* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 1267


Ignore:
Timestamp:
2011-04-08 01:15:20 (3 years ago)
Author:
julian.reschke@gmx.de
Message:

Remove Content-MD5 (see #178)

Location:
draft-ietf-httpbis/latest
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/httpbis.abnf

    r1236 r1267  
    1919Content-Length = 1*DIGIT 
    2020Content-Location = absolute-URI / partial-URI 
    21 Content-MD5 = <base64 of 128 bit MD5 digest as per [RFC1864]> 
    2221Content-Range = content-range-spec 
    2322Content-Type = media-type 
     
    248247; Content-Length defined but not used 
    249248; Content-Location defined but not used 
    250 ; Content-MD5 defined but not used 
    251249; Content-Range defined but not used 
    252250; Content-Type defined but not used 
  • draft-ietf-httpbis/latest/p3-payload.html

    r1260 r1267  
    359359  }  
    360360  @bottom-center { 
    361        content: "Expires October 7, 2011";  
     361       content: "Expires October 10, 2011";  
    362362  }  
    363363  @bottom-right { 
     
    408408      <meta name="dct.creator" content="Reschke, J. F."> 
    409409      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p3-payload-latest"> 
    410       <meta name="dct.issued" scheme="ISO8601" content="2011-04-05"> 
     410      <meta name="dct.issued" scheme="ISO8601" content="2011-04-08"> 
    411411      <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 
    412412      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 3 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 3 defines HTTP message content, metadata, and content negotiation."> 
     
    434434            </tr> 
    435435            <tr> 
    436                <td class="left">Expires: October 7, 2011</td> 
     436               <td class="left">Expires: October 10, 2011</td> 
    437437               <td class="right">J. Mogul</td> 
    438438            </tr> 
     
    491491            <tr> 
    492492               <td class="left"></td> 
    493                <td class="right">April 5, 2011</td> 
     493               <td class="right">April 8, 2011</td> 
    494494            </tr> 
    495495         </tbody> 
     
    517517         in progress”. 
    518518      </p> 
    519       <p>This Internet-Draft will expire on October 7, 2011.</p> 
     519      <p>This Internet-Draft will expire on October 10, 2011.</p> 
    520520      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 
    521521      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p> 
     
    582582               <li>6.6&nbsp;&nbsp;&nbsp;<a href="#header.content-language">Content-Language</a></li> 
    583583               <li>6.7&nbsp;&nbsp;&nbsp;<a href="#header.content-location">Content-Location</a></li> 
    584                <li>6.8&nbsp;&nbsp;&nbsp;<a href="#header.content-md5">Content-MD5</a></li> 
    585                <li>6.9&nbsp;&nbsp;&nbsp;<a href="#header.content-type">Content-Type</a></li> 
     584               <li>6.8&nbsp;&nbsp;&nbsp;<a href="#header.content-type">Content-Type</a></li> 
    586585            </ul> 
    587586         </li> 
     
    751750      </p> 
    752751      <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="media.types" href="#media.types">Media Types</a></h2> 
    753       <p id="rfc.section.2.3.p.1">HTTP uses Internet Media Types <a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> in the Content-Type (<a href="#header.content-type" id="rfc.xref.header.content-type.1" title="Content-Type">Section&nbsp;6.9</a>) and Accept (<a href="#header.accept" id="rfc.xref.header.accept.1" title="Accept">Section&nbsp;6.1</a>) header fields in order to provide open and extensible data typing and type negotiation. 
     752      <p id="rfc.section.2.3.p.1">HTTP uses Internet Media Types <a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> in the Content-Type (<a href="#header.content-type" id="rfc.xref.header.content-type.1" title="Content-Type">Section&nbsp;6.8</a>) and Accept (<a href="#header.accept" id="rfc.xref.header.accept.1" title="Accept">Section&nbsp;6.1</a>) header fields in order to provide open and extensible data typing and type negotiation. 
    754753      </p> 
    755754      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.4"></span><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span>  <a href="#media.types" class="smpl">media-type</a> = <a href="#media.types" class="smpl">type</a> "/" <a href="#media.types" class="smpl">subtype</a> *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#rule.parameter" class="smpl">parameter</a> ) 
     
    847846               </tr> 
    848847               <tr> 
    849                   <td class="left">Content-MD5</td> 
    850                   <td class="left"><a href="#header.content-md5" id="rfc.xref.header.content-md5.1" title="Content-MD5">Section&nbsp;6.8</a></td> 
    851                </tr> 
    852                <tr> 
    853848                  <td class="left">Content-Range</td> 
    854849                  <td class="left"><a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a> of <a href="#Part5" id="rfc.xref.Part5.1"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a></td> 
     
