Zum Hauptinhalt springen

1. Overview

Dieser Abschnitt bewahrt den RFC-Text fuer optimistic HTTP/1.1 protocol transitions, einschliesslich request smuggling risks, parser exploit risks, existing Upgrade tokens, HTTP CONNECT requirements und IANA status.

1.  Overview

This document discusses certain security considerations that arise
when switching from HTTP/1.1 to a different protocol on the same
connection. It provides:

* a review of the relevant standards,

* a discussion of the security risks that may apply if a client
sends data before the transition is confirmed,

* a security evaluation of existing upgrade tokens, and

* guidance for implementations and future standards documents.

Updates to [HTTP/1.1] and [CONNECT-UDP], including new normative
requirements, are provided in Sections 8 and 6.3, respectively.