From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc2936.txt | 731 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 731 insertions(+) create mode 100644 doc/rfc/rfc2936.txt (limited to 'doc/rfc/rfc2936.txt') diff --git a/doc/rfc/rfc2936.txt b/doc/rfc/rfc2936.txt new file mode 100644 index 0000000..ff31e05 --- /dev/null +++ b/doc/rfc/rfc2936.txt @@ -0,0 +1,731 @@ + + + + + + +Network Working Group D. Eastlake +Request for Comments: 2936 Motorola +Category: Informational C. Smith + Royal Bank of Canada + D. Soroka + IBM + September 2000 + + + HTTP MIME Type Handler Detection + +Status of this Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2000). All Rights Reserved. + +Abstract + + Entities composing web pages to provide services over the Hypertext + Transfer Protocol (HTTP) frequently have the problem of not knowing + what Multipurpose Internet Mail Extensions (MIME) types have handlers + installed at a user's browser. For example, whether an Internet Open + Trading Protocol (IOTP) or VRML or SET or some streaming media + handler is available. In some cases they would want to display + different web pages or content depending on a MIME handler's + availability. This document summarizes reasonable techniques to + solve this problem for most of the browsers actually deployed on the + Internet as of early 2000. It is intended to be of practical use to + implementors during the period before the wide deployment of superior + standards based techniques which may be developed. + +Acknowledegements + + Helpful comments by Tony Lewis of Visa have been incorporated. + + + + + + + + + + + + +Eastlake, et al. Informational [Page 1] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + +Table of Contents + + 1. Introduction................................................. 2 + 2. The HTTP 'Accept' Header..................................... 2 + 3. JavaScript................................................... 3 + 4. ActiveX and the Windows Registry............................. 4 + 5. ECML, The Electronic Commerce Modeling Language.............. 4 + 6. Putting It All Together...................................... 5 + 7. Future Development........................................... 5 + 8. Security Considerations...................................... 5 + 9. IANA Considerations.......................................... 6 + References...................................................... 6 + Appendix A: Browser Version Sniffer Code........................ 8 + Authors' Addresses.............................................. 12 + Full Copyright Statement........................................ 13 + +1. Introduction + + Entities composing web pages to provide services over [HTTP] + frequently have the problem of not knowing what [MIME] types have + handlers installed at a user's browser. For example, whether an + [IOTP] or VRML or [SET] or some streaming media handler is available. + In many cases they would want to display different web pages or + content depending on a MIME handler's availability. Sending a + response with a MIME type that is not supported frequently results in + interrupting the flow of the user experience, browser queries as to + what to do with the data being provided, and, of course, failure to + provide the behavior that would have occurred had the correct MIME + type handler been installed. + + This document describes reasonable techniques to solve this problem + for most of the browsers actually deployed on the Internet as of + early 2000. It is intended to be of practical use to implementors + during the period before the wide deployment of superior standards + based techniques which may be developed. It is written in terms of + determining whether a handler for application/iotp or application/x- + iotp exists but is equally applicable to other MIME types. + +2. The HTTP 'Accept' Header + + The problem should be solved by the Hyper Text Transport Protocol + [HTTP] request "Accept" header which lists accepted [MIME] types. + This header is present in both Version 1.0 and 1.1 of HTTP and its + content is supposed to be a list of MIME types and subtypes that are + accepted. The only problem is that many browsers just send "*/*" or + the like. + + + + + +Eastlake, et al. Informational [Page 2] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + + If the particular MIME type you are looking for is specifically + present in the Accept header, it is generally safe to assume that a + handler for it is actually installed or part of the browser. + + NOTE: Although not part of the main topic of this document, if you + are designing MIME type handler software and have access to a browser + interface that allows you to request the insertion of the MIME type + or types your software handles into the Accept header, you generally + should do so. It will make it easier for servers sensitive to that + MIME type to respond correctly. + +3. JavaScript + + Most recent browsers support one or more scripting languages of which + the most widely deployed is "JavaScript". These scripting languages + appear in web pages and permit the interpretive execution of + programming language constructs that can probe the browser + environment, conditionally cause different page contents to be + displayed, etc. For example, Appendix A shows JavaScript available + from the Netscape web site for determining what operating system, + browser, and version on which a web page is appearing. + + NOTE: JavaScript is a trademark of SUN Microsystems, Inc. It was + originally called LiveScript. It has nothing to do with the Java + language. + + The syntax for script use appears to be a Hyper Text Markup Language + (HTML) comment so that browsers that do not support scripting will + ignore such items. That is, script use is preceded by "". The following is a simple example of + conditional execution of parts of a web page based on JavaScript MIME + type handler detection. + + + + + + + +Eastlake, et al. Informational [Page 3] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + +4. ActiveX and the Windows Registry + + If running on Microsoft Windows