Internet DRAFT - draft-kucherawy-httpbis-summary
draft-kucherawy-httpbis-summary
HTTPBIS Working Group M. Kucherawy, Ed.
Internet-Draft Cloudmark, Inc.
Intended status: Standards Track March 27, 2012
Expires: September 28, 2012
A Guide to the HTTP/1.1 Document Series
draft-kucherawy-httpbis-summary-01
Abstract
This document introduces a series of documents that comprise the
definition of HTTP/1.1, providing a short summary of the content of
each of those.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 28, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Kucherawy Expires September 28, 2012 [Page 1]
�
Internet-Draft HTTP/1.1 Document Series March 2012
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Part 1: URIs, Connections, and Message Parsing . . . . . . 3
2.2. Part 2: Message Semantics . . . . . . . . . . . . . . . . . 4
2.3. Part 3: Message Payload and Content Negotiation . . . . . . 5
2.4. Part 4: Conditional Requests . . . . . . . . . . . . . . . 6
2.5. Part 5: Range Requests and Partial Responses . . . . . . . 6
2.6. Part 6: Caching . . . . . . . . . . . . . . . . . . . . . . 7
2.7. Part 7: Authentication . . . . . . . . . . . . . . . . . . 7
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 8
5. Informative References . . . . . . . . . . . . . . . . . . . . 8
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 9
Kucherawy Expires September 28, 2012 [Page 2]
�
Internet-Draft HTTP/1.1 Document Series March 2012
1. Introduction
This document summarizes the series of documents comprising the
definition of HTTP/1.1. A synopsis of each document is provided, as
well as an enumeration of the key definitions (and, thus, their
corresponding IANA actions) and security topics each one contains.
This is intended to serve as a super table of contents for the
series.
Future documents wishing to make general reference to HTTP/1.1 should
refer to this document and not each document in the series.
2. Documents
2.1. Part 1: URIs, Connections, and Message Parsing
Part 1 ([HTTP-PART-1]) provides an overview of HTTP and its
associated terminology, defines the "http" and "https" Uniform
Resource Identifier (URI) schemes, defines the generic message syntax
and parsing requirements for HTTP message frames, and describes
general security concerns for implementations.
IANA actions in this document:
o Registration of the following HTTP-specific header fields:
* Close
* Connection
* Content-Length
* Host
* TE
* Trailer
* Transfer-Encoding
* Upgrade
* Via
o Registration of the "http" and "https" URI schemes
o Registration of the "message/http" and "application/http" media
types
Kucherawy Expires September 28, 2012 [Page 3]
�
Internet-Draft HTTP/1.1 Document Series March 2012
o Creates the HTTP Transfer Coding Registry and creates its initial
entries
o Creates the HTTP Upgrade Token Registry and creates its initial
entries
Security considerations include:
o Personal information
o Abuse of server log information
o Attacks based on file and path names
o DNS-related attacks
o Intermediaries and caching
o Protocol element size overflows
2.2. Part 2: Message Semantics
Part 2 ([HTTP-PART-2]) defines the semantics of HTTP messages as
expressed by request methods, request header fields, response status
codes, and response header fields.
IANA actions in this document:
o Creation of the HTTP Request Method Registry and registration of
its initial entries
o Creation of the HTTP Status Code Registry and registration of its
initial entries
o Registration of the following HTTP-specific header fields:
* Allow
* Date
* Expect
* From
* Location
* Max-Forwards
Kucherawy Expires September 28, 2012 [Page 4]
�
Internet-Draft HTTP/1.1 Document Series March 2012
* Referer
* Server
* User-Agent
Security considerations include:
o Transfer of sensitive information
o Encoding sensitive information in URIs
o Location header fields: spoofing an information leakage
o Issuse with the CONNECT method
2.3. Part 3: Message Payload and Content Negotiation
Part 3 ([HTTP-PART-3]) defines HTTP message content, metadata, and
content negotiation.
