|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Last Update: Jul 14, 2008
-- Color Legend: RFC Editor Queue
/ Processed by IESG
/ ID Exists
/ Recently Expired
-- Each I-D name is a link to an I-D description, which points to a text version, a two-page and fit-in-window PDF version, as well as the IETF Tools' HTML version.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| The charter of the HTTPBIS working group
is reported below.
|
|
|
|
HTTP is one of the most successful and widely-used protocols on the
Internet today. However, its specification has several editorial
issues. Additionally, after years of implementation and extension,
several ambiguities have become evident, impairing interoperability
and the ability to easily implement and use HTTP.
The working group will refine RFC 2616 to:
|
|
| - |
Incorporate errata and updates (e.g., references, IANA registries,
ABNF)
|
| - |
Fix editorial problems which have led to misunderstandings of the
specification
|
| - |
Clarify conformance requirements
|
| - |
Remove known ambiguities where they affect interoperability
|
| - |
Clarify existing methods of extensibility
|
| - |
Remove or deprecate those features that are not widely implemented
and also unduly affect interoperability
|
| - |
Where necessary, add implementation advice
|
| - |
Document the security properties of HTTP and its associated
echanisms (e.g., Basic and Digest authentication, cookies, TLS) for
common applications
|
|
In doing so, it should consider:
|
|
| - |
Implementer experience
|
| - |
Demonstrated use of HTTP
|
| - |
Impact on existing implementations and deployments
|
|
The Working Group must not introduce a new version of HTTP and should
not add new functionality to HTTP. The WG is not tasked with producing
new methods, headers, or extension mechanisms, but may introduce new
protocol elements if necessary as part of revising existing
functionality which has proven to be problematic
The Working Group's specification deliverables are:
|
|
| - |
A document that is suitable to supersede RFC 2616
|
| - |
A document cataloguing the security properties of HTTP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| | |
httpbis-
p1-messaging-03
ID Exists
Jun 17, 2008
(71 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 1: URIs, Connections, and Message Parsing |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 1 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 1 provides
an overview of HTTP and its associated terminology, defines the
"http" and "https" Uniform Resource Identifier (URI) schemes, defines
the generic message syntax and parsing requirements for HTTP message
frames, and describes general security concerns for implementations.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p2-semantics-03
ID Exists
Jun 17, 2008
(51 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 2: Message Semantics |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 2 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 2 defines
the semantics of HTTP messages as expressed by request methods,
request-header fields, response status codes, and response-header
fields.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p3-payload-03
ID Exists
Jun 17, 2008
(41 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 3: Message Payload and Content Negotiation |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 3 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 3 defines
HTTP message content, metadata, and content negotiation.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p4-conditional-03
ID Exists
Jun 17, 2008
(24 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 4: Conditional Requests |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 4 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 4 defines
request header fields for indicating conditional requests and the
rules for constructing responses to those requests.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p5-range-03
ID Exists
Jun 17, 2008
(23 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 5: Range Requests and Partial Responses |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 5 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 5 defines
range-specific requests and the rules for constructing and combining
responses to those requests.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p6-cache-03
ID Exists
Jun 17, 2008
(52 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 6: Caching |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 6 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 6 defines
requirements on HTTP caches and the associated header fields that
control cache behavior or indicate cacheable response messages.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-
p7-auth-03
ID Exists
Jun 17, 2008
(14 p.)
[pdf(2)]
[html]
|
R. Fielding
J. Gettys
J. Mogul
H. Frystyk
L. Masinter
P. Leach
T. Berners-Lee
Y. Lafon
J. Reschke |
|
HTTP/1.1, part 7: Authentication |
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global
information initiative since 1990.
This document is Part 7 of the
seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 7 defines
HTTP Authentication.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
httpbis-security-
properties-02
ID Exists
Jul 13, 2008
(12 p.)
[pdf(2)]
[html]
|
P. Hoffman
A. Melnikov |
|
Security Requirements for HTTP |
|
Recent IESG practice dictates that IETF protocols must specify
mandatory-to-implement security mechanisms, so that all conformant
implementations share a common baseline. This document examines all
widely deployed HTTP security technologies, and analyzes the trade-offs
of each.
|
|
|
| |
| Up List |
Intended Status: | Informational |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
