| < draft-ietf-httpbis-security-properties-02.txt | draft-ietf-httpbis-security-properties-03.txt > | |||
|---|---|---|---|---|
| Network Working Group P. Hoffman | Network Working Group P. Hoffman | |||
| Internet-Draft VPN Consortium | Internet-Draft VPN Consortium | |||
| Intended status: Informational A. Melnikov | Intended status: Informational A. Melnikov | |||
| Expires: January 14, 2009 Isode Ltd. | Expires: September 8, 2009 Isode Ltd. | |||
| July 13, 2008 | March 7, 2009 | |||
| Security Requirements for HTTP | Security Requirements for HTTP | |||
| draft-ietf-httpbis-security-properties-02 | draft-ietf-httpbis-security-properties-03 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | This Internet-Draft is submitted to IETF in full conformance with the | |||
| applicable patent or other IPR claims of which he or she is aware | provisions of BCP 78 and BCP 79. This document may contain material | |||
| have been or will be disclosed, and any of which he or she becomes | from IETF Documents or IETF Contributions published or made publicly | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | ||||
| Trust the right to allow modifications of such material outside the | ||||
| IETF Standards Process. Without obtaining an adequate license from | ||||
| the person(s) controlling the copyright in such materials, this | ||||
| document may not be modified outside the IETF Standards Process, and | ||||
| derivative works of it may not be created outside the IETF Standards | ||||
| Process, except to format it for publication as an RFC or to | ||||
| translate it into languages other than English. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on January 14, 2009. | This Internet-Draft will expire on September 8, 2009. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2008). | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | ||||
| This document is subject to BCP 78 and the IETF Trust's Legal | ||||
| Provisions Relating to IETF Documents in effect on the date of | ||||
| publication of this document (http://trustee.ietf.org/license-info). | ||||
| Please review these documents carefully, as they describe your rights | ||||
| and restrictions with respect to this document. | ||||
| Abstract | Abstract | |||
| Recent IESG practice dictates that IETF protocols must specify | Recent IESG practice dictates that IETF protocols must specify | |||
| mandatory-to-implement security mechanisms, so that all conformant | mandatory-to-implement security mechanisms, so that all conformant | |||
| implementations share a common baseline. This document examines all | implementations share a common baseline. This document examines all | |||
| widely deployed HTTP security technologies, and analyzes the trade- | widely deployed HTTP security technologies, and analyzes the trade- | |||
| offs of each. | offs of each. | |||
| Table of Contents | Table of Contents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 3, line 4 ¶ | |||
| 3. Revisions To HTTP . . . . . . . . . . . . . . . . . . . . . . 8 | 3. Revisions To HTTP . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. Normative References . . . . . . . . . . . . . . . . . . . . . 8 | 5. Normative References . . . . . . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 9 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 9 | |||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | |||
| B.1. Changes between draft-sayre-http-security-variance-00 | B.1. Changes between draft-sayre-http-security-variance-00 | |||
| and draft-ietf-httpbis-security-properties-00 . . . . . . 10 | and draft-ietf-httpbis-security-properties-00 . . . . . . 10 | |||
| B.2. Changes between -00 and -01 . . . . . . . . . . . . . . . 10 | B.2. Changes between -00 and -01 . . . . . . . . . . . . . . . 10 | |||
| B.3. Changes between -01 and -02 . . . . . . . . . . . . . . . 11 | B.3. Changes between -01 and -02 . . . . . . . . . . . . . . . 11 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 12 | ||||
| 1. Introduction | 1. Introduction | |||
| Recent IESG practice dictates that IETF protocols are required to | Recent IESG practice dictates that IETF protocols are required to | |||
| specify mandatory to implement security mechanisms. "The IETF | specify mandatory to implement security mechanisms. "The IETF | |||
| Standards Process" [RFC2026] does not require that protocols specify | Standards Process" [RFC2026] does not require that protocols specify | |||
| mandatory security mechanisms. "Strong Security Requirements for | mandatory security mechanisms. "Strong Security Requirements for | |||
| IETF Standard Protocols" [RFC3365] requires that all IETF protocols | IETF Standard Protocols" [RFC3365] requires that all IETF protocols | |||
| provide a mechanism for implementers to provide strong security. RFC | provide a mechanism for implementers to provide strong security. RFC | |||
| 3365 does not define the term "strong security". | 3365 does not define the term "strong security". | |||
| skipping to change at page 12, line 4 ¶ | skipping to change at line 498 ¶ | |||
| Paul Hoffman | Paul Hoffman | |||
| VPN Consortium | VPN Consortium | |||
| Email: paul.hoffman@vpnc.org | Email: paul.hoffman@vpnc.org | |||
| Alexey Melnikov | Alexey Melnikov | |||
| Isode Ltd. | Isode Ltd. | |||
| Email: alexey.melnikov@isode.com | Email: alexey.melnikov@isode.com | |||
| Full Copyright Statement | ||||
| Copyright (C) The IETF Trust (2008). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | ||||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | ||||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | ||||
| THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| Intellectual Property Rights or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; nor does it represent that it has | ||||
| made any independent effort to identify any such rights. Information | ||||
| on the procedures with respect to rights in RFC documents can be | ||||
| found in BCP 78 and BCP 79. | ||||
| Copies of IPR disclosures made to the IETF Secretariat and any | ||||
| assurances of licenses to be made available, or the result of an | ||||
| attempt made to obtain a general license or permission for the use of | ||||
| such proprietary rights by implementers or users of this | ||||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights that may cover technology that may be required to implement | ||||
| this standard. Please address the information to the IETF at | ||||
| ietf-ipr@ietf.org. | ||||
| Acknowledgment | ||||
| Funding for the RFC Editor function is provided by the IETF | ||||
| Administrative Support Activity (IASA). | ||||
| End of changes. 7 change blocks. | ||||
| 10 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||