…ifications Obsoleted by This Document Table 1 Title Reference See HTTP Over TLS RFC2818 B.1 HTTP/1.1 Message Syntax and Routing [*] RFC7230 B.2 HTTP/1.1 Semantics and Content RFC7231 B.3 HTTP/1.1 Conditional Requests RFC7232 B.4 HTTP/1.1 Range Requests RFC7233 B.5 HTTP/1.1 Authen…
…ifications Obsoleted by This Document Table 1 Title Reference See HTTP Over TLS RFC2818 B.1 HTTP/1.1 Message Syntax and Routing [*] RFC7230 B.2 HTTP/1.1 Semantics and Content RFC7231 B.3 HTTP/1.1 Conditional Requests RFC7232 B.4 HTTP/1.1 Range Requests RFC7233 B.5 HTTP/1.1 Authen…
…" URI scheme and the authenticated server identity for the "https" scheme (see [RFC2818], Section 3). 10.2. Cross-Protocol Attacks In a cross-protocol attack, an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different protoc…
…plication, designers should use it rather than invent one. The "https" scheme [ RFC2818 ] is an example of a URI scheme that, though commonly implemented by agents, is problematic for a number of reasons: It violates the principle of orthogonal specifications since the URI contai…
…l from a page fetched over HTTP. ¶ Even if calls are only possible from HTTPS [ RFC2818 ] sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page [ finer-grained ] . This could lead to…
…e Added para about "can't follow your nose" Deleted editor's note. Added ref to RFC2818 2.4.1. URI Scheme Registration. Added example of ftp in Note. [Old] 2.6.3. Work on Dynamic Authority Delegation. Deleted [Old] 2.6.4. Non-hierarchical Administration. Deleted 2.7.2. Expression…
…" URI scheme and the authenticated server identity for the "https" scheme (see [RFC2818], Section 3 ). 10.2 . Cross-Protocol Attacks In a cross-protocol attack, an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different prot…
…l from a page fetched over HTTP. ¶ Even if calls are only possible from HTTPS [ RFC2818 ] sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page [ finer-grained ] . This could lead to…
…t all from a page fetched over HTTP. Even if calls are only possible from HTTPS RFC2818 sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page finer-grained . This could lead to compr…
…e Added para about "can't follow your nose" Deleted editor's note. Added ref to RFC2818 2.4.1. URI Scheme Registration. Added example of ftp in Note. [Old] 2.6.3. Work on Dynamic Authority Delegation. Deleted [Old] 2.6.4. Non-hierarchical Administration. Deleted 2.7.2. Expression…
…tke, November 1999. Disponible à l'adresse http://www.ietf.org/rfc/rfc2718.txt. RFC2818 IETF RFC 2818: HTTP Over TLS , E. Rescorla, May 2000. Disponible à l'adresse http://www.ietf.org/rfc/rfc2818.txt. RFC3023 IETF RFC 3023: XML Media Types , M. Murata, S. St. Laurent, D. Kohn, J…
…ST): EST specifies how to transfer messages securely via HTTP over TLS (HTTPS) [RFC2818] - RFC 2818 (TLS): HTTP [RFC2616] was originally used in the clear on the Internet. - RFC 2616 (HTTP): HTTP does not use the Content-Transfer-Encoding (CTE) field of RFC 2045. - RFC 2616 (HTTP…
…" URI scheme and the authenticated server identity for the "https" scheme (see [RFC2818], Section 3 ). 10.2 . Cross-Protocol Attacks In a cross-protocol attack, an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different prot…
…" URI scheme and the authenticated server identity for the "https" scheme (see [RFC2818], Section 3 ). 10.2 . Cross-Protocol Attacks In a cross-protocol attack, an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different prot…
…" URI scheme and the authenticated server identity for the "https" scheme (see [RFC2818], Section 3 ). 10.2 . Cross-Protocol Attacks In a cross-protocol attack, an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different prot…