    905900               <tr> 
    906901                  <td class="left">Content-Type</td> 
    907                   <td class="left"><a href="#header.content-type" id="rfc.xref.header.content-type.2" title="Content-Type">Section&nbsp;6.9</a></td> 
     902                  <td class="left"><a href="#header.content-type" id="rfc.xref.header.content-type.2" title="Content-Type">Section&nbsp;6.8</a></td> 
    908903               </tr> 
    909904               <tr> 
     
    13161311      <div id="rfc.iref.c.10"></div> 
    13171312      <div id="rfc.iref.h.8"></div> 
    1318       <h2 id="rfc.section.6.8"><a href="#rfc.section.6.8">6.8</a>&nbsp;<a id="header.content-md5" href="#header.content-md5">Content-MD5</a></h2> 
    1319       <p id="rfc.section.6.8.p.1">The "Content-MD5" header field, as defined in <a href="#RFC1864" id="rfc.xref.RFC1864.1"><cite title="The Content-MD5 Header Field">[RFC1864]</cite></a>, is an MD5 digest of the payload body that provides an end-to-end message integrity check (MIC) of the payload body (the 
    1320          message-body after any transfer-coding is decoded). Note that a MIC is good for detecting accidental modification of the payload 
    1321          body in transit, but is not proof against malicious attacks. 
    1322       </p> 
    1323       <div id="rfc.figure.u.27"></div><pre class="inline"><span id="rfc.iref.g.23"></span>  <a href="#header.content-md5" class="smpl">Content-MD5</a> = &lt;base64 of 128 bit MD5 digest as per <a href="#RFC1864" id="rfc.xref.RFC1864.2"><cite title="The Content-MD5 Header Field">[RFC1864]</cite></a>&gt; 
    1324 </pre><p id="rfc.section.6.8.p.3">The Content-MD5 header field <em class="bcp14">MAY</em> be generated by an origin server or client to function as an integrity check of the payload body. Only origin servers or user 
    1325          agents <em class="bcp14">MAY</em> generate the Content-MD5 header field; proxies <em class="bcp14">MUST NOT</em> generate it, as this would defeat its value as an end-to-end integrity check. Any recipient <em class="bcp14">MAY</em> check that the digest value in this header field matches a corresponding digest calculated on payload body as received. 
    1326       </p> 
    1327       <p id="rfc.section.6.8.p.4">The MD5 digest is computed based on the content of the payload body, including any content-coding, but not including any transfer-coding 
    1328          applied to the message-body because such transfer-codings might be applied or removed anywhere along the request/response 
    1329          chain. If the message is received with a transfer-coding, that encoding <em class="bcp14">MUST</em> be decoded prior to checking the Content-MD5 value against the received payload. 
    1330       </p> 
    1331       <p id="rfc.section.6.8.p.5">HTTP extends RFC 1864 to permit the digest to be computed for MIME composite media-types (e.g., multipart/* and message/rfc822), 
    1332          but this does not change how the digest is computed as defined in the preceding paragraph. 
    1333       </p> 
    1334       <p id="rfc.section.6.8.p.6">There are several consequences of this. The payload for composite types <em class="bcp14">MAY</em> contain many body-parts, each with its own MIME and HTTP header fields (including Content-MD5, Content-Transfer-Encoding, 
    1335          and Content-Encoding header fields). If a body-part has a Content-Transfer-Encoding or Content-Encoding header field, it is 
    1336          assumed that the content of the body-part has had the encoding applied, and the body-part is included in the Content-MD5 digest 
    1337          as is — i.e., after the application. The Transfer-Encoding header field is not allowed within body-parts. 
    1338       </p> 
    1339       <p id="rfc.section.6.8.p.7">Conversion of all line breaks to CRLF <em class="bcp14">MUST NOT</em> be done before computing or checking the digest: the line break convention used in the text actually transmitted <em class="bcp14">MUST</em> be left unaltered when computing the digest. 
    1340       </p> 
    1341       <div class="note" id="rfc.section.6.8.p.8">  
    1342          <p> <b>Note:</b> While the definition of Content-MD5 is exactly the same for HTTP as in RFC 1864 for MIME entity-bodies, there are several 
    1343             ways in which the application of Content-MD5 to HTTP entity-bodies differs from its application to MIME entity-bodies. One 
    1344             is that HTTP, unlike MIME, does not use Content-Transfer-Encoding, and does use Transfer-Encoding and Content-Encoding. Another 
    1345             is that HTTP more frequently uses binary content types than MIME, so it is worth noting that, in such cases, the byte order 
    1346             used to compute the digest is the transmission byte order defined for the type. Lastly, HTTP allows transmission of text types 
    1347             with any of several line break conventions and not just the canonical form using CRLF. 
    1348          </p>  
    1349       </div> 
    1350       <div id="rfc.iref.c.11"></div> 
    1351       <div id="rfc.iref.h.9"></div> 
    1352       <h2 id="rfc.section.6.9"><a href="#rfc.section.6.9">6.9</a>&nbsp;<a id="header.content-type" href="#header.content-type">Content-Type</a></h2> 
    1353       <p id="rfc.section.6.9.p.1">The "Content-Type" header field indicates the media type of the representation. In the case of responses to the HEAD method, 
     1313      <h2 id="rfc.section.6.8"><a href="#rfc.section.6.8">6.8</a>&nbsp;<a id="header.content-type" href="#header.content-type">Content-Type</a></h2> 
     1314      <p id="rfc.section.6.8.p.1">The "Content-Type" header field indicates the media type of the representation. In the case of responses to the HEAD method, 
    13541315         the media type is that which would have been sent had the request been a GET. 
    13551316      </p> 
    1356       <div id="rfc.figure.u.28"></div><pre class="inline"><span id="rfc.iref.g.24"></span>  <a href="#header.content-type" class="smpl">Content-Type</a> = <a href="#media.types" class="smpl">media-type</a> 
    1357 </pre><p id="rfc.section.6.9.p.3">Media types are defined in <a href="#media.types" title="Media Types">Section&nbsp;2.3</a>. An example of the field is 
    1358       </p> 
    1359       <div id="rfc.figure.u.29"></div><pre class="text">  Content-Type: text/html; charset=ISO-8859-4 
    1360 </pre><p id="rfc.section.6.9.p.5">Further discussion of Content-Type is provided in <a href="#representation.data" title="Representation Data">Section&nbsp;4.2</a>. 
     1317      <div id="rfc.figure.u.27"></div><pre class="inline"><span id="rfc.iref.g.23"></span>  <a href="#header.content-type" class="smpl">Content-Type</a> = <a href="#media.types" class="smpl">media-type</a> 
     1318</pre><p id="rfc.section.6.8.p.3">Media types are defined in <a href="#media.types" title="Media Types">Section&nbsp;2.3</a>. An example of the field is 
     1319      </p> 
     1320      <div id="rfc.figure.u.28"></div><pre class="text">  Content-Type: text/html; charset=ISO-8859-4 
     1321</pre><p id="rfc.section.6.8.p.5">Further discussion of Content-Type is provided in <a href="#representation.data" title="Representation Data">Section&nbsp;4.2</a>. 
    13611322      </p> 
    13621323      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1> 
     
