draft-bryan-metalink-client-01.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head><title>Metalink/XML Clients, Publishers, and Caches</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Metalink/XML Clients, Publishers, and Caches">
<meta name="generator" content="xml2rfc v1.36 (http://xml.resource.org/)">
<style type='text/css'><!--
        body {
                font-family: verdana, charcoal, helvetica, arial, sans-serif;
                font-size: small; color: #000; background-color: #FFF;
                margin: 2em;
        }
        h1, h2, h3, h4, h5, h6 {
                font-family: helvetica, monaco, "MS Sans Serif", arial, sans-serif;
                font-weight: bold; font-style: normal;
        }
        h1 { color: #900; background-color: transparent; text-align: right; }
        h3 { color: #333; background-color: transparent; }

        td.RFCbug {
                font-size: x-small; text-decoration: none;
                width: 30px; height: 30px; padding-top: 2px;
                text-align: justify; vertical-align: middle;
                background-color: #000;
        }
        td.RFCbug span.RFC {
                font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
                font-weight: bold; color: #666;
        }
        td.RFCbug span.hotText {
                font-family: charcoal, monaco, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
                font-weight: normal; text-align: center; color: #FFF;
        }

        table.TOCbug { width: 30px; height: 15px; }
        td.TOCbug {
                text-align: center; width: 30px; height: 15px;
                color: #FFF; background-color: #900;
        }
        td.TOCbug a {
                font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, sans-serif;
                font-weight: bold; font-size: x-small; text-decoration: none;
                color: #FFF; background-color: transparent;
        }

        td.header {
                font-family: arial, helvetica, sans-serif; font-size: x-small;
                vertical-align: top; width: 33%;
                color: #FFF; background-color: #666;
        }
        td.author { font-weight: bold; font-size: x-small; margin-left: 4em; }
        td.author-text { font-size: x-small; }

        /* info code from SantaKlauss at http://www.madaboutstyle.com/tooltip2.html */
        a.info {
                /* This is the key. */
                position: relative;
                z-index: 24;
                text-decoration: none;
        }
        a.info:hover {
                z-index: 25;
                color: #FFF; background-color: #900;
        }
        a.info span { display: none; }
        a.info:hover span.info {
                /* The span will display just on :hover state. */
                display: block;
                position: absolute;
                font-size: smaller;
                top: 2em; left: -5em; width: 15em;
                padding: 2px; border: 1px solid #333;
                color: #900; background-color: #EEE;
                text-align: left;
        }

        a { font-weight: bold; }
        a:link    { color: #900; background-color: transparent; }
        a:visited { color: #633; background-color: transparent; }
        a:active  { color: #633; background-color: transparent; }

        p { margin-left: 2em; margin-right: 2em; }
        p.copyright { font-size: x-small; }
        p.toc { font-size: small; font-weight: bold; margin-left: 3em; }
        table.toc { margin: 0 0 0 3em; padding: 0; border: 0; vertical-align: text-top; }
        td.toc { font-size: small; font-weight: bold; vertical-align: text-top; }

        ol.text { margin-left: 2em; margin-right: 2em; }
        ul.text { margin-left: 2em; margin-right: 2em; }
        li      { margin-left: 3em; }

        /* RFC-2629 <spanx>s and <artwork>s. */
        em     { font-style: italic; }
        strong { font-weight: bold; }
        dfn    { font-weight: bold; font-style: normal; }
        cite   { font-weight: normal; font-style: normal; }
        tt     { color: #036; }
        tt, pre, pre dfn, pre em, pre cite, pre span {
                font-family: "Courier New", Courier, monospace; font-size: small;
        }
        pre {
                text-align: left; padding: 4px;
                color: #000; background-color: #CCC;
        }
        pre dfn  { color: #900; }
        pre em   { color: #66F; background-color: #FFC; font-weight: normal; }
        pre .key { color: #33C; font-weight: bold; }
        pre .id  { color: #900; }
        pre .str { color: #000; background-color: #CFF; }
        pre .val { color: #066; }
        pre .rep { color: #909; }
        pre .oth { color: #000; background-color: #FCF; }
        pre .err { background-color: #FCC; }

        /* RFC-2629 <texttable>s. */
        table.all, table.full, table.headers, table.none {
                font-size: small; text-align: center; border-width: 2px;
                vertical-align: top; border-collapse: collapse;
        }
        table.all, table.full { border-style: solid; border-color: black; }
        table.headers, table.none { border-style: none; }
        th {
                font-weight: bold; border-color: black;
                border-width: 2px 2px 3px 2px;
        }
        table.all th, table.full th { border-style: solid; }
        table.headers th { border-style: none none solid none; }
        table.none th { border-style: none; }
        table.all td {
                border-style: solid; border-color: #333;
                border-width: 1px 2px;
        }
        table.full td, table.headers td, table.none td { border-style: none; }

        hr { height: 1px; }
        hr.insert {
                width: 80%; border-style: none; border-width: 0;
                color: #CCC; background-color: #CCC;
        }
--></style>
</head>
<body>
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<table summary="layout" width="66%" border="0" cellpadding="0" cellspacing="0"><tr><td><table summary="layout" width="100%" border="0" cellpadding="2" cellspacing="1">
<tr><td class="header">Network Working Group</td><td class="header">A. Bryan</td></tr>
<tr><td class="header">Internet-Draft</td><td class="header">T. Tsujikawa</td></tr>
<tr><td class="header">Intended status: Standards Track</td><td class="header">N. McNab</td></tr>
<tr><td class="header">Expires: January 17, 2013</td><td class="header">&nbsp;</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">P. Poeml</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">MirrorBrain</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">July 16, 2012</td></tr>
</table></td></tr></table>
<h1><br />Metalink/XML Clients, Publishers, and Caches<br />draft-bryan-metalink-client-01</h1>

<h3>Abstract</h3>

<p>This document specifies behavior for Metalink/XML clients, publishers, and proxy caches. way to get information that is usually contained in the Metalink XML-based download description format. 
    Metalink XML files contain multiple download locations (mirrors and Peer-to-Peer), cryptographic hashes, digital signatures, and other information. Metalink clients can use this information to make file transfers more robust and reliable.
	Normative requirements for Metalink/XML clients, publishers, and proxy caches are described here.
</p>
<h3>Editorial Note (To be removed by RFC Editor)</h3>

<p>

    Discussion of this draft should take place on the apps-discuss
    mailing list (apps-discuss@ietf.org), although this draft is not a WG item.
  
</p>
<p>
    The changes in this draft are summarized in <a class='info' href='#dochistory'>Appendix&nbsp;B<span> (</span><span class='info'>Document History</span><span>)</span></a>.
  
</p>
<h3>Status of This Memo</h3>
<p>
This Internet-Draft is submitted  in full
conformance with the provisions of BCP&nbsp;78 and BCP&nbsp;79.</p>
<p>
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF).  Note that other groups may also distribute
working documents as Internet-Drafts.  The list of current
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.</p>
<p>
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any time.
It is inappropriate to use Internet-Drafts as reference material or to cite
them other than as &ldquo;work in progress.&rdquo;</p>
<p>
This Internet-Draft will expire on January 17, 2013.</p>

<h3>Copyright Notice</h3>
<p>
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors.  All rights reserved.</p>
<p>
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document.  Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.</p>
<a name="toc"></a><br /><hr />
<h3>Table of Contents</h3>
<p class="toc">
<a href="#anchor1">1.</a>&nbsp;
Introduction<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor2">1.1.</a>&nbsp;
Notational Conventions<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor3">1.2.</a>&nbsp;
Terminology<br />
<a href="#clients">2.</a>&nbsp;
Metalink/XML Clients<br />
<a href="#publishers">3.</a>&nbsp;
Metalink/XML Publishers and Generators<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#metalinkxml">3.1.</a>&nbsp;
Transparent Metalink/XML Usage<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#mirrors">3.2.</a>&nbsp;
Mirror Servers<br />
<a href="#cache">4.</a>&nbsp;
Metalink/XML Proxy Cache<br />
<a href="#clientserver">5.</a>&nbsp;
Client / Server Multi-source Download Interaction<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor4">5.1.</a>&nbsp;
Error Prevention, Detection, and Correction<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#earlyfilemismatchdetection">5.1.1.</a>&nbsp;
Error Prevention (Early File Mismatch Detection)<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#errorcorrection">5.1.2.</a>&nbsp;
Error Correction<br />
<a href="#IANA">6.</a>&nbsp;
IANA Considerations<br />
<a href="#anchor5">7.</a>&nbsp;
Security Considerations<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#traversalfilenames">7.1.</a>&nbsp;
Directory Traversal and Safe file names<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor6">7.2.</a>&nbsp;
URIs and IRIs<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor7">7.3.</a>&nbsp;
Spoofing<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor8">7.4.</a>&nbsp;
Cache Poisoning<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#security.hash">7.5.</a>&nbsp;
Cryptographic Hashes<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor9">7.6.</a>&nbsp;
Signing<br />
<a href="#rfc.references1">8.</a>&nbsp;
References<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#rfc.references1">8.1.</a>&nbsp;
Normative References<br />
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#rfc.references2">8.2.</a>&nbsp;
Informative References<br />
<a href="#anchor12">Appendix&nbsp;A.</a>&nbsp;
Acknowledgements and Contributors<br />
<a href="#dochistory">Appendix&nbsp;B.</a>&nbsp;
Document History<br />
</p>
<br clear="all" />

<a name="anchor1"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.1"></a><h3>1.&nbsp;
Introduction</h3>