IANA actions in this document:
o Registration of the following HTTP-specific header fields:
* Accept
* Accept-Charset
* Accept-Encoding
* Accept-Language
* Content-Encoding
* Content-Language
* Content-Location
* Content-Type
* MIME-Version
o Creates the HTTP Content Codings registry and defines its initial
values
Security considerations include:
Kucherawy Expires September 28, 2012 [Page 5]
�
Internet-Draft HTTP/1.1 Document Series March 2012
o Privacy issues connected to Accept header fields
2.4. Part 4: Conditional Requests
Part 4 ([HTTP-PART-4]) defines request header fields for indicating
conditional requests and the rules for constructing responses to
those requests.
IANA actions in this document:
o Registration of the following HTTP Status Codes:
* 304: Not Modified
* 412: Precondition Failed
o Registration of the following HTTP-specific header fields:
* ETag
* If-Match
* If-Modified-Since
* If-None-Match
* If-Unmodified-Since
* Last-Modified
2.5. Part 5: Range Requests and Partial Responses
Part 5 ([HTTP-PART-5]) defines range-specific requests and the rules
for constructing and combining responses to those requests.
IANA actions in this document:
o Registration of the following HTTP Status Codes:
* 206: Partial Content
* 416: Requested Range Not Satisfiable
o Registration of the following HTTP-specific header fields:
* Accept-Ranges
Kucherawy Expires September 28, 2012 [Page 6]
�
Internet-Draft HTTP/1.1 Document Series March 2012
* Content-Range
* If-Range
* Range
o Creates the HTTP Range Specifiers registry and its initial entry
Security considerations include:
o Overlapping ranges
2.6. Part 6: Caching
Part 6 ([HTTP-PART-6]) defines requirements on HTTP caches and the
associated header fields that control cache behavior or indicate
cacheable response messages.
IANA actions in this document:
o Creates the HTTP Cache Directives registry and its initial entries
o Creates the HTTP Warn Codes registry and its initial entries
o Registration of the following HTTP-specific header fields:
* Age
* Cache-Control
* Expires
* Pragma
* Vary
* Warning
Security considerations include:
o General discussion of security issues related to caching
2.7. Part 7: Authentication
Part 7 ([HTTP-PART-7]) defines the HTTP Authentication framework.
IANA actions in this document:
Kucherawy Expires September 28, 2012 [Page 7]
�
Internet-Draft HTTP/1.1 Document Series March 2012
o Creates the HTTP Authenticaton Schemes registry
o Registration of the following HTTP Status Codes:
* 401: Unauthorized
* 407: Proxy Authentication Required
o Registration of the following HTTP-specific header fields:
* Authorization
* Proxy-Authenticate
* Proxy-Authorization
* WWW-Authenticate
Security considerations include:
o Authentication credentials and idle clients
3. IANA Considerations
This document includes no actions for IANA.
4. Security Considerations
This document neither introduces nor modifies any protocol and as
such has no security implications.
5. Informative References
[HTTP-PART-1] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 1: URIs, Connections, and Message
Parsing", draft-ietf-httpbis-p1-messaging (work in
progress), March 2012.
[HTTP-PART-2] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 2: Message Semantics",
draft-ietf-httpbis-p2-semantics (work in progress),
March 2012.
[HTTP-PART-3] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 3: Message Payload and Content
Negotiation", draft-ietf-httpbis-p3-payload (work in
progress), March 2012.
Kucherawy Expires September 28, 2012 [Page 8]
�
Internet-Draft HTTP/1.1 Document Series March 2012
[HTTP-PART-4] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 4: Conditional Requests",
draft-ietf-httpbis-p4-conditional (work in progress),
March 2012.
[HTTP-PART-5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 5: Range Requests and Partial
Responses", draft-ietf-httpbis-p5-range (work in
progress), March 2012.
[HTTP-PART-6] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 6: Caching",
draft-ietf-httpbis-p6-cache (work in progress),
March 2012.
[HTTP-PART-7] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
Ed., "HTTP/1.1, part 7: Authentication",
draft-ietf-httpbis-p7-auth (work in progress),
March 2012.
Appendix A. Acknowledgements
The author wishes to acknowledge the following for their input to
this document: (names)
Author's Address
Murray S. Kucherawy (editor)
Cloudmark, Inc.
128 King St., 2nd Floor
San Francisco, CA 94107
US
Phone: +1 415 946 3800
EMail: msk@cloudmark.com
Kucherawy Expires September 28, 2012 [Page 9]
�
