IETF updates http 1.1 standard after seven years

The Internet Engineering Task Force has updated the http 1.1 specifications. The changes should mainly clarify the specifications of the protocol and also tighten up some descriptions.

Most importantly, RFC2616, a protocol description document that served as the basis for http 1.1 since 1999, has been replaced. This is because developers started using http for more than just browsing. To avoid confusion and clarify things, the Internet Engineering Task Force worked on an improvement to RFC2616.

RFC2616 contained 176 pages explaining definitions, such as the get-request and tcp connection management. The specifications are now divided into six parts to make it easier to read and more logically organized, writes task force chairman Mark Nottingham.

Since 2007, a total of 550 issues have been re-examined together with technicians from open source organizations and from companies such as Google, Microsoft and Apple. All so-called requests for comments, documents in which new changes are dealt with, now have a section that lists the changes from RFC2616.

Incidentally, not only have all documents been cleaned up linguistically, but definitions regarding security problems have also been further tightened. For example, folding a header across multiple lines is now obsolete to prevent http response splitting.

Finally, Nottingham chairman announced in his blog post that http 2.0 is almost finished and that the Internet Engineering Task Force will announce more about it soon. That version will partly use the new 1.1 specifications and will almost certainly have standard encryption activated, it became clear at the end of last year.