<p>Metalink <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> is a document format based on Extensible Markup Language (XML) that describes a file or list
      of files to be downloaded from a server. Metalinks can list a number of
      files, each with an extensible set of attached metadata. 
      Each listed file can have a description, multiple cryptographic hashes, and a list of Uniform Resource Identifiers (URIs) from which it is 
      available.
</p>
<p>Identical copies of a file are frequently accessible in multiple locations on the Internet over a variety of protocols (such as FTP, HTTP, and Peer-to-Peer).
      In some cases, users are shown a list of these multiple download locations (mirrors) and must manually select a single one on the basis of geographical location, priority, or bandwidth.
      This distributes the load across multiple servers, and should also increase throughput and resilience. At times, however, individual servers can be slow, outdated, or unreachable, but this can not be determined until the download has been initiated. Users will rarely have sufficient information to choose the most appropriate server, and will often choose the first in a list which might not be optimal for their needs, and will lead to a particular server getting a disproportionate share of load.
      The use of suboptimal mirrors can lead to the user canceling and restarting the download to try to manually find a better source. During downloads, errors in transmission can corrupt the file.
      There are no easy ways to repair these files. For large downloads this can be extremely troublesome.
      Any of the number of problems that can occur during a download lead to frustration on the part of users.
</p>
<p>Knowledge about availability of a download on mirror servers can be
      acquired and maintained by the operators of the origin server or by a third
      party.  This knowledge, together with cryptographic hashes,
      digital signatures, and more, can be stored in a machine-readable Metalink
      file.  The Metalink file can transfer this knowledge to the user agent,
      which can peruse it in automatic ways or present the information to a human user. 
      User agents can fall back to alternate
      mirrors if the current one has an issue.  Thereby, clients
      are enabled to work their way to a successful download under adverse
      circumstances.  All this can be done transparently to the human user and the
      download is much more reliable and efficient.  In contrast, a traditional
      HTTP redirect to one mirror conveys only comparatively minimal information --
      a referral to a single server, and there is no provision in the HTTP protocol to
      handle failures.
</p>
<p>Other features that some clients provide include multi-source
      downloads, where chunks of a file are downloaded from multiple mirrors
      (and optionally, Peer-to-Peer) simultaneously, which frequently results
      in a faster download.  Metalinks can leverage HTTP, FTP, and Peer-to-Peer
      protocols together, because regardless of the protocol over
      which the Metalink
      was obtained, it can make a resource accessible through other protocols.
      If the Metalink was obtained from a trusted source, included verification
      metadata can solve trust issues when downloading files from replica
      servers operated by third parties.  Metalinks also provide structured
      information about downloads that can be indexed by search engines.
</p>
<p>Metalink/HTTP <a class='info' href='#RFC6249'>[RFC6249]<span> (</span><span class='info'>Bryan, A., McNab, N., Tsujikawa, T., Poeml, P., and H. Nordstrom, &ldquo;Metalink/HTTP: Mirrors and Hashes,&rdquo; June&nbsp;2011.</span><span>)</span></a> is an alternative and complementary representation of Metalink information, using HTTP header fields instead of the XML-based document format <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a>. 
      Metalink/HTTP is used to list
      information about a file to be downloaded. This can include lists of multiple URIs (mirrors and Peer-to-Peer information), cryptographic hashes, and digital signatures.
</p>
<p>Some popular sites automate the process of selecting mirrors using DNS load balancing, both to approximately balance load between servers, and to direct clients to nearby servers with the hope that this improves throughput.  Indeed, DNS load balancing can balance long-term server load fairly effectively, but it is less effective at delivering the best throughput to users when the bottleneck is not the server but the network.
</p>
<p>This document describes a mechanism by which the benefit of mirrors can be automatically and more effectively realized. All the information about a download, including mirrors, cryptographic hashes, digital signatures, and more can be transferred in a Metalink.
      This Metalink transfers the knowledge of the download server (and mirror database) to the client. Clients can fallback to other mirrors if the current one has an issue. With this knowledge, 
      the client is enabled to work its way to a successful download even under adverse circumstances. 
      All this can be done without complicated user interaction and the download can be much more reliable and efficient.
      Furthermore, in order to provide better load distribution across servers and potentially faster downloads to users, Metalinks facilitates multi-source downloads, where portions of a file are downloaded from multiple mirrors (and optionally, Peer-to-Peer) simultaneously.
</p>
<p>The client will then be able to request chunks of the file from the various sources, scheduling appropriately in order to maximize the download rate.
</p>
<a name="anchor2"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.1.1"></a><h3>1.1.&nbsp;
Notational Conventions</h3>

<p>This specification describes conformance of Metalink/HTTP.
</p>
<p>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
	document are to be interpreted as described in BCP 14, <a class='info' href='#RFC2119'>[RFC2119]<span> (</span><span class='info'>Bradner, S., &ldquo;Key words for use in RFCs to Indicate Requirement Levels,&rdquo; March&nbsp;1997.</span><span>)</span></a>, as scoped to those conformance targets.
</p>
<a name="anchor3"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.1.2"></a><h3>1.2.&nbsp;
Terminology</h3>

<p>The following terms as used in this document are defined here:
	    </p>
<ul class="text">
<li>Metalink Generator : Application that creates Metalink/XML files, and includes information about the files described in the Metalink such as locations (on Mirror servers or other methods like P2P), file sizes, and cryptographic hashes.
</li>
<li>Metalink Publisher : One who uses a Metalink Generator to create Metalink/XML files that are then offered to people to improve their download experience.
</li>
<li>Mirror server : Typically FTP or HTTP servers that "mirror" the Metalink server, as in they provide identical copies of (at least some) files that are also on the mirrored server.
</li>
<li>Metalink/XML : An XML file that can contain similar information to a HTTP response header Metalink, such as mirrors and cryptographic hashes.
</li>
<li>Metalink Processors or Clients : Applications that process Metalink/XML and use them provide an improved download experience. They support HTTP and could also support other download protocols like FTP or various Peer-to-Peer methods.
</li>
</ul>

<a name="clients"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.2"></a><h3>2.&nbsp;
Metalink/XML Clients</h3>