Internet Explorer version 3 or 4, it + is necessary to query the Windows Registry to determine local MIME + type support. Although these broswers support JavaScript, in v3 the + mimeTypes array is not present and in v4 the mimeTypes array is + present but always empty. For example, executing the following code + will test for support of the IOTP types: + + CString iotpString, xiotpString; + char* Key, Keyx; + + int rc, rcx; + iotpString = + "SOFTWARE\Classes\MIME\Database\Content Type\application/iotp"; + xiotpString = + "SOFTWARE\Classes\MIME\Database\Content Type\application/x-iotp"; + Key = iotpString.GetBuffer(1); + Keyx = xiotpString.GetBuffer(1); + rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Key, 0, KEY_READ, hDefKey); + rcx = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Keyx, 0, KEY_READ, hDefKey); + if ( ( rc == ERROR_SUCCESS ) || ( rcx == ERROR_SUCCESS ) ) + { + // IOTP Handler exists + } + else + { + // No IOTP Handler + } + + NOTE: ActiveX is a trademark of Microsoft and was originally called + Sweeper. + +5. ECML, The Electronic Commerce Modeling Language + + A industry group has recently proposed a standard for fields used in + electronic commerce. This fields allow "wallet" software acting for + the consumer to convey standardized information to a merchant, + including information as to what payment related protocols are + supported at the customer site. See [ECML]. + + + + + + + + + + + +Eastlake, et al. Informational [Page 4] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + +6. Putting It All Together + + The following diagram indicates how these techniques can be put + together. + + start>-----+ + | + +------------------+ + | Was desired type | NO +-------------------------+ + |found in Accept? |------------>| Is JavaScript available | + +------------------+ |and does it show type? | + | +-------------------------+ + YES | | | | + |<---------------------------+ | NO | + | YES | | + | +---| + | V | + remember | Indeterminate. remember | + that |. Take default that type | + type IS | action. is NOT | + supported| supported | + X done X + +7. Future Development + + Active work is proceeding in the IETF, World Wide Web Consortium + [W3C], and other standards and industry groups concerning content and + capabilities negotiation. This work is likely to lead to superior + methods to implement the functionality described herein. However, + near universal deployment of such new standards/features will take + some time. Thus you should expect the methods given herein to be + obsoleted, but perhaps not for some time. + +8. Security Considerations + + It should be noted that the variety of ActiveX control suggested + above is reading the user's registry, that is, examining their + computer and reporting back some information it has discovered. This + may be a concern among some users. + + + + + +Eastlake, et al. Informational [Page 5] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + + In general, the use of JavaScript and, even more so, ActiveX is + dangerous because they are so powerful. JavaScript or ActiveX from a + web page could be invisibly damaging to the client. + + Security of web interactions is normally provided by adopting channel + encryption on the browser to server connections, such as [TLS]. In + the absence of some such additional security outside of HTTP, + requests and/or responses may be forged or tampered with. + +9. IANA Considerations + + None specific to the techniques described herein. For MIME types and + type registration procedures, see [MIME: RFCs 2046, 2048]. + +References + + [ECML] Eastlake, D. and T. Goldstein, "ECML v1: Field Names for E- + Commerce", RFC 2706, October 1999. + + [HTTP] Berners-Lee, T., Fielding, R. and H. Frystyk, "Hypertext + Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. + + [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, + L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol + -- HTTP/1.1", RFC 2616, June 1999. + + [IOTP] Burdett, D., "Internet Open Trading Protocol - IOTP Version + 1.0", RFC 2801, April 2000. + + [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail + Extensions (MIME) Part One: Format of Internet Message + Bodies", RFC 2045, November 1996. + + [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail + Extensions (MIME) Part Two: Media Types", RFC 2046, November + 1996. + + [MIME] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part + Three: Message Header Extensions for Non-ASCII Text", RFC + 2047, November 1996. + + [MIME] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet + Mail Extensions (MIME) Part Four: Registration Procedures", + RFC 2048, November 1996. + + + + + + + +Eastlake, et al. Informational [Page 6] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + + [SET] "Secure Electronic Transaction (SET) Specification, Version + 1.0", May 31, 1997, available from . + Book 1: Business Description + Book 2: Programmer's Guide + Book 3: Formal Protocol Definition + + [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC + 2246, January 1999. + + [W3C] World Wide Web Consortium, + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Eastlake, et al. Informational [Page 7] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + +Appendix A: Browser Version Sniffer Code + + + +Authors' Addresses + + Donald E. Eastlake 3rd + Motorola + 140 Forest Avenue + Hudson, MA 01749 USA + + Phone: +1 978-562-2827(h) + +1 508-261-5434(w) + Fax: +1 508-261-4447(w) + EMail: Donald.Eastlake@motorola.com + + + Chris J. Smith + Royal Bank of Canada + 277 Front Street West + Toronto, Ontario M5V 3A4 CANADA + + Phone: +1 416-348-6090 + Fax: +1 416-348-2210 + EMail: chris.smith@royalbank.com + + + David M. Soroka + IBM + Raleigh, NC + + Phone: +1 919-486-2684 + Fax: +1 919-543-4653 + EMail: dsoroka@us.ibm.com + + + + + + + + + + + + + + + + + + + +Eastlake, et al. Informational [Page 12] + +RFC 2936 HTTP MIME Type Handler Detection September 2000 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2000). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Eastlake, et al. Informational [Page 13] + -- cgit v1.2.3