    14261387               </tr> 
    14271388               <tr> 
    1428                   <td class="left">Content-MD5</td> 
    1429                   <td class="left">http</td> 
    1430                   <td class="left">standard</td> 
    1431                   <td class="left"> <a href="#header.content-md5" id="rfc.xref.header.content-md5.2" title="Content-MD5">Section&nbsp;6.8</a>  
    1432                   </td> 
    1433                </tr> 
    1434                <tr> 
    14351389                  <td class="left">Content-Type</td> 
    14361390                  <td class="left">http</td> 
    14371391                  <td class="left">standard</td> 
    1438                   <td class="left"> <a href="#header.content-type" id="rfc.xref.header.content-type.3" title="Content-Type">Section&nbsp;6.9</a>  
     1392                  <td class="left"> <a href="#header.content-type" id="rfc.xref.header.content-type.3" title="Content-Type">Section&nbsp;6.8</a>  
    14391393                  </td> 
    14401394               </tr> 
     
    15231477      <h2 id="rfc.references.1"><a href="#rfc.section.10.1" id="rfc.section.10.1">10.1</a> Normative References 
    15241478      </h2> 
    1525       <table>                               
     1479      <table>                             
    15261480         <tr> 
    15271481            <td class="reference"><b id="Part1">[Part1]</b></td> 
     
