Status of this Memo
This document is under review by the UPnP Forum Technical Committee.
It was previously submitted to the IETF as an Internet Draft and has
expired. This document is formatted in a manner consistent with the
IETF formatting guidelines to facilitate possible future
consideration by the IETF.
This document is available on
Abstract
This document provides rules for encapsulating HTTP messages in
multicast and unicast UDP packets to be sent within a single
administrative scope. No provisions are made for guaranteeing
delivery beyond re-broadcasting.
1. Introduction
This document provides rules for encapsulating HTTP messages in
multicast and unicast UDP messages. No provisions are made for
guaranteeing delivery beyond re-broadcasting.
This technology is motivated by applications such as SSDP where it
is expected that messages which are primarily transmitted over TCP
HTTP need to be transmitted over Multicast or Unicast UDP, because
of the unique requirements of extremely lightweight servers.
This document will not specify a mechanism suitable for replacing
HTTP over TCP. Rather this document will define a limited mechanism
only suitable for extreme circumstances where the use of TCP is
impossible. Thus this mechanism will not have the robustness of
functionality and congestion control provided by TCP. It is expected
that in practice the mechanisms specified here in will only be used
as a means to get to TCP based HTTP communications.
2. Changes
2.1. Since 00
Divided each section of the spec into three parts, problem
definition, proposed solution and design rationale. When the spec is
ready for standardization the problem definition and design
rationale sections will be removed. Design rationale is presented in
Goland, Schlimmer 1
UPnP Forum UDP HTTP 24 Aug 2000
question/answer form because I have found that to be very effective
in addressing design issues.
Clarified that a HTTPU/HTTPMU URI without an abs_path translates to
"*" in the request-URI.
Added the S header to allow request and responses to be associated.
Note that while clients aren't required to send out S headers,
servers are required to return them.
Got rid of MM. The lower bound is always 0.
The introduction of the S header makes proxying and caching possible
so the sections on those topics have been expanded, but they should
be considered experimental at best.
2.2. Since 02
Added requirement for HTTP/1.1 as the version identifier in the
request line. (See section on HTTP Version in Request Line.)
Removed requirement that requests without an S header MUST NOT be
responded to. (See section on Unicast UDP HTTP Messages.)
Clarified that a server should respond to each request it receives
but not duplicate those responses. (See section on Retrying
Requests.)
Clarified caching when responding to repeated requests. (See section
on Caching.)
Expanded that if a server has > 1 response per HTTPMU request, it
should spread them out. (See section on MX header.)
Tied behavior of duplicate responses with the same S header value to
the semantics of the method (was discard duplicates). (See section
on S header.)
Outlined initial security considerations. (See section on Security.)
2.3. Since 03
Clarified the "no abs_path" requirement for HTTPU/HTTPMU request-
URIs.
Clarified use of "*" as a request-URI.
Removed requirement for HTTPU/HTTPMU servers to support "chunked"
transfer-coding.
3. Terminology
Since this document describes a set of extensions to the HTTP/1.1
protocol, the augmented BNF used herein to describe protocol
Goland, Schlimmer 2
UPnP Forum UDP HTTP 24 Aug 2000
elements is exactly the same as described in section 2.1 of
[RFC2616]. Since this augmented BNF uses the basic production rules
provided in section 2.2 of [RFC2616], these rules apply to this
document as well.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
4. HTTPU URL
4.1. Problem Definition
A mechanism is needed to allow for communications that are to be
sent over Unicast UDP HTTP to be identified in the URI namespace.
4.2. Proposed Solution
The HTTPU URL specifies that the HTTP request be sent over unicast
UDP according to the rules laid out in this document.
HTTPU_URL = "HTTPU:" "//" host [ ":" port ] [ abs path [ "?" query]]
The BNF productions host, port and abs path are defined in
[RFC2616].
The syntax of the HTTPU URL is to be processed identically to the
HTTP URL with the exception of the transport.
One MUST NOT assume that if a HTTP, HTTPU or HTTPMU URL are
identical in all ways save the protocol that they necessarily point
to the same resource.
4.3. Design Rationale
4.3.1. Why would we ever need a HTTPU/HTTPMU URL?
Imagine one wants to tell a system to send responses over HTTPU. How
would one express this? If one uses a HTTP URL there is no way for
the system to understand that you really meant HTTPU.
5. HTTPMU URL
5.1. Problem Definition
A mechanism is needed to allow for communications that are to be
sent over Multicast UDP HTTP to be identified in the URI namespace.
