Internet DRAFT - draft-kucherawy-httpbis-summary

draft-kucherawy-httpbis-summary






HTTPBIS Working Group                                  M. Kucherawy, Ed.
Internet-Draft                                           Cloudmark, Inc.
Intended status: Standards Track                          March 27, 2012
Expires: September 28, 2012


                A Guide to the HTTP/1.1 Document Series
                   draft-kucherawy-httpbis-summary-01

Abstract

   This document introduces a series of documents that comprise the
   definition of HTTP/1.1, providing a short summary of the content of
   each of those.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 28, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Kucherawy              Expires September 28, 2012               [Page 1]

Internet-Draft          HTTP/1.1 Document Series              March 2012


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
     2.1.  Part 1: URIs, Connections, and Message Parsing  . . . . . . 3
     2.2.  Part 2: Message Semantics . . . . . . . . . . . . . . . . . 4
     2.3.  Part 3: Message Payload and Content Negotiation . . . . . . 5
     2.4.  Part 4: Conditional Requests  . . . . . . . . . . . . . . . 6
     2.5.  Part 5: Range Requests and Partial Responses  . . . . . . . 6
     2.6.  Part 6: Caching . . . . . . . . . . . . . . . . . . . . . . 7
     2.7.  Part 7: Authentication  . . . . . . . . . . . . . . . . . . 7
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 8
   5.  Informative References  . . . . . . . . . . . . . . . . . . . . 8
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . . . 9




































Kucherawy              Expires September 28, 2012               [Page 2]

Internet-Draft          HTTP/1.1 Document Series              March 2012


1.  Introduction

   This document summarizes the series of documents comprising the
   definition of HTTP/1.1.  A synopsis of each document is provided, as
   well as an enumeration of the key definitions (and, thus, their
   corresponding IANA actions) and security topics each one contains.
   This is intended to serve as a super table of contents for the
   series.

   Future documents wishing to make general reference to HTTP/1.1 should
   refer to this document and not each document in the series.

2.  Documents

2.1.  Part 1: URIs, Connections, and Message Parsing

   Part 1 ([HTTP-PART-1]) provides an overview of HTTP and its
   associated terminology, defines the "http" and "https" Uniform
   Resource Identifier (URI) schemes, defines the generic message syntax
   and parsing requirements for HTTP message frames, and describes
   general security concerns for implementations.

   IANA actions in this document:

   o  Registration of the following HTTP-specific header fields:

      *  Close

      *  Connection

      *  Content-Length

      *  Host

      *  TE

      *  Trailer

      *  Transfer-Encoding

      *  Upgrade

      *  Via

   o  Registration of the "http" and "https" URI schemes

   o  Registration of the "message/http" and "application/http" media
      types



Kucherawy              Expires September 28, 2012               [Page 3]

Internet-Draft          HTTP/1.1 Document Series              March 2012


   o  Creates the HTTP Transfer Coding Registry and creates its initial
      entries

   o  Creates the HTTP Upgrade Token Registry and creates its initial
      entries

   Security considerations include:

   o  Personal information

   o  Abuse of server log information

   o  Attacks based on file and path names

   o  DNS-related attacks

   o  Intermediaries and caching

   o  Protocol element size overflows

2.2.  Part 2: Message Semantics

   Part 2 ([HTTP-PART-2]) defines the semantics of HTTP messages as
   expressed by request methods, request header fields, response status
   codes, and response header fields.

   IANA actions in this document:

   o  Creation of the HTTP Request Method Registry and registration of
      its initial entries

   o  Creation of the HTTP Status Code Registry and registration of its
      initial entries

   o  Registration of the following HTTP-specific header fields:

      *  Allow

      *  Date

      *  Expect

      *  From

      *  Location

      *  Max-Forwards




Kucherawy              Expires September 28, 2012               [Page 4]

Internet-Draft          HTTP/1.1 Document Series              March 2012


      *  Referer

      *  Server

      *  User-Agent

   Security considerations include:

   o  Transfer of sensitive information

   o  Encoding sensitive information in URIs

   o  Location header fields: spoofing an information leakage

   o  Issuse with the CONNECT method

2.3.  Part 3: Message Payload and Content Negotiation

   Part 3 ([HTTP-PART-3]) defines HTTP message content, metadata, and
   content negotiation.