    15471501            <td class="reference"><b id="Part6">[Part6]</b></td> 
    15481502            <td class="top"><a href="mailto:fielding@gbiv.com" title="Adobe Systems Incorporated">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, <a href="mailto:mnot@mnot.net">Nottingham, M., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-latest">HTTP/1.1, part 6: Caching</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p6-cache-latest (work in progress), April&nbsp;2011. 
    1549             </td> 
    1550          </tr> 
    1551          <tr> 
    1552             <td class="reference"><b id="RFC1864">[RFC1864]</b></td> 
    1553             <td class="top"><a href="mailto:jgm+@cmu.edu" title="Carnegie Mellon University">Myers, J.</a> and <a href="mailto:mrose@dbc.mtview.ca.us" title="Dover Beach Consulting, Inc.">M. Rose</a>, “<a href="http://tools.ietf.org/html/rfc1864">The Content-MD5 Header Field</a>”, RFC&nbsp;1864, October&nbsp;1995. 
    15541503            </td> 
    15551504         </tr> 
     
    16051554      <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References 
    16061555      </h2> 
    1607       <table>                                 
     1556      <table>                                   
    16081557         <tr> 
    16091558            <td class="reference"><b id="BCP97">[BCP97]</b></td> 
     
    16791628            <td class="reference"><b id="RFC5322">[RFC5322]</b></td> 
    16801629            <td class="top">Resnick, P., “<a href="http://tools.ietf.org/html/rfc5322">Internet Message Format</a>”, RFC&nbsp;5322, October&nbsp;2008. 
     1630            </td> 
     1631         </tr> 
     1632         <tr> 
     1633            <td class="reference"><b id="RFC6151">[RFC6151]</b></td> 
     1634            <td class="top">Turner, S. and L. Chen, “<a href="http://tools.ietf.org/html/rfc6151">Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms</a>”, RFC&nbsp;6151, March&nbsp;2011. 
    16811635            </td> 
    16821636         </tr> 
     
    17151669      </p> 
    17161670      <div id="rfc.iref.m.1"></div> 
    1717       <div id="rfc.iref.h.10"></div> 
     1671      <div id="rfc.iref.h.9"></div> 
    17181672      <h2 id="rfc.section.A.1"><a href="#rfc.section.A.1">A.1</a>&nbsp;<a id="mime-version" href="#mime-version">MIME-Version</a></h2> 
    17191673      <p id="rfc.section.A.1.p.1">HTTP is not a MIME-compliant protocol. However, HTTP/1.1 messages <em class="bcp14">MAY</em> include a single MIME-Version header field to indicate what version of the MIME protocol was used to construct the message. 
     
    17211675         environments. 
    17221676      </p> 
    1723       <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.25"></span>  <a href="#mime-version" class="smpl">MIME-Version</a> = 1*<a href="#notation" class="smpl">DIGIT</a> "." 1*<a href="#notation" class="smpl">DIGIT</a> 
     1677      <div id="rfc.figure.u.29"></div><pre class="inline"><span id="rfc.iref.g.24"></span>  <a href="#mime-version" class="smpl">MIME-Version</a> = 1*<a href="#notation" class="smpl">DIGIT</a> "." 1*<a href="#notation" class="smpl">DIGIT</a> 
    17241678</pre><p id="rfc.section.A.1.p.3">MIME version "1.0" is the default for use in HTTP/1.1. However, HTTP/1.1 message parsing and semantics are defined by this 
    17251679         document and not the MIME specification. 
     