5.2. Proposed Solution
The HTTPMU URL specifies that the HTTP request that HTTP request is
to be sent over multicast UDP according to the rules laid out in
this document.
Goland, Schlimmer 3
UPnP Forum UDP HTTP 24 Aug 2000
HTTPMU_URL = "HTTPMU:" "//" host [ ":" port ] [ abs path [ "?"
query]]
The BNF productions host, port and abs path are defined in
[RFC2616].
The syntax of the HTTPMU URL is to be processed identically to the
HTTP URL with the exception of the transport.
One MUST NOT assume that if a HTTP, HTTPU or HTTPMU URL are
identical in all ways save the protocol that they necessarily point
to the same resource.
If a HTTPMU URL does not have an abs path element then when the HTTP
multicast UDP request is made the request-URI MUST be "*".
For example, HTTPU:// would translate into a request-URI
of "*". A request-URI of HTTPU:/// would still translate
to the absoluteURI "HTTPU:///".
5.3. Design Rationale
5.3.1. In the HTTPMU URL a request such as http:// is
translated to a "*" in the request-URI rather than a "/", why
isn't the same the case for HTTPU?
A HTTPU request is a point-to-point request. There is one sender and
one receiver. Thus the semantics of the URL are identical to HTTP
with the exception of the transport.
Generally, a HTTPMU client will want to send its request to many
receivers at once, where each receiver represents a different set of
resources. A client can specify this in the HTTPMU request itself by
using the request-URI "*". Unfortunately, there is no present way to
construct an HTTP URL that will have this request-URI. As such, a
mechanism had to be added.
5.3.2. Why would an HTTPMU client want to use a request-URI of "*"
anyway?
In TCP HTTP, the client will often specify a single resource on
which the request should operate. For example, a GET of the URL
should retrieve the resource at that single,
well-defined location.
One big reason for a client to send a request over multicast UDP,
though, is the ability to send a request to many receivers at once,
even when the number of receivers is not known.
Specifying an absoluteURI in the request, though, would defeat this;
all receivers without that exact resource would be forced to reject
the request.
Goland, Schlimmer 4
UPnP Forum UDP HTTP 24 Aug 2000
By specifying a request-URI of "*" client signifies that the request
"does not apply to a particular resource, but to the server itself,
and is only allowed when the method used does not necessarily apply
to a resource." [RFC 2616]
5.3.3. So when would an HTTPMU client want to use a request-URI other
than "*"?
This may be useful when a client knows the URI for the resource, but
not the server on which the resource lives. If the client knows
both, though, it is expected that TCP HTTP or HTTPU would be used.
Servers MUST NOT assume that an HTTPMU request containing an
absoluteURI necessarily refers to the same resource as a HTTPU
request with the same absoluteURI. For example, servers that support
both HTTPMU and HTTPU may reject a request for a particular resource
when received through HTTPMU, but accept it when received through
HTTPU.
6. HTTP Version in Request Line
6.1. Problem Definition
A message format identifier is needed for the HTTPU and HTTPMU
request lines.
6.2. Proposed Solution
Request lines for HTTPU and HTTPMU requests MUST use HTTP/1.1 as the
version.
Request-Line = Method SP Request-URI SP HTTP/1.1 CRLF
The BNF production Method is defined in [RFC2616].
6.3. Design Rationale
6.3.1. Why not define separate HTTPU and HTTPMU versions?
While HTTP/1.1 does hint at underlying features (like pipelining),
it principally specifies a message format. HTTPU and HTTPMU use the
same message format as defined by HTTP/1.1. Reusing this message
format identifier enables syntactic parsing / generating of HTTPU
and HTTPMU request by existing HTTP message mungers.
6.3.2. If the version in the request line is the same as an HTTP
request, once a request was stored, how could one distinguish an
HTTPU (or HTTPMU) request from an HTTP request?
TBD
7. Unicast UDP HTTP Messages
Goland, Schlimmer 5
UPnP Forum UDP HTTP 24 Aug 2000
7.1. Problem Definition
A mechanism is needed to send HTTP messages over the unicast UDP
transport.
7.2. Proposed Solution
HTTP messages sent over unicast UDP function identically to HTTP
messages sent over TCP as defined in [RFC2616] except as specified
below.
For brevity's sake HTTP messages sent over unicast UDP will be
referred to as HTTPU messages.
