protocol page 2 - Dave's Blog


RFC 5843 - Additional Hash Algorithms for HTTP Instance Digests

2010 Apr 21, 6:51Adds SHA 256 & 512 to HTTP instance digest: 'The IANA registry named "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values" defines values for digest algorithms used by Instance Digests in HTTP. Instance Digests in HTTP provide a digest, also known as a checksum or hash, of an entire representation of the current state of a resource. This document adds new values to the registry and updates previous values.'PermalinkCommentshash cryptography http instance-digest sha security technical ietf rfc standard

RFC 5849 - The OAuth 1.0 Protocol

2010 Apr 21, 6:49"OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections."PermalinkCommentsoauth authorization security privacy internet web rfc standard technical

EricLaw's IEInternals : HTTP/HTTPS Port-Blocking in WinINET

2010 Mar 26, 5:16Interesting point that web browsers block HTML FORMs from submitting to some ports in order to avoid malicious servers from getting clients to do their dirty work. Of course it requires the host on the other side of that port to be able to interpret the HTTP request as something relevant to the protocol they actually expect.PermalinkCommentssecurity web browser ie http html form technical

Thought Experiments and Design Principles

2010 Jan 29, 3:54

Raymond Chen has some thought experiments useful for discovering various kinds of stupidity in software design:

Tim Berners-Lee's principles of Web design includes my favorite: Test of Independent Invention. This has a thought experiment containing the construction of the MMM (Multi-Media Mesh) with MRIs (Media Resource Identifiers) and MMTP (Muli-Media Transport Protocol).

The Internet design principles (RFC 1958) includes the Robustness Principle: be strict when sending and tolerant when receiving. A good one, but applied too liberally can lead to interop issues. For instance, consider web browsers. Imagine one browser becomes so popular that web devs create web pages and just test out their pages in this popular browser. They don't ensure their pages conform to standards and accidentally end up depending on the manner in which this popular browser tolerantly accepts non-standard input. This non-standard behavior ends up as de facto standard and future updates to the standard essentially has had decisions made for it.

PermalinkCommentstechnical design principles software development - Protocol

2010 Jan 25, 8:31PermalinkCommentssitemap google xml search web html technical reference

WPAD Server Fiddler Extension

2010 Jan 5, 7:42

I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler Extension.

Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.

When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.

Various documents and tools I found useful while working on this:

PermalinkCommentsproxy fiddler http technical debug wpad pac tool dhcp


2009 Dec 18, 9:48"Several applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource."PermalinkCommentshttp patch ietf reference via:warren technical

Description of WinSock Proxy Auto Detect Support

2009 Dec 12, 1:08WinSock uses a WPAD like protocol for... something?PermalinkCommentstechnical reference proxy wpad winsock windows

RFC 2132 - DHCP Options and BOOTP Vendor Extensions

2009 Dec 12, 2:42"The Dynamic Host Configuration Protocol (DHCP) [1] provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the 'options' field of the DHCP message. The data items themselves are also called "options.""PermalinkCommentstechnical reference rfc dhcp ietf ipv4 ip

RFC 959 - File Transfer Protocol

2009 Sep 9, 5:35The FTP spec's section 3.5 'ERROR RECOVERY AND RESTART' describes how to resume an FTP download.PermalinkCommentsietf reference ftp rfc resume download internet technical

payyattention / a social network of micropatronage

2009 Aug 14, 10:17Micropayment service for bloggers -- "per article micropatronage". Supports levels of benefits for readers - pay X or more and get the ad-less version of my blog. Link to your fav. article through payyattention and payyattention will count how much money your reference generated. Some neat features in there. Too bad its not a distributed protocol.PermalinkCommentsvia:sambrook video money micropayment patronage journalism economics newspaper business

Internationalized Resource Identifiers (IRIs)

2009 Jul 29, 5:48The new draft IRI spec to replace RFC 3987. "To accomodate widespread current practice, additional derivative protocol elements are defined, and current practice for resolving IRI-based hypertext references in HTML are outlined."PermalinkCommentsiri uri rfc html reference technical

IE8 Search Providers, Accelerators, and Local Applications Hack

2009 Jul 25, 3:23

There's no easy way to use local applications on a PC as the result of an accelerator or a search provider in IE8 but there is a hack-y/obvious way, that I'll describe here. Both accelerators and search providers in IE8 fill in URL templates and navigate to the resulting URL when an accelerator or search provider is executed by the user. These URLs are limited in scheme to http and https but those pages may do anything any other webpage may do. If your local application has an ActiveX control you could use that, or (as I will provide examples for) if the local application has registered for an application protocol you can redirect to that URL. In any case, unfortunately this means that you must put a webpage on the Internet in order to get an accelerator or search provider to use a local application.