    17771731      <p id="rfc.section.C.p.3">Change ABNF productions for header fields to only define the field value. (<a href="#header.fields" title="Header Field Definitions">Section&nbsp;6</a>) 
    17781732      </p> 
    1779       <p id="rfc.section.C.p.4">Remove ISO-8859-1 special-casing in Accept-Charset. (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.3" title="Accept-Charset">Section&nbsp;6.2</a>) 
    1780       </p> 
    1781       <p id="rfc.section.C.p.5">Remove base URI setting semantics for Content-Location due to poor implementation support, which was caused by too many broken 
     1733      <p id="rfc.section.C.p.4">Remove definition of Content-MD5 header field because it was inconsistently implemented with respect to partial responses, 
     1734         and also because of known deficiencies in the hash algorithm itself (see <a href="#RFC6151" id="rfc.xref.RFC6151.1"><cite title="Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms">[RFC6151]</cite></a> for details). (<a href="#header.fields" title="Header Field Definitions">Section&nbsp;6</a>) 
     1735      </p> 
     1736      <p id="rfc.section.C.p.5">Remove ISO-8859-1 special-casing in Accept-Charset. (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.3" title="Accept-Charset">Section&nbsp;6.2</a>) 
     1737      </p> 
     1738      <p id="rfc.section.C.p.6">Remove base URI setting semantics for Content-Location due to poor implementation support, which was caused by too many broken 
    17821739         servers emitting bogus Content-Location header fields, and also the potentially undesirable effect of potentially breaking 
    17831740         relative links in content-negotiated resources. (<a href="#header.content-location" id="rfc.xref.header.content-location.3" title="Content-Location">Section&nbsp;6.7</a>) 
    17841741      </p> 
    1785       <p id="rfc.section.C.p.6">Remove discussion of Content-Disposition header field, it is now defined by <a href="#draft-ietf-httpbis-content-disp" id="rfc.xref.draft-ietf-httpbis-content-disp.2"><cite title="Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)">[draft-ietf-httpbis-content-disp]</cite></a>. (<a href="#additional.features" title="Additional Features">Appendix&nbsp;B</a>) 
    1786       </p> 
    1787       <p id="rfc.section.C.p.7">Remove reference to non-existant identity transfer-coding value tokens. (<a href="#no.content-transfer-encoding" title="No Content-Transfer-Encoding">Appendix&nbsp;A.5</a>) 
     1742      <p id="rfc.section.C.p.7">Remove discussion of Content-Disposition header field, it is now defined by <a href="#draft-ietf-httpbis-content-disp" id="rfc.xref.draft-ietf-httpbis-content-disp.2"><cite title="Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)">[draft-ietf-httpbis-content-disp]</cite></a>. (<a href="#additional.features" title="Additional Features">Appendix&nbsp;B</a>) 
     1743      </p> 
     1744      <p id="rfc.section.C.p.8">Remove reference to non-existant identity transfer-coding value tokens. (<a href="#no.content-transfer-encoding" title="No Content-Transfer-Encoding">Appendix&nbsp;A.5</a>) 
    17881745      </p> 
    17891746      <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 
    1790       <div id="rfc.figure.u.31"></div> <pre class="inline"><a href="#header.accept" class="smpl">Accept</a> = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [ 
     1747      <div id="rfc.figure.u.30"></div> <pre class="inline"><a href="#header.accept" class="smpl">Accept</a> = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [ 
    17911748 OWS media-range [ accept-params ] ] ) ] 
    17921749<a href="#header.accept-charset" class="smpl">Accept-Charset</a> = *( "," OWS ) ( charset / "*" ) [ OWS ";" OWS "q=" 
     
    18041761 language-tag ] ) 
    18051762<a href="#header.content-location" class="smpl">Content-Location</a> = absolute-URI / partial-URI 
    1806 <a href="#header.content-md5" class="smpl">Content-MD5</a> = &lt;base64 of 128 bit MD5 digest as per [RFC1864]&gt; 
    18071763<a href="#header.content-type" class="smpl">Content-Type</a> = media-type 
    18081764 
     
    18401796 
    18411797<a href="#core.rules" class="smpl">word</a> = &lt;word, defined in [Part1], Section 1.2.2&gt; 
    1842 </pre> <div id="rfc.figure.u.32"></div> 
     1798</pre> <div id="rfc.figure.u.31"></div> 
    18431799      <p>ABNF diagnostics:</p><pre class="inline">; Accept defined but not used 
    18441800; Accept-Charset defined but not used 
     
    18481804; Content-Language defined but not used 
    18491805; Content-Location defined but not used 
    1850 ; Content-MD5 defined but not used 
    18511806; Content-Type defined but not used 
    18521807; MIME-Version defined but not used 
     
    20492004      <ul> 
    20502005         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/20">http://tools.ietf.org/wg/httpbis/trac/ticket/20</a>&gt;: "Default charsets for text media types" 
     2006         </li> 
     2007         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/178">http://tools.ietf.org/wg/httpbis/trac/ticket/178</a>&gt;: "Content-MD5 and partial responses" 
    20512008         </li> 
    20522009         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/276">http://tools.ietf.org/wg/httpbis/trac/ticket/276</a>&gt;: "untangle ABNFs for header fields" 
     