HTTPU messages MUST fit entirely in a single UDP message. If a HTTPU
message can not be fit into a single UDP message then it MUST NOT be
sent using unicast UDP. Incomplete HTTPU messages SHOULD be ignored.
The request-URI of a HTTPU message MUST always be fully qualified.
A single unicast UDP message MUST only contain a single HTTPU
message. As such, an HTTPU server MAY reject messages with "chunked"
transfer-coding.
When responding to a HTTPU request with an S header the rules for
the proper handling of S headers, as specified below MUST be
followed.
7.3. Design Rationale
See also the subsection on the S header below for the design
rationale of the S header.
7.3.1. Why can't a single HTTP message be sent over multiple UDP
messages?
The ability to send unlimited size messages across the Internet is
one of the key features of TCP. The goal of this paper is not to
reinvent TCP but rather to provide a very simple emergency back up
HTTP system that can leverage UDP where TCP cannot be used. As such
features to allow a single HTTP message to span multiple UDP
messages is not provided.
7.3.2. Why are request-URIs sent over HTTPU required to be fully
qualified?
A relative URI in a HTTP message is assumed to be relative to a HTTP
URL. However this would clearly be inappropriate for a HTTPU or
HTTPMU message. The easiest solution would be to simply state that a
relative URI is relative to the type of message it was sent in. But
one of the goals of this draft is to allow current HTTP message
processors to be able to munch on HTTPU/HTTPMU messages and this
would cause a change to those processors.
Goland, Schlimmer 6
UPnP Forum UDP HTTP 24 Aug 2000
The cost of this simplification is that you repeat the host
information, once in the URI and once in the host header.
But again, taking out the host header would make a lot of existing
HTTP message munchers very unhappy.
7.3.3. Why is the requirement for ignoring incomplete HTTPU messages a
SHOULD instead of a MUST?
Some systems use a lot of redundant data or have good mechanisms for
handling partial data. As such they could actually do something
intelligent with a partial message. A SHOULD allows them to do this
while still making it clear that in the majority case partial
HTTPU/HTTPMU messages are going to get thrown out.
7.3.4. Why aren't multiple HTTP messages allowed into a single UDP
message if they will fit?
It was easier to ban it, and it didn't seem to buy us much. It was
especially worrying because it would start to convince people that
they could actually order their UDP requests in a pipelinesque
manner. It was easier to just keep things simple and ban it.
7.3.5. Why aren't we allowed to leave off content-lengths if only a
single HTTPU message is allowed in a UDP message?
In general we try to only change from RFC 2616 when we are forced
to. Although including a content-length is annoying it makes it easy
to use HTTP/1.1 message parsing/generating systems with this spec.
7.3.6. Why might a HTTPU message choose to not have an S header?
Leaving off the S header would be useful for throwaway events. In
systems with a high event rate it is usually easier to just throw
away an event rather than re-sending it. As such there is no real
benefit to correlating unnecessary responses with requests.
7.3.7. Why isn't the MX header used on HTTPU messages?
As HTTPU messages are point-to-point there will be exactly one
response. MX is only useful in cases, such as HTTPMU requests, where
there can be many potential responses from numerous different
clients. MX helps to prevent the client from getting creamed with
responses.
7.3.8. Can I send 1xx responses over HTTPU?
Yes. Error handling is identical to RFC 2616.
8. Multicast UDP HTTP Requests
8.1. Problem Definition
Goland, Schlimmer 7
UPnP Forum UDP HTTP 24 Aug 2000
A mechanism is needed to send HTTP messages over the multicast UDP
transport.
8.2. Proposed Solution
HTTP messages sent over multicast UDP MUST obey all the requirements
for HTTPU messages in addition to the requirements provided below.
For brevity's sake HTTP messages sent over multicast UDP will be
referred to as HTTPMU messages.
Resources that support receiving multicast UDP HTTP requests MUST
honor the MX header if included in the request.
If a resource has a single response, it MUST generate a random
number between 0 and MX that represents the number of seconds the
resource MUST wait before sending a response. If a resource has
multiple responses per request, it SHOULD send these resources
spread over the interval [0..MX]. This prevents all responses from
being sent at once.
HTTP clients SHOULD keep listening for responses for a reasonable
delta of time after MX. That delta will be based on the type of
network the request is being sent over. This means that if a server
cannot respond to a request before MX then there is little point in
sending the response, as the client will most likely not be
listening for it.
When used with a multicast UDP HTTP request, the "*" request-URI
means "to everyone who is listening to this IP address and port."
