HTTPBIS Working Group M. Kucherawy, Ed. Internet-Draft Cloudmark, Inc. Intended status: Standards Track March 27, 2012 Expires: September 28, 2012 A Guide to the HTTP/1.1 Document Series draft-kucherawy-httpbis-summary-01 Abstract This document introduces a series of documents that comprise the definition of HTTP/1.1, providing a short summary of the content of each of those. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 28, 2012. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Kucherawy Expires September 28, 2012 [Page 1] Internet-Draft HTTP/1.1 Document Series March 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Part 1: URIs, Connections, and Message Parsing . . . . . . 3 2.2. Part 2: Message Semantics . . . . . . . . . . . . . . . . . 4 2.3. Part 3: Message Payload and Content Negotiation . . . . . . 5 2.4. Part 4: Conditional Requests . . . . . . . . . . . . . . . 6 2.5. Part 5: Range Requests and Partial Responses . . . . . . . 6 2.6. Part 6: Caching . . . . . . . . . . . . . . . . . . . . . . 7 2.7. Part 7: Authentication . . . . . . . . . . . . . . . . . . 7 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 5. Informative References . . . . . . . . . . . . . . . . . . . . 8 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 9 Kucherawy Expires September 28, 2012 [Page 2] Internet-Draft HTTP/1.1 Document Series March 2012 1. Introduction This document summarizes the series of documents comprising the definition of HTTP/1.1. A synopsis of each document is provided, as well as an enumeration of the key definitions (and, thus, their corresponding IANA actions) and security topics each one contains. This is intended to serve as a super table of contents for the series. Future documents wishing to make general reference to HTTP/1.1 should refer to this document and not each document in the series. 2. Documents 2.1. Part 1: URIs, Connections, and Message Parsing Part 1 ([HTTP-PART-1]) provides an overview of HTTP and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the generic message syntax and parsing requirements for HTTP message frames, and describes general security concerns for implementations. IANA actions in this document: o Registration of the following HTTP-specific header fields: * Close * Connection * Content-Length * Host * TE * Trailer * Transfer-Encoding * Upgrade * Via o Registration of the "http" and "https" URI schemes o Registration of the "message/http" and "application/http" media types Kucherawy Expires September 28, 2012 [Page 3] Internet-Draft HTTP/1.1 Document Series March 2012 o Creates the HTTP Transfer Coding Registry and creates its initial entries o Creates the HTTP Upgrade Token Registry and creates its initial entries Security considerations include: o Personal information o Abuse of server log information o Attacks based on file and path names o DNS-related attacks o Intermediaries and caching o Protocol element size overflows 2.2. Part 2: Message Semantics Part 2 ([HTTP-PART-2]) defines the semantics of HTTP messages as expressed by request methods, request header fields, response status codes, and response header fields. IANA actions in this document: o Creation of the HTTP Request Method Registry and registration of its initial entries o Creation of the HTTP Status Code Registry and registration of its initial entries o Registration of the following HTTP-specific header fields: * Allow * Date * Expect * From * Location * Max-Forwards Kucherawy Expires September 28, 2012 [Page 4] Internet-Draft HTTP/1.1 Document Series March 2012 * Referer * Server * User-Agent Security considerations include: o Transfer of sensitive information o Encoding sensitive information in URIs o Location header fields: spoofing an information leakage o Issuse with the CONNECT method 2.3. Part 3: Message Payload and Content Negotiation Part 3 ([HTTP-PART-3]) defines HTTP message content, metadata, and content negotiation. IANA actions in this document: o Registration of the following HTTP-specific header fields: * Accept * Accept-Charset * Accept-Encoding * Accept-Language * Content-Encoding * Content-Language * Content-Location * Content-Type * MIME-Version o Creates the HTTP Content Codings registry and defines its initial values Security considerations include: Kucherawy Expires September 28, 2012 [Page 5] Internet-Draft HTTP/1.1 Document Series March 2012 o Privacy issues connected to Accept header fields 2.4. Part 4: Conditional Requests Part 4 ([HTTP-PART-4]) defines request header fields for indicating conditional requests and the rules for constructing responses to those requests. IANA actions in this document: o Registration of the following HTTP Status Codes: * 304: Not Modified * 412: Precondition Failed o Registration of the following HTTP-specific header fields: * ETag * If-Match * If-Modified-Since * If-None-Match * If-Unmodified-Since * Last-Modified 2.5. Part 5: Range Requests and Partial Responses Part 5 ([HTTP-PART-5]) defines range-specific requests and the rules for constructing and combining responses to those requests. IANA actions in this document: o Registration of the following HTTP Status Codes: * 206: Partial Content * 416: Requested Range Not Satisfiable o Registration of the following HTTP-specific header fields: * Accept-Ranges Kucherawy Expires September 28, 2012 [Page 6] Internet-Draft HTTP/1.1 Document Series March 2012 * Content-Range * If-Range * Range o Creates the HTTP Range Specifiers registry and its initial entry Security considerations include: o Overlapping ranges 2.6. Part 6: Caching Part 6 ([HTTP-PART-6]) defines requirements on HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages. IANA actions in this document: o Creates the HTTP Cache Directives registry and its initial entries o Creates the HTTP Warn Codes registry and its initial entries o Registration of the following HTTP-specific header fields: * Age * Cache-Control * Expires * Pragma * Vary * Warning Security considerations include: o General discussion of security issues related to caching 2.7. Part 7: Authentication Part 7 ([HTTP-PART-7]) defines the HTTP Authentication framework. IANA actions in this document: Kucherawy Expires September 28, 2012 [Page 7] Internet-Draft HTTP/1.1 Document Series March 2012 o Creates the HTTP Authenticaton Schemes registry o Registration of the following HTTP Status Codes: * 401: Unauthorized * 407: Proxy Authentication Required o Registration of the following HTTP-specific header fields: * Authorization * Proxy-Authenticate * Proxy-Authorization * WWW-Authenticate Security considerations include: o Authentication credentials and idle clients 3. IANA Considerations This document includes no actions for IANA. 4. Security Considerations This document neither introduces nor modifies any protocol and as such has no security implications. 5. Informative References [HTTP-PART-1] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, and Message Parsing", draft-ietf-httpbis-p1-messaging (work in progress), March 2012. [HTTP-PART-2] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 2: Message Semantics", draft-ietf-httpbis-p2-semantics (work in progress), March 2012. [HTTP-PART-3] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload and Content Negotiation", draft-ietf-httpbis-p3-payload (work in progress), March 2012. Kucherawy Expires September 28, 2012 [Page 8] Internet-Draft HTTP/1.1 Document Series March 2012 [HTTP-PART-4] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional Requests", draft-ietf-httpbis-p4-conditional (work in progress), March 2012. [HTTP-PART-5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and Partial Responses", draft-ietf-httpbis-p5-range (work in progress), March 2012. [HTTP-PART-6] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", draft-ietf-httpbis-p6-cache (work in progress), March 2012. [HTTP-PART-7] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication", draft-ietf-httpbis-p7-auth (work in progress), March 2012. Appendix A. Acknowledgements The author wishes to acknowledge the following for their input to this document: (names) Author's Address Murray S. Kucherawy (editor) Cloudmark, Inc. 128 King St., 2nd Floor San Francisco, CA 94107 US Phone: +1 415 946 3800 EMail: msk@cloudmark.com Kucherawy Expires September 28, 2012 [Page 9]