Skip to main content

4. Terminology

This section defines terms.

ASCII case-insensitive comparison:

means comparing two strings exactly, code point for code point, except that the characters in the ranges U+0041 .. U+005A (i.e., LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER Z) and U+0061 .. U+007A (i.e., LATIN SMALL LETTER A to LATIN SMALL LETTER Z) are considered to also match. See [Unicode].

codepoint:

is colloquial contraction of Code Point, which is any value in the Unicode codespace; that is, the range of integers from 0 to 10FFFF (hexadecimal) [Unicode].

domain name:

also referred to as "DNS name", is defined in [RFC1035] to be represented outside the DNS protocol itself (and its implementations) as a series of labels separated by periods, e.g., "example.com" or "yet.another.example.org". In the context of this specification, domain names occur in that portion of a URI satisfying the reg-name production in "Appendix A. Collected ABNF for URI" in [RFC3986], as well as the host component of the Host HTTP header field production in Section 14.23 of [RFC2616].

NOTE: A domain name appearing in an actual URI instance and matching the above production components may or may not be a fully qualified domain name.

domain name label:

is that portion of a domain name appearing "in between" the period (".") characters, i.e., considering "foo.example.com": "foo", "example", and "com" are all domain name labels.

Effective Request URI:

is the URI that an HTTP host can infer for any given HTTP request it receives, identifying the target resource. This inference is necessary because HTTP requests often do not contain a complete "absolute" URI identifying the target resource. See Section 9, "Constructing an Effective Request URI".

HTTP Strict Transport Security:

is the overall name for the combined UA- and server-side security policy defined by this specification.

HTTP Strict Transport Security Host:

is a conformant host implementing the HTTP server aspects of the HSTS Policy. This means that an HSTS Host returns the "Strict-Transport-Security" HTTP response header field in its HTTP response messages sent over secure transport.

HTTP Strict Transport Security Policy:

is the name for the combined overall UA- and server-side aspects of the behavior defined in this specification.

HSTS:

see HTTP Strict Transport Security.

HSTS Host:

see HTTP Strict Transport Security Host.

HSTS Policy:

see HTTP Strict Transport Security Policy.

Known HSTS Host:

is an HSTS Host for which the UA has an HSTS Policy in effect; i.e., the UA has noted this host as a Known HSTS Host. See Section 8.1.1, "Noting an HSTS Host - Storage Model", for details.

Local policy:

encompasses policy rules that are typically configurable by deployors and expressed as configuration settings.

MITM:

is an acronym for "man in the middle". See "man-in-the-middle attack" in [RFC4949].

Request URI:

is the URI employed to cause an UA to issue an HTTP request message. See also "Effective Request URI".

UA:

is an acronym for "user agent". For the purposes of this specification, a UA is an HTTP client application actively manipulated by a user [RFC2616].

unknown HSTS Host:

is an HSTS Host that the user agent has not noted.

Last updated on