A HTTPMU request without a MX header MUST NOT be responded to.
8.3. Design Rationale
8.3.1. Why is there a "delta" after the MX time when the client should
still be listening?
So let's say the MX value is 5 seconds. The HTTP resource generates
a number between 0 and 5 and gets 5. After 5 seconds of waiting the
HTTP resource will send its response.
Now for some math:
0.5 seconds - Time it took the client's request to reach
the HTTP resource.
5 seconds - Time the HTTP resource waited after
receiving the message to respond, based on
the MX value.
0.5 seconds - Time for the response to get back to the
client.
Total time elapsed - 6 seconds
Goland, Schlimmer 8
UPnP Forum UDP HTTP 24 Aug 2000
If the client only waits 5 seconds, the MX value, then they would
have stopped listening for this response by the time it arrived,
hence the need for the delta.
8.3.2. What should the "delta" after MX expires be?
Unfortunately this is an impossible question to answer. How fast is
your network? How far is the message going? Is there any congestion?
In general delta values will be set based on a combination of
heuristics and application necessity. That is, if you are displaying
information to a user any data that comes in after 20 or 30 seconds
is probably too late.
8.3.3. When would a HTTPMU request not be responded to?
When a HTTP resource is making a general announcement, such as "I am
here", it generally isn't useful to have everyone respond confirming
they received the message. This is especially the case given that
the HTTP resource probably doesn't know who should have received the
announcement so the absence of a HTTP client in the responses
wouldn't be meaningful.
Whether a particular request requires a response is dependant on the
application, and is beyond the scope of this specification.
8.3.4. Why do we require the MX header on HTTPMU requests that are to
be responded to?
This is to prevent overloading the HTTP client. If all the HTTP
resources responded simultaneously the client would probably loose
most of the responses as its UDP buffer overflowed.
9. Retrying Requests
9.1. Problem Definition
UDP is an unreliable transport with no failure indicators; as such
some mechanism is needed to reasonably increase the chance that a
HTTPU/HTTPMU message will be delivered.
9.2. Proposed Solution
UDP is an inherently unreliable transport and subject to routers
dropping packets without notice. Applications requiring delivery
guarantees SHOULD NOT use HTTPU or HTTPMU.
In order to increase the probability that a HTTPU or HTTPMU message
is delivered the message MAY be repeated several times. If a
multicast resource would send a response(s) to any copy of the
request, it SHOULD send its response(s) to each copy of the request
it receives. It MUST NOT repeat its response(s) per copy of the
reuqest.
Goland, Schlimmer 9
UPnP Forum UDP HTTP 24 Aug 2000
In order to prevent the network from being flooded a message SHOULD
NOT be repeated more than MAX_RETRIES time. A random period of time
between 0 and MAX_RETRY_INTERVAL SHOULD be selected between each
retry to determine how long to wait before issuing the retry.
9.3. Design Rationale
9.3.1. Why is the requirement "applications requiring delivery
guarantees should not use HTTPU or HTTPMU" only a SHOULD and not
a MUST?
Because there might come a day when it makes sense to use HTTPU or
HTTPMU for guaranteed delivery and there is no reason to completely
ban the possibility.
9.3.2. Why is the requirement that a request not be repeated more than
MAX_RETRIES times a SHOULD and not a MUST?
Local knowledge may make the limit unnecessary. For example, if one
knew that the message was being delivered using a super reliable
network then repeats are not necessary. Similarly if one knew that
the network the requests were going through were particularly
unreliable and assuming one had properly accounted for the effects
of additional messages on that congestion, one might have a good
reason to send more than MAX_RETRIES.
9.3.3. Why SHOULD multicast resources respond to each copy of a request
it receives?
Because the earlier responses might have been lost.
9.3.4. Why MUST multicast resources not repeat its response(s) to each
copy of a request it receives?
This strategy provides the lowest network loading for any desired
level of reliability, or equivalently, the highest reliability for
any specified level of network loading.
10. Caching
10.1. Problem Definition
Caching is a feature that has demonstrated its usefulness in HTTP,
provisions need to be made to ensure that HTTPU/HTTPMU messages can
be cached using a consistent algorithm.
10.2. Proposed Solution
[Ed. Note: Never having tried to actually build a HTTPU/HTTPMU
generic cache we suspect there are some very serious gotchas here
that we just haven't found yet. This section should definitely be
treated as "under development."]
