2011 May 22, 10:36Notes and suggestions for private use fields in protocols and formats.
ietf rfc protocol technical private-use 2011 Apr 30, 4:33"The HTTP-based Memento framework bridges the present and past Web by interlinking current resources with resources that encapsulate their past. It facilitates obtaining representations of prior
states of a resource, available from archival resources in Web archives or version resources in content management systems, by leveraging the resource's URI and a preferred datetime. To this end, the
framework introduces datetime negotiation (a variation on content negotiation), and new Relation Types for the HTTP Link header aimed at interlinking resources with their archival/version resources.
It also introduces various discovery mechanisms that further support briding the present and past Web."
technical rfc reference http header time memento archive 2011 Apr 27, 3:12Prescriptive spec on URI parsing. "This document contains a precise specification of how browsers process URLs. The behavior specified in this document might or might not match any particular
browser, but browsers might be well-served by adopting the behavior defined herein."
technical rfc reference uri 2011 Apr 17, 12:51"Web-based protocols often require the discovery of host policy or metadata, where "host" is not a single resource but the entity controlling the collection of resources identified by Uniform
Resource Identifiers (URI) with a common URI host [RFC3986]."
host rfc reference metadata technical 2011 Apr 6, 3:52Humorous quote from the doc: "While we readily agree that the naming of IPv6 address parts is not the most pressing concern the Internet is facing today, a common nomenclature is important for
efficient communication."
humor technical ipv6 name documentation ietf rfc 2011 Apr 5, 3:23Best practices for Comet style polling in HTTP.
technical rfc ietf http streaming polling 2010 Dec 13, 11:12Used to generate publicly verifiable random numbers. For instance to pick 'xn--' for the IDN prefix from a set of prefixes, they decided on a hash, a set of stocks and a time in the future to
generate the hash from the stock values. The resulting value is random and anyone can check the work to verify that it was chosen randomly.
Although, now looking back from the future I can't verify that they didn't generate this data after the stock quotes came out. And they're using MD5...
rfc algorithm random election ietf technical 2010 Dec 8, 6:44Description of how they picked 'xn--' as the ACE prefix for IDN. Shockingly elaborate =)
idn technical ace encoding unicode rfc ietf 2010 Oct 5, 2:54The mailto URI scheme finally gets its own RFC.
mailto uri url mail email technical rfc reference encoding 2010 Oct 4, 2:05Proposed 428 HTTP error code for hijacking proxies to indicate to the client the user needs to login to the network etc. Glad to see this one's finally happening.
http http-status captive-portal hijack proxy authentication technical rfc reference 2010 Aug 13, 11:47Other characters sets for HTTP headers: "By default, message header field parameters in Hypertext Transfer Protocol (HTTP) messages cannot carry characters outside the ISO-8859-1 character set. RFC
2231 defines an encoding mechanism for use in Multipurpose Internet Mail Extensions (MIME) headers. This document specifies an encoding suitable for use in HTTP header fields that is compatible with
a profile of the encoding defined in RFC 2231."
rfc language localization charset http technical reference http-header 2010 Jun 9, 3:31"A 'geo' URI identifies a physical location in a two- or three-dimensional coordinate reference system in a compact, simple, human-readable, and protocol-independent way."
technical geo uri url ietf rfc standard 2010 Jun 1, 6:46"Metalink describes download locations (mirrors), cryptographic hashes, and other information. Clients can transparently use this information to reliably transfer files."
technical internet download web url xml metalink 2010 Apr 21, 6:51Adds SHA 256 & 512 to HTTP instance digest: 'The IANA registry named "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values" defines values for digest algorithms used by Instance Digests in
HTTP. Instance Digests in HTTP provide a digest, also known as a checksum or hash, of an entire representation of the current state of a resource. This document adds new values to the registry and
updates previous values.'
hash cryptography http instance-digest sha security technical ietf rfc standard 2010 Apr 21, 6:49"OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize
third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections."
oauth authorization security privacy internet web rfc standard technical 2010 Mar 31, 7:59Defines the mime type for JSON as well as JSON itself.
technical json mimetype mime javascript ietf rfc specification 2010 Jan 29, 3:54
Raymond Chen has some thought experiments useful for discovering various kinds of stupidity in software design:
Tim Berners-Lee's principles of Web design includes my favorite: Test of Independent Invention. This has a thought experiment containing the construction of the MMM (Multi-Media Mesh) with
MRIs (Media Resource Identifiers) and MMTP (Muli-Media Transport Protocol).
The Internet design principles (RFC 1958) includes the Robustness Principle: be strict when sending and tolerant when receiving. A good one, but applied too liberally can lead to interop issues. For instance, consider web browsers.
Imagine one browser becomes so popular that web devs create web pages and just test out their pages in this popular browser. They don't ensure their pages conform to standards and accidentally end
up depending on the manner in which this popular browser tolerantly accepts non-standard input. This non-standard behavior ends up as de facto standard and future updates to the standard
essentially has had decisions made for it.
technical design principles software development 2010 Jan 15, 7:05Section 4 has a summary table with all the various special use IPv4 address blocks.
reference rfc ipv4 ip internet ietf 2010 Jan 15, 3:19"The .arpa domain is the “Address and Routing Parameter Area” domain and is designated to be used exclusively for Internet-infrastructure purposes. It is administered by the IANA in cooperation with
the Internet technical community under the guidance of the Internet Architecture Board. For the management guidelines and operational requirements of the .arpa domain, see RFC 3172."
technical arpa dns domain zone internet rfc reference iana 2010 Jan 5, 7:42
I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler
Extension.
Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the
HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol
that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I
had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to
WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.
When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server
on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP
Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses
the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP
server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.
Various documents and tools I found useful while working on this:
proxy fiddler http technical debug wpad pac tool dhcp
Some rights reserved