IETF 83 - HTTPbis -16/-17/-18/-19 Changes Overview
Julian Reschke, greenbytes
History
- -16: published August 2011 (after IETF 81)
- -17: published November 2011 (before IETF 82, WG did not meet)
- -18: published January 2012
- -19: published March 2012 (before IETF 83)
Working Group Last Call for Parts 4, 5, 6, and 7 started March 15, ends April 12
Changes - General
- Document HTTP's error-handling philosophy (Ticket 186)
- effective request URI: handling of request-target * (Ticket 222)
Changes - Messaging
...plus many editorial improvements
Changes - Syntax
- Explain header registration (Ticket 215)
- Considerations for new headers (Ticket 231)
- \-escaping in quoted strings (Ticket 270)
- does etag value really use quoted-string (Ticket 306)
- header field considerations: quoted-string vs use of double quotes (Ticket 329)
- wording of line folding rule (Ticket 335)
Changes - Status Codes
- Clarify status code for rate limiting (Ticket 255)
- Strength of requirements on Accept re: 406 (Ticket 285)
- expand definition of 413 for header field size limits? (Ticket 299)
- 400 response isn't generic (Ticket 303)
- clarify that 201 doesn't require Location header fields (Ticket 331)
- relax requirements on hypertext in 3/4/5xx error responses (Ticket 332)
- example for 426 response should have a payload (Ticket 333)
...also say "Hello" to 428 (Precondition Required), 429 (Too Many Requests),
431 (Request Header Fields Too Large) and 511 (Network Authentication Required)
-- defined in draft-nottingham-http-new-status-04, now in RFC Editor Queue
Changes - Redirects
- Redirects and non-GET methods (Ticket 160)
- Requirements for user intervention during redirects (Ticket 238)
- Applying original fragment to "plain" redirected URI (Ticket 295)
- clarify 303 redirect on HEAD (Ticket 310)
- When are Location's semantics triggered? (Ticket 325)
...also say "Hello" to 308 (Permanent Redirect),
-- defined in draft-reschke-http-status-308-06, past IETF LC
Changes - Method Semantics
- message-body in CONNECT response (Ticket 250)
- Content-Range on responses other than 206 (Ticket 301)
Changes - Payload
- Location header payload handling (Ticket 185)
- is ETag a representation header field? (Ticket 330)
- Content-Location doesn't constrain the cardinality of representations (Ticket 338)
Changes - Conditionals/Range
- Security consideration: range flooding (Ticket 175)
- If-Range should be listed when dicussing contexts where L-M can be considered strong (Ticket 304)
- Add limitations to Range to reduce its use as a denial-of-service tool (Ticket 311)
- case sensitivity of ranges in p5 (Ticket 319)
Changes - Caching
- Refining age for 1.1 proxy chains (Ticket 212)
- Combining HEAD responses (Ticket 227)
- Motivate one-year limit for Expires (Ticket 290)
- Interaction of request and response Cache-Control (Ticket 293)
- SHOULD and MAY review in p6 (Ticket 313)
- Cache-Control directive case sensitivity (Ticket 317)
- Field names in cache-control header arguments (Ticket 337)
Changes - Authentication
- Relationship between 401, Authorization and WWW-Authenticate (Ticket 78)
- Realm required on challenges (Ticket 177)
- auth-param syntax (Ticket 195)
- Considerations for new authentications schemes (Ticket 257)
- LWS in auth-param ABNF (Ticket 287)
- credentials ABNF missing SP (still using implied LWS?) (Ticket 309)
- allow unquoted realm parameters (Ticket 314)
- add advice on defining auth scheme parameters (Ticket 320)
- Repeating auth-params (Ticket 321)
- recipient behavior for new auth parameters (Ticket 334)
- WWW-Authenticate ABNF slightly ambiguous (Ticket 342)
Changes - IANA/Registries
- warn-code registry (Ticket 274)
- "Close" should be reserved in the HTTP header field registry (Ticket 305)
- need to reserve "negotiate" as auth scheme name (Ticket 308)
- make IANA policy definitions consistent (Ticket 346)
Changes - Process-Related
- move RFCs 2145, 2616, 2817 to Historic status (Ticket 254)
- Revise Acknowledgements Sections (Ticket 219)
- intended maturity level vs normative references (Ticket 323)