For examples of the app protocol case, I've created a callto accelerator that uses whatever application is registered for the callto scheme on your system, and a Windows Search search provider that opens Explorer's search with your search query. The callto accelerator navigates to my redirection page with 'callto:' followed by the selected text in the fragment and the redirection page redirects to that callto URL. In the Windows Search search provider case the same thing happens except the fragment contains 'search-ms:query=' followed by the selected text, which starts Windows Search on your system with the selected text as the query. I've looked into app protocols previously.

PermalinkCommentstechnical callto hack accelerator search ie8

Issue 9860 - chromium - ChromeHTML URI handler vulnerability - Google Code

2009 May 3, 10:26Seems very similar to that ShellExecute/Firefox app URL protocol handler exploit last year. "A vulnerability in the ChromeHTML URI handler allows an attacker to bypass the Same Origin Policy for any site and also enumerate victims files and directories. When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user interaction."PermalinkCommentsexploit security google chrome browser web url protocol

InfoQ: HTTP Status Report

2009 Apr 29, 12:34"In this presentation, recorded at QCon San Francisco 2008, HTTPbis WG chair Mark Nottingham gives an update on the current status of the HTTP protocol in the wild, and the ongoing work to clarify the HTTP specification."PermalinkCommentshttp httpbis protocol ietf reference video authentication cookie uri url tcp sctp mark-nottingham via:ericlaw

Download details: Microsoft Network Monitor 3.3

2009 Apr 23, 5:22"Network Monitor 3.3 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. Version 3.3 is an update and replaces Network Monitor 3.2. Network Monitor 3.x is a complete overhaul of the previous Network Monitor 2.x version."PermalinkCommentsmicrosoft network traffic netmon free msdn windows

[whatwg] [WhatWG] Some additional API is needed for sites to see whether registerProtocolHandler() call was successful

2009 Apr 7, 12:14This makes plenty of sense, that a site should be able to check if a protocol handler exists for some URI scheme, but it'd be nice if this were some sort of declaritive fallback plan rather than having to do it all with script. "The HTML5 standard function registerProtocolHandler() should probably remain void as in standard, but WhatWG could invent yet another boolean protocolRegistered("area"), with the only argument (protocol name as string), to check whether a protocol is registered."PermalinkCommentshtml5 registerProtocolHandler html script url uri scheme protocol

Mark Finkle's Weblog - Firefox 3 - Web Protocol Handlers

2009 Apr 7, 12:12HTML5's registerProtocolHandler seems to come from a cool FireFox 3 feature: "With web protocol handlers, the web application can register the specific protocol it wants to handle. Firefox will then prompt the user to choose which of the registered applications (web or desktop) it should use to handle the action. Any protocol, real or imaginary, can be used - mailto: is only one example, webcal:, tel: and fax: are others."PermalinkCommentsfirefox uri scheme protocol mozilla html5 registerProtocolHandler

HTML 5 - 5.7.2 Custom protocol and content handlers

2009 Apr 7, 10:45HTML 5 allows websites to register themselves as handlers of particular URI schemes and particular content-types. I think this is great, but I'm surprised it doesn't support POSTing files to allow for interactions with local content.PermalinkCommentshtml5 url uri protocol reference html standard javascript webbrowser registerProtocolHandler

Thoughts on registerProtocolHandler in HTML 5

2009 Apr 7, 9:02

I'm a big fan of the concept of registerProtocolHandler in HTML 5 and in FireFox 3, but not quite the implementation. From a high level, it allows web apps to register themselves as handlers of an URL scheme so for (the canonical) example, GMail can register for the mailto URL scheme. I like the concept:

However, the way its currently spec'ed out I don't like the following: PermalinkCommentsurl template registerprotocolhandler firefox technical url scheme protocol boring html5 uri urn
Older EntriesNewer Entries Creative Commons License Some rights reserved.