   IANA actions in this document:

   o  Registration of the following HTTP-specific header fields:

      *  Accept

      *  Accept-Charset

      *  Accept-Encoding

      *  Accept-Language

      *  Content-Encoding

      *  Content-Language

      *  Content-Location

      *  Content-Type

      *  MIME-Version

   o  Creates the HTTP Content Codings registry and defines its initial
      values

   Security considerations include:




Kucherawy              Expires September 28, 2012               [Page 5]

Internet-Draft          HTTP/1.1 Document Series              March 2012


   o  Privacy issues connected to Accept header fields

2.4.  Part 4: Conditional Requests

   Part 4 ([HTTP-PART-4]) defines request header fields for indicating
   conditional requests and the rules for constructing responses to
   those requests.

   IANA actions in this document:

   o  Registration of the following HTTP Status Codes:

      *  304: Not Modified

      *  412: Precondition Failed

   o  Registration of the following HTTP-specific header fields:

      *  ETag

      *  If-Match

      *  If-Modified-Since

      *  If-None-Match

      *  If-Unmodified-Since

      *  Last-Modified

2.5.  Part 5: Range Requests and Partial Responses

   Part 5 ([HTTP-PART-5]) defines range-specific requests and the rules
   for constructing and combining responses to those requests.

   IANA actions in this document:

   o  Registration of the following HTTP Status Codes:

      *  206: Partial Content

      *  416: Requested Range Not Satisfiable

   o  Registration of the following HTTP-specific header fields:

      *  Accept-Ranges





Kucherawy              Expires September 28, 2012               [Page 6]

Internet-Draft          HTTP/1.1 Document Series              March 2012


      *  Content-Range

      *  If-Range

      *  Range

   o  Creates the HTTP Range Specifiers registry and its initial entry

   Security considerations include:

   o  Overlapping ranges

2.6.  Part 6: Caching

   Part 6 ([HTTP-PART-6]) defines requirements on HTTP caches and the
   associated header fields that control cache behavior or indicate
   cacheable response messages.

   IANA actions in this document:

   o  Creates the HTTP Cache Directives registry and its initial entries

   o  Creates the HTTP Warn Codes registry and its initial entries

   o  Registration of the following HTTP-specific header fields:

      *  Age

      *  Cache-Control

      *  Expires

      *  Pragma

      *  Vary

      *  Warning

   Security considerations include:

   o  General discussion of security issues related to caching

2.7.  Part 7: Authentication

   Part 7 ([HTTP-PART-7]) defines the HTTP Authentication framework.

   IANA actions in this document:




Kucherawy              Expires September 28, 2012               [Page 7]

Internet-Draft          HTTP/1.1 Document Series              March 2012


   o  Creates the HTTP Authenticaton Schemes registry

   o  Registration of the following HTTP Status Codes:

      *  401: Unauthorized

      *  407: Proxy Authentication Required

   o  Registration of the following HTTP-specific header fields:

      *  Authorization

      *  Proxy-Authenticate

      *  Proxy-Authorization

      *  WWW-Authenticate

   Security considerations include:

   o  Authentication credentials and idle clients

3.  IANA Considerations

   This document includes no actions for IANA.

4.  Security Considerations

   This document neither introduces nor modifies any protocol and as
   such has no security implications.

5.  Informative References

   [HTTP-PART-1]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 1: URIs, Connections, and Message
                  Parsing", draft-ietf-httpbis-p1-messaging (work in
                  progress), March 2012.

   [HTTP-PART-2]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 2: Message Semantics",
                  draft-ietf-httpbis-p2-semantics (work in progress),
                  March 2012.

   [HTTP-PART-3]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 3: Message Payload and Content
                  Negotiation", draft-ietf-httpbis-p3-payload (work in
                  progress), March 2012.




Kucherawy              Expires September 28, 2012               [Page 8]

Internet-Draft          HTTP/1.1 Document Series              March 2012


   [HTTP-PART-4]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 4: Conditional Requests",
                  draft-ietf-httpbis-p4-conditional (work in progress),
                  March 2012.

   [HTTP-PART-5]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 5: Range Requests and Partial
                  Responses", draft-ietf-httpbis-p5-range (work in
                  progress), March 2012.

   [HTTP-PART-6]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 6: Caching",
                  draft-ietf-httpbis-p6-cache (work in progress),
                  March 2012.

   [HTTP-PART-7]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
                  Ed., "HTTP/1.1, part 7: Authentication",
                  draft-ietf-httpbis-p7-auth (work in progress),
                  March 2012.

Appendix A.  Acknowledgements

   The author wishes to acknowledge the following for their input to
   this document: (names)

Author's Address

   Murray S. Kucherawy (editor)
   Cloudmark, Inc.
   128 King St., 2nd Floor
   San Francisco, CA  94107
   US

   Phone: +1 415 946 3800
   EMail: msk@cloudmark.com
















Kucherawy              Expires September 28, 2012               [Page 9]