idnits 2.17.1 draft-kucherawy-httpbis-summary-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 27, 2012) is 4406 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPBIS Working Group M. Kucherawy, Ed. 3 Internet-Draft Cloudmark, Inc. 4 Intended status: Standards Track March 27, 2012 5 Expires: September 28, 2012 7 A Guide to the HTTP/1.1 Document Series 8 draft-kucherawy-httpbis-summary-01 10 Abstract 12 This document introduces a series of documents that comprise the 13 definition of HTTP/1.1, providing a short summary of the content of 14 each of those. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 28, 2012. 33 Copyright Notice 35 Copyright (c) 2012 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 2.1. Part 1: URIs, Connections, and Message Parsing . . . . . . 3 53 2.2. Part 2: Message Semantics . . . . . . . . . . . . . . . . . 4 54 2.3. Part 3: Message Payload and Content Negotiation . . . . . . 5 55 2.4. Part 4: Conditional Requests . . . . . . . . . . . . . . . 6 56 2.5. Part 5: Range Requests and Partial Responses . . . . . . . 6 57 2.6. Part 6: Caching . . . . . . . . . . . . . . . . . . . . . . 7 58 2.7. Part 7: Authentication . . . . . . . . . . . . . . . . . . 7 59 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 60 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 61 5. Informative References . . . . . . . . . . . . . . . . . . . . 8 62 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 9 64 1. Introduction 66 This document summarizes the series of documents comprising the 67 definition of HTTP/1.1. A synopsis of each document is provided, as 68 well as an enumeration of the key definitions (and, thus, their 69 corresponding IANA actions) and security topics each one contains. 70 This is intended to serve as a super table of contents for the 71 series. 73 Future documents wishing to make general reference to HTTP/1.1 should 74 refer to this document and not each document in the series. 76 2. Documents 78 2.1. Part 1: URIs, Connections, and Message Parsing 80 Part 1 ([HTTP-PART-1]) provides an overview of HTTP and its 81 associated terminology, defines the "http" and "https" Uniform 82 Resource Identifier (URI) schemes, defines the generic message syntax 83 and parsing requirements for HTTP message frames, and describes 84 general security concerns for implementations. 86 IANA actions in this document: 88 o Registration of the following HTTP-specific header fields: 90 * Close 92 * Connection 94 * Content-Length 96 * Host 98 * TE 100 * Trailer 102 * Transfer-Encoding 104 * Upgrade 106 * Via 108 o Registration of the "http" and "https" URI schemes 110 o Registration of the "message/http" and "application/http" media 111 types 113 o Creates the HTTP Transfer Coding Registry and creates its initial 114 entries 116 o Creates the HTTP Upgrade Token Registry and creates its initial 117 entries 119 Security considerations include: 121 o Personal information 123 o Abuse of server log information 125 o Attacks based on file and path names 127 o DNS-related attacks 129 o Intermediaries and caching 131 o Protocol element size overflows 133 2.2. Part 2: Message Semantics 135 Part 2 ([HTTP-PART-2]) defines the semantics of HTTP messages as 136 expressed by request methods, request header fields, response status 137 codes, and response header fields. 139 IANA actions in this document: 141 o Creation of the HTTP Request Method Registry and registration of 142 its initial entries 144 o Creation of the HTTP Status Code Registry and registration of its 145 initial entries 147 o Registration of the following HTTP-specific header fields: 149 * Allow 151 * Date 153 * Expect 155 * From 157 * Location 159 * Max-Forwards 160 * Referer 162 * Server 164 * User-Agent 166 Security considerations include: 168 o Transfer of sensitive information 170 o Encoding sensitive information in URIs 172 o Location header fields: spoofing an information leakage 174 o Issuse with the CONNECT method 176 2.3. Part 3: Message Payload and Content Negotiation 178 Part 3 ([HTTP-PART-3]) defines HTTP message content, metadata, and 179 content negotiation. 