<p>In this context, "Metalink" refers to "Metalink/XML" refers to the XML format described in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a>.
</p>
<p>Metalink clients use the mirrors provided by a Metalink/XML file. Metalink clients SHOULD support HTTP <a class='info' href='#RFC2616'>[RFC2616]<span> (</span><span class='info'>Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, &ldquo;Hypertext Transfer Protocol -- HTTP/1.1,&rdquo; June&nbsp;1999.</span><span>)</span></a> and SHOULD support FTP <a class='info' href='#RFC0959'>[RFC0959]<span> (</span><span class='info'>Postel, J. and J. Reynolds, &ldquo;File Transfer Protocol,&rdquo; October&nbsp;1985.</span><span>)</span></a>. Metalink clients MAY support BitTorrent <a class='info' href='#BITTORRENT'>[BITTORRENT]<span> (</span><span class='info'>Cohen, B., &ldquo;The BitTorrent Protocol Specification,&rdquo; February&nbsp;2008.</span><span>)</span></a>, 
      or other download methods. Metalink clients SHOULD switch downloads from one mirror to another if a mirror becomes unreachable. Metalink clients MAY support multi-source, or parallel, 
      downloads, where portions of a file can be downloaded from multiple mirrors simultaneously (and optionally, from Peer-to-Peer sources). Metalink clients SHOULD support error recovery by using the cryptographic hashes of parts of the file listed in Metalink/XML files. Metalink clients SHOULD support checking digital signatures.
</p>
<p>Metalink/XML clients MUST process metalinks available by URI. They MAY process local Metalinks.
</p>
<p>Metalink/XML clients SHOULD recognize Metalink/XML files by MIME type.

[[What about misconfigured/unupdated servers that do not have correct MIME type? SHOULD(?) clients recognize Metalinks by file extension as well?]]
</p>
<p>If Metalink/XML clients support HTTP, SHOULD(?) support "transparent metalink" usage from regular download to Metalink/XML (see <a class='info' href='#metalinkxml'>Section&nbsp;3.1<span> (</span><span class='info'>Transparent Metalink/XML Usage</span><span>)</span></a>).
</p>
<p>If Metalink/XML clients support HTTP, MAY do Accept header transparent content negotiation. (deprecated?)
</p>
<p>If a file with same name already exists locally, Metalink/XML clients SHOULD verify full file hash and if hash is correct, do not re-download the file. If a file exists and full file hash is incorrect, Metalink/XML clients MAY repair file if partial file hashes exist. otherwise, MAY write to other file name (file_2 or file(2) like some apps already do).
</p>
<p>Metalink/XML clients SHOULD (or MUST?) verify full file hash after download completes. If there is an error, MUST describe as corrupted and MAY re-download or keep download?
SHOULD verify chunk hash if available and re-get error parts. SHOULD (or MAY?) be done during initial download process, MAY be done after download completed or to repair file downloaded another way?
</p>
<p>Metalink/XML clients SHOULD(?) use BitTorrent chunk hashes with HTTP/FTP downloads to repair file if client supports torrents. (What if chunk hashes are present in torrent and metalink, should one be preferred?)
</p>
<p>If client supports Metalink/XML AND Metalink/HTTP, which should be preferred (in case mirrors/hashes differ)?
</p>
<p>Metalink/XML clients SHOULD make use of Metalink/XML origin element if dynamic="true" to check for updated Metalink.
</p>
<p>Metalink/XML clients MAY make use of the <a class='info' href='#ISO3166-1'>[ISO3166&#8209;1]<span> (</span><span class='info'>International Organization for Standardization, &ldquo;ISO 3166-1:2006.  Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes,&rdquo; November&nbsp;2006.</span><span>)</span></a> alpha-2 two-letter country code for the geographical
   location of the physical server the URI is used to access, in an attempt to improve the download experience.
</p>
<p>Metalink/XML clients could support multiple versions of Metalink/XML, and if they do they SHOULD prefer <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> Metalink/XML files.
</p>
<p>If a client supports Metalink/HTTP and Metalink/XML, it MAY prefer Metalink/HTTP but still use partial file hashes in the Metalink/XML files.
</p>
<p>Metalink/XML clients MAY create directory structure described in the Metalink/XML at download location (relative), but see <a class='info' href='#traversalfilenames'>Section&nbsp;7.1<span> (</span><span class='info'>Directory Traversal and Safe file names</span><span>)</span></a>.
</p>
<p>Metalink clients SHOULD? use the location of the original Metalink in the "Referer" header field for these ranged requests.
</p>
<p>Metalink clients MAY support the use of metainfo files (such as BitTorrent) for downloading files.
</p>
<p>Metalink clients SHOULD support the use of OpenPGP signatures.
</p>
<p>Metalink clients SHOULD support the use of S/MIME <a class='info' href='#RFC5751'>[RFC5751]<span> (</span><span class='info'>Ramsdell, B. and S. Turner, &ldquo;Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification,&rdquo; January&nbsp;2010.</span><span>)</span></a> signatures.
</p>
<p>[[ NOTE: A number of requirements of Metalink clients are also in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a>. Should these be repeated or referenced?]]
</p>
<a name="publishers"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.3"></a><h3>3.&nbsp;
Metalink/XML Publishers and Generators</h3>

