[119] in WWW Security List Archive
LOOK OUT! S-HTTP is NOT an RFC, NOT an Internet-Draft
daemon@ATHENA.MIT.EDU (Robert W. Shirey)
Tue Sep 13 17:18:01 1994
Date: Tue, 13 Sep 94 13:44:32 EDT
To: www-security@ns1.rutgers.edu
From: shirey@mitre.org (Robert W. Shirey)
Cc: "Dean P. Jagels" <dpj@sware.com>
Reply-To: shirey@mitre.org (Robert W. Shirey)
WARNING TO THE www-security LIST
********************************
A recent message to this list said
"Where can I find the latest S-HTTP proposal? I checked internic. They
don't appear to have a copy."
You can obtain a copy by sending mail to shttp-info@commerce.net or by
anonymous ftp from ftp.commerce.net/pub/standards/drafts/shttp.txt. But
LOOK OUT!!!
Although CommerceNet literature refers to the paper "The Secure Hypertext
Transfer Protocol" (I have "version 24 of the document, prepared on
10-Jun-94") as an "experimental draft RFC", the specification
(1) IS NOT an "RFC" (and is NOT published by the Internet Society)
(2) IS NOT an "Experimental Protocol" of the Internet Engineering Task Force
(3) IS NOT even an "Internet-Draft"
The draft has never been submitted to the IETF process, although I hope
that it will be soon. Until then, however, the heading which says (on
version 24)
"Experimental E. Rescorla, A. Schiffman"
"Request for Comments XXXX Enterprise Integration Technologies"
" June 1994"
should be modified immediately so that readers are no longer misled into
believing that this protocol has been standardized or is on the IETF
standards track.
Persons who wish to know how things become Internet standards should read
RFCs 1601, 1602, and 1603 (see references below). Persons who wish to know
the status of Internet standards and standards track work should consult
the current RFC on that subject, such as RFC 1610 (see introdcution and
table of contents below).
I ASSUME that the S-HTTP paper IS a copyrighted vendor specification of an
interface that is owned by Enterprise Integration Technologies and/or
CommerceNet. The reason that the specification has not been submitted to
the IETF may be that authors may not want to give up configuration control
of their specification to the IETF, or they may not want to meet the
following conditions that are stated in RFC 1602:
5.4.2. Standards Track Documents
(A) ISOC will not propose, adopt, or continue to maintain any
standards, including but not limited to standards labelled
Proposed, Draft or Internet Standards, which can only be
practiced using technology or works that are subject to
known copyrights, patents or patent applications, or other
rights, except with the prior written assurance of the
owner of rights that:
l. ISOC may, without cost, freely implement and use the
technology or works in its standards work;
2. upon adoption and during maintenance of an Internet
Standard, any party will be able to obtain the right
to implement and use the technology or works under
specified, reasonable, non-discriminatory terms; and
3. the party giving the assurance has the right and
power to grant the licenses and knows of no other
copyrights, patents, patent applications, or other
rights that may prevent ISOC and members of the
Internet community from implementing and operating
under the standard.
Regards, -Rob- Robert W. Shirey SHIREY@MITRE.ORG
tel 703.883.7210, sec 703.883.5749, fax 703.883.1397
Info. Security Div., The MITRE Corp., Mail Stop Z231
7525 Colshire Drive, McLean, Virginia 22102-3481 USA
---------------------------------------------------------------------------
[RFC1601] C. Huitema, *Charter of the Internet Architecture Board (IAB)*,
Mar 1994.
[RFC1602] Internet Architecture Board and Internet Engineering Steering
Group, *The Internet Standards Process -- Revision 2*, Mar 1994.
[RFC1603] E. Huizer and D. Crocker, *IETF Working Group Guidelines and
Procedures*, Mar 1994.
---------------------------------------------------------------------------
Network Working Group Internet Architecture Board
Request for Comments: 1610 J. Postel, Editor
Obsoletes: RFCs 1600, 1540, 1500, 1410, July 1994
1360, 1280, 1250, 1100, 1083, 1130,
1140, 1200
STD: 1
Category: Standards Track
INTERNET OFFICIAL PROTOCOL STANDARDS
Status of this Memo
This memo describes the state of standardization of protocols used in
the Internet as determined by the Internet Architecture Board (IAB).