181 IANA actions in this document: 183 o Registration of the following HTTP-specific header fields: 185 * Accept 187 * Accept-Charset 189 * Accept-Encoding 191 * Accept-Language 193 * Content-Encoding 195 * Content-Language 197 * Content-Location 199 * Content-Type 201 * MIME-Version 203 o Creates the HTTP Content Codings registry and defines its initial 204 values 206 Security considerations include: 208 o Privacy issues connected to Accept header fields 210 2.4. Part 4: Conditional Requests 212 Part 4 ([HTTP-PART-4]) defines request header fields for indicating 213 conditional requests and the rules for constructing responses to 214 those requests. 216 IANA actions in this document: 218 o Registration of the following HTTP Status Codes: 220 * 304: Not Modified 222 * 412: Precondition Failed 224 o Registration of the following HTTP-specific header fields: 226 * ETag 228 * If-Match 230 * If-Modified-Since 232 * If-None-Match 234 * If-Unmodified-Since 236 * Last-Modified 238 2.5. Part 5: Range Requests and Partial Responses 240 Part 5 ([HTTP-PART-5]) defines range-specific requests and the rules 241 for constructing and combining responses to those requests. 243 IANA actions in this document: 245 o Registration of the following HTTP Status Codes: 247 * 206: Partial Content 249 * 416: Requested Range Not Satisfiable 251 o Registration of the following HTTP-specific header fields: 253 * Accept-Ranges 254 * Content-Range 256 * If-Range 258 * Range 260 o Creates the HTTP Range Specifiers registry and its initial entry 262 Security considerations include: 264 o Overlapping ranges 266 2.6. Part 6: Caching 268 Part 6 ([HTTP-PART-6]) defines requirements on HTTP caches and the 269 associated header fields that control cache behavior or indicate 270 cacheable response messages. 272 IANA actions in this document: 274 o Creates the HTTP Cache Directives registry and its initial entries 276 o Creates the HTTP Warn Codes registry and its initial entries 278 o Registration of the following HTTP-specific header fields: 280 * Age 282 * Cache-Control 284 * Expires 286 * Pragma 288 * Vary 290 * Warning 292 Security considerations include: 294 o General discussion of security issues related to caching 296 2.7. Part 7: Authentication 298 Part 7 ([HTTP-PART-7]) defines the HTTP Authentication framework. 300 IANA actions in this document: 302 o Creates the HTTP Authenticaton Schemes registry 304 o Registration of the following HTTP Status Codes: 306 * 401: Unauthorized 308 * 407: Proxy Authentication Required 310 o Registration of the following HTTP-specific header fields: 312 * Authorization 314 * Proxy-Authenticate 316 * Proxy-Authorization 318 * WWW-Authenticate 320 Security considerations include: 322 o Authentication credentials and idle clients 324 3. IANA Considerations 326 This document includes no actions for IANA. 328 4. Security Considerations 330 This document neither introduces nor modifies any protocol and as 331 such has no security implications. 333 5. Informative References 335 [HTTP-PART-1] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 336 Ed., "HTTP/1.1, part 1: URIs, Connections, and Message 337 Parsing", draft-ietf-httpbis-p1-messaging (work in 338 progress), March 2012. 340 [HTTP-PART-2] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 341 Ed., "HTTP/1.1, part 2: Message Semantics", 342 draft-ietf-httpbis-p2-semantics (work in progress), 343 March 2012. 345 [HTTP-PART-3] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 346 Ed., "HTTP/1.1, part 3: Message Payload and Content 347 Negotiation", draft-ietf-httpbis-p3-payload (work in 348 progress), March 2012. 350 [HTTP-PART-4] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 351 Ed., "HTTP/1.1, part 4: Conditional Requests", 352 draft-ietf-httpbis-p4-conditional (work in progress), 353 March 2012. 355 [HTTP-PART-5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 356 Ed., "HTTP/1.1, part 5: Range Requests and Partial 357 Responses", draft-ietf-httpbis-p5-range (work in 358 progress), March 2012. 360 [HTTP-PART-6] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 361 Ed., "HTTP/1.1, part 6: Caching", 362 draft-ietf-httpbis-p6-cache (work in progress), 363 March 2012. 365 [HTTP-PART-7] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, 366 Ed., "HTTP/1.1, part 7: Authentication", 367 draft-ietf-httpbis-p7-auth (work in progress), 368 March 2012. 370 Appendix A. Acknowledgements 372 The author wishes to acknowledge the following for their input to 373 this document: (names) 375 Author's Address 377 Murray S. Kucherawy (editor) 378 Cloudmark, Inc. 379 128 King St., 2nd Floor 380 San Francisco, CA 94107 381 US 383 Phone: +1 415 946 3800 384 EMail: msk@cloudmark.com