<p>Metalink/XML publishers MUST use correct MIME type for metalink files
</p>
<p>Metalink/XML publishers SHOULD advertise Metalink/XML file with Link HTTP header field from regular download for "transparent metalink" usage (see <a class='info' href='#metalinkxml'>Section&nbsp;3.1<span> (</span><span class='info'>Transparent Metalink/XML Usage</span><span>)</span></a>).
</p>
<p>Metalink/XML publishers SHOULD publish with chunk hashes if error recovery ability is desired (and files meet certain criteria like "large enough" - no point for 10k size file).
</p>
<p>Metalink Generators SHOULD offer Metalink/XML documents that contain cryptographic hashes of parts of the file (and other information) if error recovery is desirable.
</p>
<p>Metalink/XML publishers SHOULD publish with size element if it refers to a specific file.
</p>
<p>Metalink/XML publishers MAY do Accept header transparent content negotiation (deprecated?)
</p>
<p>Metalink/XML publishers SHOULD include Metalink/XML origin element and dynamic="true" if updated metalinks will be offered.
</p>
<p>Metalink publishers SHOULD include digital signatures, as described in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> Section 4.2.13.
</p>
<a name="metalinkxml"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.3.1"></a><h3>3.1.&nbsp;
Transparent Metalink/XML Usage</h3>

<p>Metalink/XML files for a given resource MAY be provided in a Link header field <a class='info' href='#RFC5988'>[RFC5988]<span> (</span><span class='info'>Nottingham, M., &ldquo;Web Linking,&rdquo; October&nbsp;2010.</span><span>)</span></a> as shown in this example:
</p>
<p>
<p>This example shows a brief HTTP response header with .meta4:
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
Link: &lt;http://example.com/example.ext.meta4&gt;; rel=describedby;
type="application/metalink4+xml"
</pre></div>

<p>Metalink/XML files are specified in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a>, and they are particularly useful for providing metadata such as cryptographic hashes of parts of a file (see <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> Section 4.1.3), allowing a
      client to recover from errors (see <a class='info' href='#errorcorrection'>Section&nbsp;5.1.2<span> (</span><span class='info'>Error Correction</span><span>)</span></a>). 
Metalink servers SHOULD provide Metalink/XML files with partial file hashes in
Link header fields, and Metalink clients SHOULD use them for error recovery.
</p>
<a name="mirrors"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.3.2"></a><h3>3.2.&nbsp;
Mirror Servers</h3>

<p>Mirror servers are typically FTP or HTTP servers that "mirror" another server. That is, they provide identical copies of (at least some) files that are also on the mirrored server.
      Mirror servers SHOULD support serving partial content.
</p>
<a name="cache"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.4"></a><h3>4.&nbsp;
Metalink/XML Proxy Cache</h3>

<p>Metalink/XML proxy cache could detect and log Metalink usage.
</p>
<p>Metalink/XML proxy cache MUST? use a whitelist for trusted sources by domain name (ie kde.org, ubuntu.com, fedoraproject.org) to prevent cache poisoning.
</p>
<p>Metalink/XML proxy cache SHOULD use preferred mirrors (those that are most cost efficient/better/local)
</p>
<p>Metalink/XML proxy cache MAY? repair errors or use hashes? I guess so, but the client will also be verifying hashes.
</p>
<a name="clientserver"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.5"></a><h3>5.&nbsp;
Client / Server Multi-source Download Interaction</h3>

<p>Metalink clients begin with a Metalink/XML document. They parse the XML and obtain a list of ways to retrieve a file or files from FTP or HTTP mirrors or P2P.
</p>
<p>After that, the client follows with a GET request to the desired mirrors.
</p>
<p>From the Metalink/XML file, the client learns some or all of the following metadata
about the requested object:
</p>
<p>
</p>
<ul class="text">
<li>Mirror list, which can describe the mirror's priority and geographical location.
</li>
<li>Whole and partial file cryptographic hash.
</li>
<li>Object size.
</li>
<li>Peer-to-peer information.
</li>
<li>Digital signature.
</li>
</ul>

<p>Next, the Metalink client requests a Range of the object from a mirror server:

</p>
<div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
GET /example.ext HTTP/1.1
Host: www2.example.com
Range: bytes=7433802-
Referer: http://www.example.com/distribution/example.ext
</pre></div><p>

</p>
<p>Metalink clients SHOULD use partial file cryptographic hashes as described in <a class='info' href='#errorcorrection'>Section&nbsp;5.1.2<span> (</span><span class='info'>Error Correction</span><span>)</span></a>, if available, to detect if the mirror server returned the correct data.
Errors in transmission and substitutions of incorrect data on mirrors, whether deliberate or accidental, can be detected with error correction as described in <a class='info' href='#errorcorrection'>Section&nbsp;5.1.2<span> (</span><span class='info'>Error Correction</span><span>)</span></a>.
</p>
<p>Here, the mirror server has the correct file and responds with a 206 Partial Content HTTP status code and appropriate "Content-Length" and "Content Range" header fields. In this example, the mirror server responds, with data, to the above request:

</p>
<div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 7433801
Content-Range: bytes 7433802-14867602/14867603
</pre></div><p>

</p>
<p>Metalink clients MAY start a number of parallel ranged downloads (one per selected mirror server other than the
first) using mirrors provided by the Metalink/XML. Metalink clients MUST limit the number of parallel connections to mirror servers, ideally based on
observing how the aggregate throughput changes as connections are opened. It would be pointless to blindly open connections once the path bottleneck is filled.
After establishing a new connection, a Metalink client SHOULD monitor whether the aggregate throughput increases over all connections
that are part of the download. The client SHOULD NOT open additional
connections during this period. If the aggregate throughput has increased,
the client MAY open an additional connection and repeat these steps. Otherwise,
the client SHOULD NOT open a new connection until an established one closes.