Goland, Schlimmer 10
UPnP Forum UDP HTTP 24 Aug 2000
Caching rules for HTTPU/HTTPMU responses are no different than
normal HTTP responses. HTTPU/HTTPMU responses are matched to their
requests through the S header value.
When responding to a multicast request, a resource MAY cache its
response(s) and retransmit from the cache in response to duplicate
requests.
10.3. Design Rationale
10.3.1. Wouldn't it be useful to be able to cache HTTPU/HTTPMU requests
if they don't have responses?
Yes, it probably would, especially if we are talking about a client-
side cache. It is probably worth investigating the use of cache
control headers on requests for this very purpose.
11. Proxying UDP HTTP Requests
11.1. Problem Definition
For security or caching reasons it is sometimes necessary to place a
proxy in a message path. Provisions need to be made to ensure that
HTTPU/HTTPMU messages can be proxied.
11.2. Proposed Solution
[Ed. Note: This section should be considered experimental. No one
has really had to design much less implement a HTTPU/HTTPMU proxy
yet.]
All transport independent rules for proxying, such as length of time
to cache a response, hop-by-hop header rules, etc. are the same for
HTTPU/HTTPMU as they are for HTTP messages.
[Ed. Note: I'm not sure how far to go into the "transport
independent rules". The RFC 2616 doesn't really call them out very
well but I also don't want to have to re-write RFC 2616 spec inside
this spec.]
The transport dependent rules, however, are different. For example,
using TCP any pipelined messages are guaranteed to be delivered in
order. There are no ordering guarantees of any form for HTTPU/HTTPMU
proxies.
In general a proxy is required to forward a HTTPU/HTTPMU message
exactly once. It SHOULD NOT repeat the message. Rather the client is
expected to repeat the message and, as the proxy receives the
repeats, they will be forwarded.
Note that it is acceptable, if not encouraged, for proxies to
analyze network conditions and determine the likelihood, on both
incoming and outgoing connections, of UDP messages being dropped. If
Goland, Schlimmer 11
UPnP Forum UDP HTTP 24 Aug 2000
the likelihood is too high then it would be expected for the proxy,
taking into consideration the possibility of making congestion even
worse, to repeat requests and responses on its own. In a sense the
proxy could be thought of as a signal regenerator. This is why the
prohibition against repeating messages is a SHOULD NOT rather than a
MUST NOT.
HTTPMU messages are sent with the assumption that the message will
only be seen by the multicast address they were sent to. Thus when a
proxy forwards the request it is expected to only do so to the
appropriate multicast channel. Note, however, that proxies may act
as multicast bridges.
Also note that proxied HTTPMU messages with a HTTPMU URL without an
absolute path are to be treated as if they were sent to the
specified multicast address with the request-URI "*".
If a HTTPMU request is sent with a host that does not resolve to a
multicast address then the request MUST be rejected with a 400 Bad
Request error.
There is no requirement that a HTTPU proxy support HTTPMU or vice
versa.
11.3. Design Rationale
11.3.1. Why would anyone proxy HTTPMU requests?
Proxying HTTPMU requests can be a neat way to create virtual
multicast channels. Just hook a bunch of proxies together with
unicast connections and tell the proxies' users that they are all on
the same multicast scope.
12. HTTP Headers
12.1. AL (Alternate Location) General Header
12.1.1. Problem Definition
There are many instances in which a system needs to provide location
information using multiple URIs. The LOCATION header only allows a
single URI. Therefore a mechanism is needed to allow multiple
location URIs to be returned.
12.1.2. Proposed Solution
AL = "AL" ":" 1*("<" AbsoluteURI ">") ; AbsoluteURI is defined in
section 3.2.1 of [RFC2616]
The AL header is an extension of the LOCATION header whose semantics
are the same as the LOCATION header. That is, the AL header allows
one to return multiple locations where as the LOCATION header allows
one to return only one. The contents of an AL header are ordered. If
Goland, Schlimmer 12
UPnP Forum UDP HTTP 24 Aug 2000
both a LOCATION header and an AL header are included in the same
message then the URI in the LOCATION header is to be treated as if
it were the first entry in the AL header. The AL header MAY be used
by itself but implementers should be aware that existing systems
will ignore the header.
12.1.3. Design Rationale
12.1.3.1. Why not just fix the BNF for the LOCATION header?
This is tempting but the goal of maintaining compatibility with RFC
2616's message format overrides the usefulness of this solution.
12.2. MX Request Header
12.2.1. Problem Definition
A mechanism is needed to ensure that responses to HTTPMU requests do
not come at a rate greater than the requestor can handle.