    20852042                  <li>Content-Language header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-language.1">4.1</a>, <a href="#rfc.iref.c.8"><b>6.6</b></a>, <a href="#rfc.xref.header.content-language.2">7.1</a></li> 
    20862043                  <li>Content-Location header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-location.1">4.1</a>, <a href="#rfc.iref.c.9"><b>6.7</b></a>, <a href="#rfc.xref.header.content-location.2">7.1</a>, <a href="#rfc.xref.header.content-location.3">C</a></li> 
    2087                   <li>Content-MD5 header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-md5.1">3.1</a>, <a href="#rfc.iref.c.10"><b>6.8</b></a>, <a href="#rfc.xref.header.content-md5.2">7.1</a></li> 
    2088                   <li>Content-Type header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-type.1">2.3</a>, <a href="#rfc.xref.header.content-type.2">4.1</a>, <a href="#rfc.iref.c.11"><b>6.9</b></a>, <a href="#rfc.xref.header.content-type.3">7.1</a></li> 
     2044                  <li>Content-Type header field&nbsp;&nbsp;<a href="#rfc.xref.header.content-type.1">2.3</a>, <a href="#rfc.xref.header.content-type.2">4.1</a>, <a href="#rfc.iref.c.10"><b>6.8</b></a>, <a href="#rfc.xref.header.content-type.3">7.1</a></li> 
    20892045               </ul> 
    20902046            </li> 
     
    21102066                        <li><tt>Content-Language</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.21"><b>6.6</b></a></li> 
    21112067                        <li><tt>Content-Location</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.22"><b>6.7</b></a></li> 
    2112                         <li><tt>Content-MD5</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.23"><b>6.8</b></a></li> 
    2113                         <li><tt>Content-Type</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.24"><b>6.9</b></a></li> 
     2068                        <li><tt>Content-Type</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.23"><b>6.8</b></a></li> 
    21142069                        <li><tt>language-range</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.19"><b>6.4</b></a></li> 
    21152070                        <li><tt>language-tag</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.10"><b>2.4</b></a></li> 
    21162071                        <li><tt>media-range</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.12"><b>6.1</b></a></li> 
    21172072                        <li><tt>media-type</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.4"><b>2.3</b></a></li> 
    2118                         <li><tt>MIME-Version</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.25"><b>A.1</b></a></li> 
     2073                        <li><tt>MIME-Version</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.24"><b>A.1</b></a></li> 
    21192074                        <li><tt>parameter</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>2.3</b></a></li> 
    21202075                        <li><tt>subtype</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>2.3</b></a></li> 
     
    21362091                        <li>Content-Language&nbsp;&nbsp;<a href="#rfc.xref.header.content-language.1">4.1</a>, <a href="#rfc.iref.h.6"><b>6.6</b></a>, <a href="#rfc.xref.header.content-language.2">7.1</a></li> 
    21372092                        <li>Content-Location&nbsp;&nbsp;<a href="#rfc.xref.header.content-location.1">4.1</a>, <a href="#rfc.iref.h.7"><b>6.7</b></a>, <a href="#rfc.xref.header.content-location.2">7.1</a>, <a href="#rfc.xref.header.content-location.3">C</a></li> 
    2138                         <li>Content-MD5&nbsp;&nbsp;<a href="#rfc.xref.header.content-md5.1">3.1</a>, <a href="#rfc.iref.h.8"><b>6.8</b></a>, <a href="#rfc.xref.header.content-md5.2">7.1</a></li> 
    2139                         <li>Content-Type&nbsp;&nbsp;<a href="#rfc.xref.header.content-type.1">2.3</a>, <a href="#rfc.xref.header.content-type.2">4.1</a>, <a href="#rfc.iref.h.9"><b>6.9</b></a>, <a href="#rfc.xref.header.content-type.3">7.1</a></li> 
    2140                         <li>MIME-Version&nbsp;&nbsp;<a href="#rfc.xref.mime-version.1">7.1</a>, <a href="#rfc.iref.h.10"><b>A.1</b></a></li> 
     2093                        <li>Content-Type&nbsp;&nbsp;<a href="#rfc.xref.header.content-type.1">2.3</a>, <a href="#rfc.xref.header.content-type.2">4.1</a>, <a href="#rfc.iref.h.8"><b>6.8</b></a>, <a href="#rfc.xref.header.content-type.3">7.1</a></li> 
     2094                        <li>MIME-Version&nbsp;&nbsp;<a href="#rfc.xref.mime-version.1">7.1</a>, <a href="#rfc.iref.h.9"><b>A.1</b></a></li> 
    21412095                     </ul> 
    21422096                  </li> 
     