</p>
<p>The Metalink client can determine the size and number of ranges requested from each server, based upon the type and number of mirrors and performance observed from each mirror.
Note that Range requests impose an overhead on servers and clients need to be aware of that and not abuse them. When dowloading a particular file, metalink clients MUST NOT make more than one
concurrent request to each mirror server that it downloads from.
</p>
<p>Metalink clients SHOULD close all but the fastest connection if any Ranged requests generated after the first request end up with a complete response, instead of a partial response
(as some mirrors might not support HTTP ranges), if the goal is the fastest transfer. Metalink clients MAY monitor mirror conditions and dynamically switch between mirrors to achieve the fastest download possible. Similarly, Metalink clients SHOULD abort extremely slow or stalled range requests and finish the request on
other mirrors. If all ranges have finished except for the final one, the Metalink client can split the final range into multiple range requests to other mirrors so the transfer finishes faster.
</p>
<p>Metalink clients MUST reject individual downloads from mirrors where the file size does not match the file size as reported by the Metalink server.
</p>
<p>If a Metalink client does not
support certain download methods (such as FTP or BitTorrent) that a
file is available from, and there are no available download methods
that the client supports, then the download will have no way to
complete.
</p>
<p>Metalink clients MUST verify the cryptographic hash of the file once the download has completed. If the cryptographic hash offered in the Metalink/XML
does not match the cryptographic hash
of the downloaded file, see <a class='info' href='#errorcorrection'>Section&nbsp;5.1.2<span> (</span><span class='info'>Error Correction</span><span>)</span></a> for a possible way to repair errors.
</p>
<p>If the download can not be repaired, it is considered corrupt. The client can attempt to re-download the file.
</p>
<p>Metalink clients that support verifying digital signatures MUST verify digital signatures of requested files if they are included.
Digital signatures MUST validate back to a trust anchor as described in the validation rules in <a class='info' href='#RFC3156'>[RFC3156]<span> (</span><span class='info'>Elkins, M., Del Torto, D., Levien, R., and T. Roessler, &ldquo;MIME Security with OpenPGP,&rdquo; August&nbsp;2001.</span><span>)</span></a> and <a class='info' href='#RFC5280'>[RFC5280]<span> (</span><span class='info'>Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, &ldquo;Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,&rdquo; May&nbsp;2008.</span><span>)</span></a>.
</p>
<a name="anchor4"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.5.1"></a><h3>5.1.&nbsp;
Error Prevention, Detection, and Correction</h3>

<p>Error prevention, or early file mismatch detection, is possible before file transfers with the use of file sizes provided in Metalink/XML. Error detection requires full file cryptographic hashes in the Metalink/XML
to detect errors in transfer after the transfers have completed. Error correction, or download repair, is possible with partial file cryptographic hashes.
</p>
<a name="earlyfilemismatchdetection"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.5.1.1"></a><h3>5.1.1.&nbsp;
Error Prevention (Early File Mismatch Detection)</h3>

<p>To verify the individual ranges of files, which might have been requested from different sources, see <a class='info' href='#errorcorrection'>Section&nbsp;5.1.2<span> (</span><span class='info'>Error Correction</span><span>)</span></a>.
</p>
<a name="errorcorrection"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.5.1.2"></a><h3>5.1.2.&nbsp;
Error Correction</h3>

<p>Partial file cryptographic hashes can be used to detect errors during the download. Metalink servers SHOULD provide Metalink/XML files with partial file hashes 
in Link header fields as specified in <a class='info' href='#metalinkxml'>Section&nbsp;3.1<span> (</span><span class='info'>Transparent Metalink/XML Usage</span><span>)</span></a>, and Metalink clients SHOULD use them for error correction.
</p>
<p>An error in transfer or a substitution attack will be detected by a cryptographic hash of the object not matching the full file checksum from the Metalink/XML.
If the cryptographic hash of the object does not match the full file checksum from the Metalink/XML, then the client SHOULD use the partial file cryptographic hashes (if available).
 This may contain partial file cryptographic hashes which will allow detection of which mirror server returned incorrect data.  
 Metalink clients SHOULD use the Metalink/XML data to figure out what ranges of the downloaded data can be recovered and what needs to be fetched again. 

</p>
<p>Other methods can be used for error correction. For example, some other metainfo files also include partial file hashes that can be used to check for errors.
</p>
<a name="IANA"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.6"></a><h3>6.&nbsp;
IANA Considerations</h3>

<p>None.
</p>
<a name="anchor5"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7"></a><h3>7.&nbsp;
Security Considerations</h3>

<a name="traversalfilenames"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.1"></a><h3>7.1.&nbsp;
Directory Traversal and Safe file names</h3>

<p>Metalink/XML clients MUST sanitize directory traversal information as specified in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> Section 4.1.2.1. Also see <a class='info' href='#RFC2183'>[RFC2183]<span> (</span><span class='info'>Troost, R., Dorner, S., and K. Moore, &ldquo;Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field,&rdquo; August&nbsp;1997.</span><span>)</span></a> Section 5 and <a class='info' href='#RFC6266'>[RFC6266]<span> (</span><span class='info'>Reschke, J., &ldquo;Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP),&rdquo; June&nbsp;2011.</span><span>)</span></a> Section 4.3 for considerations when creating file names supplied by Metalink/XML files which could be created without user input or awareness.
</p>
<a name="anchor6"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.2"></a><h3>7.2.&nbsp;
URIs and IRIs</h3>

