id="rfc.ipr" href="#rfc.ipr">Intellectual Property</a></h1>563 <p>The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed564 to pertain to the implementation or use of the technology described in this document or the extent to which any license under565 such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights.566 Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be567 found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available,568 or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors569 or users of this specification can be obtained from the IETF Secretariat.570 </p>571 <p>The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary572 rights which may cover technology that may be required to practice this standard. Please address the information to the IETF573 Executive Director.574 </p>575 <h1>Acknowledgement</h1>576 <p>Funding for the RFC Editor function is currently provided by the Internet Society.</p>577 557 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 578 558 <p class="noprint"><a href="#rfc.index.H">H</a> <a href="#rfc.index.U">U</a> … … 594 574 </ul> 595 575 </div> 576 <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1> 577 <p>Copyright © The Internet Society (2000). All Rights Reserved.</p> 578 <p>This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise 579 explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without 580 restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative 581 works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references 582 to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards 583 in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to 584 translate it into languages other than English. 585 </p> 586 <p>The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.</p> 587 <p>This document and the information contained herein is provided on an “AS IS” basis and THE INTERNET SOCIETY AND THE INTERNET 588 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE 589 OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR 590 PURPOSE. 591 </p> 592 <h1><a id="rfc.ipr" href="#rfc.ipr">Intellectual Property</a></h1> 593 <p>The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed 594 to pertain to the implementation or use of the technology described in this document or the extent to which any license under 595 such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. 596 Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be 597 found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, 598 or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors 599 or users of this specification can be obtained from the IETF Secretariat. 600 </p> 601 <p>The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary 602 rights which may cover technology that may be required to practice this standard. Please address the information to the IETF 603 Executive Director. 604 </p> 605 <h1>Acknowledgement</h1> 606 <p>Funding for the RFC Editor function is currently provided by the Internet Society.</p> 596 607 </body> 597 608 </html>
Note: See TracChangeset
for help on using the changeset viewer.