    21912145            <li><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul> 
    21922146                  <li>representation&nbsp;&nbsp;<a href="#rfc.iref.r.1">4</a></li> 
    2193                   <li><em>RFC1864</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1864.1">6.8</a>, <a href="#rfc.xref.RFC1864.2">6.8</a>, <a href="#RFC1864"><b>10.1</b></a></li> 
    21942147                  <li><em>RFC1945</em>&nbsp;&nbsp;<a href="#RFC1945"><b>10.2</b></a>, <a href="#rfc.xref.RFC1945.1">B</a></li> 
    21952148                  <li><em>RFC1950</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1950.1">7.2</a>, <a href="#RFC1950"><b>10.1</b></a></li> 
     
    22432196                     </ul> 
    22442197                  </li> 
     2198                  <li><em>RFC6151</em>&nbsp;&nbsp;<a href="#RFC6151"><b>10.2</b></a>, <a href="#rfc.xref.RFC6151.1">C</a></li> 
    22452199               </ul> 
    22462200            </li> 
  • draft-ietf-httpbis/latest/p3-payload.xml

    r1259 r1267  
    633633 
    634634  <c>Content-Length</c> <c>&header-content-length;</c> 
    635   <c>Content-MD5</c> <c><xref target="header.content-md5"/></c> 
    636635  <c>Content-Range</c> <c>&header-content-range;</c> 
    637636</texttable> 
     
    14131412   interpreted relative to the effective request URI. 
    14141413</t> 
    1415 </section> 
    1416  
    1417 <section title="Content-MD5" anchor="header.content-md5"> 
    1418   <iref primary="true" item="Content-MD5 header field" x:for-anchor=""/> 
    1419   <iref primary="true" item="Header Fields" subitem="Content-MD5" x:for-anchor=""/> 
    1420   <x:anchor-alias value="Content-MD5"/> 
    1421 <t> 
    1422    The "Content-MD5" header field, as defined in <xref target="RFC1864"/>, is 
    1423    an MD5 digest of the payload body that provides an end-to-end message 
    1424    integrity check (MIC) of the payload body (the message-body after any 
    1425    transfer-coding is decoded). Note that a MIC is good for 
    1426    detecting accidental modification of the payload body in transit, but is not 
    1427    proof against malicious attacks. 
    1428 </t> 
    1429 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Content-MD5"/> 
    1430   <x:ref>Content-MD5</x:ref> = &lt;base64 of 128 bit MD5 digest as per <xref target="RFC1864"/>&gt; 
    1431 </artwork></figure> 
    1432 <t> 
    1433    The Content-MD5 header field &MAY; be generated by an origin server or 
    1434    client to function as an integrity check of the payload body. Only 
    1435    origin servers or user agents &MAY; generate the Content-MD5 header field; 
    1436    proxies &MUST-NOT; generate it, as this would defeat its 
    1437    value as an end-to-end integrity check. Any recipient &MAY; check that 
    1438    the digest value in this header field matches a corresponding digest 
    1439    calculated on payload body as received. 
    1440 </t> 
    1441 <t> 
    1442    The MD5 digest is computed based on the content of the payload body, 
    1443    including any content-coding, but not including any transfer-coding 
    1444    applied to the message-body because such transfer-codings might be 
    1445    applied or removed anywhere along the request/response chain. 
    1446    If the message is received with a transfer-coding, that encoding &MUST; 
    1447    be decoded prior to checking the Content-MD5 value against the received 
    1448    payload. 
    1449 </t> 
    1450 <t> 
    1451    HTTP extends RFC 1864 to permit the digest to be computed for MIME 
    1452    composite media-types (e.g., multipart/* and message/rfc822), but 
    1453    this does not change how the digest is computed as defined in the 
    1454    preceding paragraph. 
    1455 </t> 
    1456 <t> 
    1457    There are several consequences of this. The payload for composite 
    1458    types &MAY; contain many body-parts, each with its own MIME and HTTP 
    1459    header fields (including Content-MD5, Content-Transfer-Encoding, and 
    1460    Content-Encoding header fields). If a body-part has a Content-Transfer-Encoding 
    1461    or Content-Encoding header field, it is assumed that the content 
    1462    of the body-part has had the encoding applied, and the body-part is 
    1463    included in the Content-MD5 digest as is &mdash; i.e., after the 
    1464    application. The Transfer-Encoding header field is not allowed within 
    1465    body-parts. 
    1466 </t> 
    1467 <t> 
    1468    Conversion of all line breaks to CRLF &MUST-NOT; be done before 
    1469    computing or checking the digest: the line break convention used in 
    1470    the text actually transmitted &MUST; be left unaltered when computing 
    1471    the digest. 
    1472 </t> 
    1473 <x:note> 
    1474   <t> 
    1475     <x:h>Note:</x:h> While the definition of Content-MD5 is exactly the same for 
    1476     HTTP as in RFC 1864 for MIME entity-bodies, there are several ways 
    1477     in which the application of Content-MD5 to HTTP entity-bodies 
    1478     differs from its application to MIME entity-bodies. One is that 
    1479     HTTP, unlike MIME, does not use Content-Transfer-Encoding, and 
    1480     does use Transfer-Encoding and Content-Encoding. Another is that 
    1481     HTTP more frequently uses binary content types than MIME, so it is 
    1482     worth noting that, in such cases, the byte order used to compute 
    1483     the digest is the transmission byte order defined for the type. 
    1484     Lastly, HTTP allows transmission of text types with any of several 
    1485     line break conventions and not just the canonical form using CRLF. 
    1486   </t> 
    1487 </x:note> 
    14881414</section> 
    14891415 
     
