1. Overview
Questa sezione conserva il testo RFC per optimistic HTTP/1.1 protocol transitions, inclusi request smuggling risks, parser exploit risks, existing Upgrade tokens, HTTP CONNECT requirements e IANA status.
1. Overview
This document discusses certain security considerations that arise
when switching from HTTP/1.1 to a different protocol on the same
connection. It provides:
* a review of the relevant standards,
* a discussion of the security risks that may apply if a client
sends data before the transition is confirmed,
* a security evaluation of existing upgrade tokens, and
* guidance for implementations and future standards documents.
Updates to [HTTP/1.1] and [CONNECT-UDP], including new normative
requirements, are provided in Sections 8 and 6.3, respectively.