12.2.2. Proposed Solution
MX = "MX" ":" Integer
Integer = First_digit *More_digits
First_digit = "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
More_digits = "0" | First_digit
The value of the MX header indicates the maximum number of seconds
that a multicast UDP HTTP resource MUST wait before it sends a
response stimulated by a multicast request.
HTTP resources MAY treat any MX header value greater than MX_MAX as
being equal to MX_MAX.
12.2.3. Design Rationale
12.2.3.1. Why is MX in seconds?
In practice wait periods shorter than a second proved useless and
longer proved too coarse. Of course as faster networks get deployed
finer-grain times would be useful, but we need a compromise
measurement that will meet everyone's needs. Seconds seem to do that
quite well.
12.2.3.2. Couldn't MX still overload the requestor if there are too
many responders?
Absolutely. If there are a 100,000 clients that want to respond even
pushing them over 30 seconds on a 10 Mbps link is still going to
blow both the client and the network away. However the only way to
prevent these sorts of situations is to know the current available
network bandwidth and the total number of likely responders ahead of
Goland, Schlimmer 13
UPnP Forum UDP HTTP 24 Aug 2000
time. Both generally prove between difficult to impossible to figure
out. So we are left with heuristics and the MX header.
12.3. S (Sequence) General Header
12.3.1. Problem Definition
A mechanism is needed to associate HTTPU/HTTPMU requests with
responses, as UDP does not have any connection semantics.
12.3.2. Proposed Solution
S = "S" ":" AbsoluteURI
The S header is a URI that is unique across the entire URI namespace
for all time. When an S header is sent on a HTTPU/HTTPMU request it
MUST be returned, with the same value, on the response.
If a client receives multiple responses with the same S header then
the client MAY assume that all the responses are in response to the
same request. If the messages differ from each other then the client
MUST behave based on the specification of the request method.
12.3.3. Design Rationale
12.3.3.1. Why do we need the S header?
Without an S header the only way to match requests with responses is
to ensure that there is enough information in the response to know
what request it was intended to answer. Even in that case it is
still possible to confuse which request a response goes to if it
does not have the equivalent of an S header.
12.3.3.2. Why aren't S headers mandatory on all requests with a
response?
Some systems don't need them.
12.3.3.3. Why aren't S headers guaranteed to be sequential so you could
do ordering?
Because HTTPU/HTTPMU is not interested in ordering. If one wants
ordering one should use TCP.
12.3.3.4. Do S headers allow detecting and removing duplicates?
Yes, for methods (like GET) that define a single responses to a
request. No, for methods (like SEARCH) that define multiple
responses to a request.
13. Interaction of HTTP, HTTPU and HTTPMU Messages
13.1. Problem Definition
Goland, Schlimmer 14
UPnP Forum UDP HTTP 24 Aug 2000
[Ed. Note: Concerns include HTTPU request redirected to HTTP? > 1
HTTPU responses to 1 HTTPMU request?]
13.2. Proposed Solution
TBD
13.3. Design Rationale
TBD
14. Security Considerations
All the normal HTTP security considerations apply.
14.1. Cookies
There is no danger that the S header will be used as a cookie since
the client generates it, and the server returns it. (A cookie is
generated by a server and returned by the client.)
14.2. Spoofing
Servers and multicast resources could fake S headers, but this is
not a major threat if some form of authentication over UDP is used.
(Defining authentication over UDP is beyond the scope of this
document, but briefly, one could assume the challenge and send the
authentication response as part of the HTTPU/MU request.)
14.3. Lost Requests
TBD
14.4. Oversized Requests
TBD
15. Acknowledgements
Thanks to John Stracke for his excellent comments. Dale Worley
devised the single-response-per-each-copy-of-request mechanism
outlined in the section on Retrying Requests. Chris Rude clarified
request URI rules.
16. Constants
MAX_RETRIES - 3
MAX_RETRY_INTERVAL - 10 seconds
MAX_MX - 120 seconds
17. Reference
Goland, Schlimmer 15
UPnP Forum UDP HTTP 24 Aug 2000
[RFC2119] S. Bradner. Key words for use in RFCs to Indicate
Requirement Levels. RFC 2119, March 1997.
[RFC2616] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L.
Masinter, P. Leach and T. Berners-Lee. Hypertext Transfer Protocol -
HTTP/1.1. RFC 2616, November 1998.
阅读(3219) | 评论(0) | 转发(0) |