    15691495      <xref target="header.content-location"/> 
    15701496   </c> 
    1571    <c>Content-MD5</c> 
    1572    <c>http</c> 
    1573    <c>standard</c> 
    1574    <c> 
    1575       <xref target="header.content-md5"/> 
    1576    </c> 
    15771497   <c>Content-Type</c> 
    15781498   <c>http</c> 
     
    19201840</reference> 
    19211841 
    1922 <reference anchor="RFC1864"> 
    1923   <front> 
    1924     <title abbrev="Content-MD5 Header Field">The Content-MD5 Header Field</title> 
    1925     <author initials="J." surname="Myers" fullname="John G. Myers"> 
    1926       <organization>Carnegie Mellon University</organization> 
    1927       <address><email>jgm+@cmu.edu</email></address> 
    1928     </author> 
    1929     <author initials="M." surname="Rose" fullname="Marshall T. Rose"> 
    1930       <organization>Dover Beach Consulting, Inc.</organization> 
    1931       <address><email>mrose@dbc.mtview.ca.us</email></address> 
    1932     </author> 
    1933     <date month="October" year="1995"/> 
    1934   </front> 
    1935   <seriesInfo name="RFC" value="1864"/> 
    1936 </reference> 
    1937  
    19381842<reference anchor="RFC1950"> 
    19391843  <front> 
     
    23722276</reference> 
    23732277 
     2278<reference anchor="RFC6151"> 
     2279  <front> 
     2280    <title>Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms</title> 
     2281    <author initials="S." surname="Turner" fullname="S. Turner"/> 
     2282    <author initials="L." surname="Chen" fullname="L. Chen"/> 
     2283    <date year="2011" month="March" /> 
     2284        </front> 
     2285  <seriesInfo name="RFC" value="6151" /> 
     2286</reference> 
     2287 
    23742288<reference anchor='BCP97'> 
    23752289  <front> 
     
    25792493<t> 
    25802494  Change ABNF productions for header fields to only define the field value. 
     2495  (<xref target="header.fields"/>) 
     2496</t> 
     2497<t> 
     2498        Remove definition of Content-MD5 header field because it was inconsistently 
     2499        implemented with respect to partial responses, and also because of known 
     2500        deficiencies in the hash algorithm itself (see <xref target="RFC6151"/> for details). 
    25812501  (<xref target="header.fields"/>) 
    25822502</t> 
     
    26232543 language-tag ] ) 
    26242544<x:ref>Content-Location</x:ref> = absolute-URI / partial-URI 
    2625 <x:ref>Content-MD5</x:ref> = &lt;base64 of 128 bit MD5 digest as per [RFC1864]&gt; 
    26262545<x:ref>Content-Type</x:ref> = media-type 
    26272546 
     
    26692588; Content-Language defined but not used 
    26702589; Content-Location defined but not used 
    2671 ; Content-MD5 defined but not used 
    26722590; Content-Type defined but not used 
    26732591; MIME-Version defined but not used 
     
    30662984    </t> 
    30672985    <t> 
     2986      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/178"/>: 
     2987      "Content-MD5 and partial responses" 
     2988    </t> 
     2989    <t> 
    30682990      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/276"/>: 
    30692991      "untangle ABNFs for header fields" 
Note: See TracChangeset for help on using the changeset viewer.