<p>Metalink clients handle URIs and IRIs. See Section 7 of <a class='info' href='#RFC3986'>[RFC3986]<span> (</span><span class='info'>Berners-Lee, T., Fielding, R., and L. Masinter, &ldquo;Uniform Resource Identifier (URI): Generic Syntax,&rdquo; January&nbsp;2005.</span><span>)</span></a> and Section 8 of <a class='info' href='#RFC3987'>[RFC3987]<span> (</span><span class='info'>Duerst, M. and M. Suignard, &ldquo;Internationalized Resource Identifiers (IRIs),&rdquo; January&nbsp;2005.</span><span>)</span></a> for security
          considerations related to their handling and use.
</p>
<a name="anchor7"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.3"></a><h3>7.3.&nbsp;
Spoofing</h3>

<p>There is potential for spoofing attacks where the attacker publishes Metalinks with false information.
          In that case, this could deceive unaware downloaders into downloading a malicious or worthless file. 
		  As with all downloads, users should only download from trusted sources. 
		  Also, malicious publishers could attempt a distributed denial of service attack by inserting unrelated URIs into Metalinks. 
		  <a class='info' href='#RFC4732'>[RFC4732]<span> (</span><span class='info'>Handley, M., Rescorla, E., and IAB, &ldquo;Internet Denial-of-Service Considerations,&rdquo; December&nbsp;2006.</span><span>)</span></a> contains information on amplification attacks and denial of service attacks.
</p>
<a name="anchor8"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.4"></a><h3>7.4.&nbsp;
Cache Poisoning</h3>

<p>Proxy caches MUST prevent cache poisoning.
</p>
<a name="security.hash"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.5"></a><h3>7.5.&nbsp;
Cryptographic Hashes</h3>

<p>Currently, some of the hash types defined in the IANA registry named "Hash Function Textual Names" are considered insecure. These include the whole Message Digest family of algorithms that are not suitable for cryptographically strong verification. Malicious parties could provide files that appear to be identical to another file because of a collision, i.e., the weak cryptographic hashes of the intended file and a substituted malicious file could match.
</p>
<p>Metalink Generators and Processors MUST support "sha-256", which is SHA-256, as specified in <a class='info' href='#FIPS-180-3'>[FIPS&#8209;180&#8209;3]<span> (</span><span class='info'>National Institute of Standards and Technology (NIST), &ldquo;Secure Hash Standard (SHS),&rdquo; October&nbsp;2008.</span><span>)</span></a>, and MAY support stronger hashes.
</p>
<p>If a Metalink Document contains hashes, it SHOULD include "sha-256", which is SHA-256, or stronger.  It MAY also include other hashes from the IANA registry named "Hash Function Textual Names".
</p>
<a name="anchor9"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.7.6"></a><h3>7.6.&nbsp;
Signing</h3>

<p>Metalinks SHOULD include digital signatures, as described in <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> Section 4.2.13.
</p>
<p>Digital signatures provide authentication, message integrity, and enable non-repudiation with proof of origin.
</p>
<a name="rfc.references"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.8"></a><h3>8.&nbsp;
References</h3>

<a name="rfc.references1"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<h3>8.1.&nbsp;Normative References</h3>
<table width="99%" border="0">
<tr><td class="author-text" valign="top"><a name="BITTORRENT">[BITTORRENT]</a></td>
<td class="author-text">Cohen, B., &ldquo;<a href="http://www.bittorrent.org/beps/bep_0003.html">The BitTorrent Protocol Specification</a>,&rdquo; BITTORRENT&nbsp;11031, February&nbsp;2008.</td></tr>
<tr><td class="author-text" valign="top"><a name="FIPS-180-3">[FIPS-180-3]</a></td>
<td class="author-text">National Institute of Standards and Technology (NIST), &ldquo;Secure Hash Standard (SHS),&rdquo; FIPS PUB&nbsp;180-3, October&nbsp;2008.</td></tr>
<tr><td class="author-text" valign="top"><a name="ISO3166-1">[ISO3166-1]</a></td>
<td class="author-text">International Organization for Standardization, &ldquo;ISO 3166-1:2006.  Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes,&rdquo; November&nbsp;2006.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC0959">[RFC0959]</a></td>
<td class="author-text">Postel, J. and J. Reynolds, &ldquo;<a href="http://tools.ietf.org/html/rfc0959">File Transfer Protocol</a>,&rdquo; STD&nbsp;9, RFC&nbsp;0959, October&nbsp;1985.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC2119">[RFC2119]</a></td>
<td class="author-text"><a href="mailto:sob@harvard.edu">Bradner, S.</a>, &ldquo;<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>,&rdquo; BCP&nbsp;14, RFC&nbsp;2119, March&nbsp;1997.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC2616">[RFC2616]</a></td>
<td class="author-text">Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, &ldquo;<a href="http://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a>,&rdquo; RFC&nbsp;2616, June&nbsp;1999.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3156">[RFC3156]</a></td>
<td class="author-text">Elkins, M., Del Torto, D., Levien, R., and T. Roessler, &ldquo;<a href="http://tools.ietf.org/html/rfc3156">MIME Security with OpenPGP</a>,&rdquo; RFC&nbsp;3156, August&nbsp;2001 (<a href="http://www.rfc-editor.org/rfc/rfc3156.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3986">[RFC3986]</a></td>
<td class="author-text">Berners-Lee, T., Fielding, R., and L. Masinter, &ldquo;<a href="http://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>,&rdquo; STD&nbsp;66, RFC&nbsp;3986, January&nbsp;2005.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3987">[RFC3987]</a></td>
<td class="author-text">Duerst, M. and M. Suignard, &ldquo;<a href="http://tools.ietf.org/html/rfc3987">Internationalized Resource Identifiers (IRIs)</a>,&rdquo; RFC&nbsp;3987, January&nbsp;2005.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5280">[RFC5280]</a></td>
<td class="author-text">Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, &ldquo;<a href="http://tools.ietf.org/html/rfc5280">Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a>,&rdquo; RFC&nbsp;5280, May&nbsp;2008 (<a href="http://www.rfc-editor.org/rfc/rfc5280.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5751">[RFC5751]</a></td>
<td class="author-text">Ramsdell, B. and S. Turner, &ldquo;<a href="http://tools.ietf.org/html/rfc5751">Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification</a>,&rdquo; RFC&nbsp;5751, January&nbsp;2010.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5854">[RFC5854]</a></td>
<td class="author-text"><a href="mailto:anthonybryan@gmail.com">Bryan, A.</a>, <a href="mailto:tatsuhiro.t@gmail.com">Tsujikawa, T.</a>, <a href="mailto:neil@nabber.org">McNab, N.</a>, and <a href="mailto:peter@poeml.de">P. Poeml</a>, &ldquo;<a href="http://tools.ietf.org/html/rfc5854">The Metalink Download Description Format</a>,&rdquo; RFC&nbsp;5854, June&nbsp;2010.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5988">[RFC5988]</a></td>
<td class="author-text"><a href="mailto:mnot@mnot.net">Nottingham, M.</a>, &ldquo;<a href="http://tools.ietf.org/html/rfc5988">Web Linking</a>,&rdquo; RFC&nbsp;5988, October&nbsp;2010.</td></tr>
</table>