This memo is an Internet Standard. Distribution of this memo is
unlimited.
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1. The Standardization Process . . . . . . . . . . . . . . . . 3
2. The Request for Comments Documents . . . . . . . . . . . . . 5
3. Other Reference Documents . . . . . . . . . . . . . . . . . 6
3.1. Assigned Numbers . . . . . . . . . . . . . . . . . . . . . 6
3.2. Gateway Requirements . . . . . . . . . . . . . . . . . . . 6
3.3. Host Requirements . . . . . . . . . . . . . . . . . . . . 6
3.4. The MIL-STD Documents . . . . . . . . . . . . . . . . . . 6
4. Explanation of Terms . . . . . . . . . . . . . . . . . . . . 7
4.1. Definitions of Protocol State (Maturity Level) . . . . . . 8
4.1.1. Standard Protocol . . . . . . . . . . . . . . . . . . . 8
4.1.2. Draft Standard Protocol . . . . . . . . . . . . . . . . 9
4.1.3. Proposed Standard Protocol . . . . . . . . . . . . . . . 9
4.1.4. Experimental Protocol . . . . . . . . . . . . . . . . . 9
4.1.5. Informational Protocol . . . . . . . . . . . . . . . . . 9
4.1.6. Historic Protocol . . . . . . . . . . . . . . . . . . . 9
4.2. Definitions of Protocol Status (Requirement Level) . . . 9
4.2.1. Required Protocol . . . . . . . . . . . . . . . . . . 10
4.2.2. Recommended Protocol . . . . . . . . . . . . . . . . . 10
4.2.3. Elective Protocol . . . . . . . . . . . . . . . . . . 10
4.2.4. Limited Use Protocol . . . . . . . . . . . . . . . . . 10
4.2.5. Not Recommended Protocol . . . . . . . . . . . . . . . 10
5. The Standards Track . . . . . . . . . . . . . . . . . . . 10
5.1. The RFC Processing Decision Table . . . . . . . . . . . 10
5.2. The Standards Track Diagram . . . . . . . . . . . . . . 12
6. The Protocols . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Recent Changes . . . . . . . . . . . . . . . . . . . . . 14
Internet Architecture Board [Page 1]
�
RFC 1610 Internet Standards July 1994
6.1.1. New RFCs . . . . . . . . . . . . . . . . . . . . . . . 14
6.1.2. Other Changes . . . . . . . . . . . . . . . . . . . . 19
6.2. Standard Protocols . . . . . . . . . . . . . . . . . . . 20
6.3. Network-Specific Standard Protocols . . . . . . . . . . 22
6.4. Draft Standard Protocols . . . . . . . . . . . . . . . . 23
6.5. Proposed Standard Protocols . . . . . . . . . . . . . . 24
6.6. Telnet Options . . . . . . . . . . . . . . . . . . . . . 27
6.7. Experimental Protocols . . . . . . . . . . . . . . . . . 28
6.8. Informational Protocols . . . . . . . . . . . . . . . . 29
6.9. Historic Protocols . . . . . . . . . . . . . . . . . . . 30
6.10 Obsolete Protocols . . . . . . . . . . . . . . . . . . . 31
7. Contacts . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.1. IAB, IETF, and IRTF Contacts . . . . . . . . . . . . . . 32
7.1.1. Internet Architecture Board (IAB) Contact . . . . . . 32
7.1.2. Internet Engineering Task Force (IETF) Contact . . . . 32
7.1.3. Internet Research Task Force (IRTF) Contact . . . . . 33
7.2. Internet Assigned Numbers Authority (IANA) Contact . . . 34
7.3. Request for Comments Editor Contact . . . . . . . . . . 35
7.4. Network Information Center Contact . . . . . . . . . . . 35
7.5. Sources for Requests for Comments . . . . . . . . . . . 36
8. Security Considerations . . . . . . . . . . . . . . . . . 36
9. Author's Address . . . . . . . . . . . . . . . . . . . . . 36