<a name="rfc.references2"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<h3>8.2.&nbsp;Informative References</h3>
<table width="99%" border="0">
<tr><td class="author-text" valign="top"><a name="RFC2183">[RFC2183]</a></td>
<td class="author-text"><a href="mailto:rens@century.com">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu">K. Moore</a>, &ldquo;<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>,&rdquo; RFC&nbsp;2183, August&nbsp;1997 (<a href="http://www.rfc-editor.org/rfc/rfc2183.txt">TXT</a>, <a href="http://xml.resource.org/public/rfc/html/rfc2183.html">HTML</a>, <a href="http://xml.resource.org/public/rfc/xml/rfc2183.xml">XML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC4732">[RFC4732]</a></td>
<td class="author-text">Handley, M., Rescorla, E., and IAB, &ldquo;<a href="http://tools.ietf.org/html/rfc4732">Internet Denial-of-Service Considerations</a>,&rdquo; RFC&nbsp;4732, December&nbsp;2006 (<a href="http://www.rfc-editor.org/rfc/rfc4732.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC6249">[RFC6249]</a></td>
<td class="author-text">Bryan, A., McNab, N., Tsujikawa, T., Poeml, P., and H. Nordstrom, &ldquo;<a href="http://tools.ietf.org/html/rfc6249">Metalink/HTTP: Mirrors and Hashes</a>,&rdquo; RFC&nbsp;6249, June&nbsp;2011 (<a href="http://www.rfc-editor.org/rfc/rfc6249.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC6266">[RFC6266]</a></td>
<td class="author-text">Reschke, J., &ldquo;<a href="http://tools.ietf.org/html/rfc6266">Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)</a>,&rdquo; RFC&nbsp;6266, June&nbsp;2011 (<a href="http://www.rfc-editor.org/rfc/rfc6266.txt">TXT</a>).</td></tr>
</table>

<a name="anchor12"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.A"></a><h3>Appendix A.&nbsp;
Acknowledgements and Contributors</h3>

<p>Some text borrowed from our previous RFCs: <a class='info' href='#RFC5854'>[RFC5854]<span> (</span><span class='info'>Bryan, A., Tsujikawa, T., McNab, N., and P. Poeml, &ldquo;The Metalink Download Description Format,&rdquo; June&nbsp;2010.</span><span>)</span></a> and <a class='info' href='#RFC6249'>[RFC6249]<span> (</span><span class='info'>Bryan, A., McNab, N., Tsujikawa, T., Poeml, P., and H. Nordstrom, &ldquo;Metalink/HTTP: Mirrors and Hashes,&rdquo; June&nbsp;2011.</span><span>)</span></a>.
</p>
<p>Thanks to the Metalink community.
</p>
<p>This document is dedicated to Zimmy Bryan and Juanita Anthony.
</p>
<a name="dochistory"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.B"></a><h3>Appendix B.&nbsp;
Document History</h3>

<p>[[ to be removed by the RFC editor before publication as an RFC. ]]
</p>
<p>Known issues concerning this draft:
	    </p>
<ul class="text">
<li>Intro, term, downloads.
</li>
<li>Repeat requirements from RFC5854 or add pointer to them?
</li>
</ul>

<p>-01 : ?, 2012.
	    
	    </p>
<ul class="text">
<li>Minor tweaks.
</li>
</ul>

<p>-00 : July 4, 2012.
	    
	    </p>
<ul class="text">
<li>Initial draft.
</li>
</ul>

<a name="rfc.authors"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<h3>Authors' Addresses</h3>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Anthony Bryan</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Pompano Beach, FL</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">USA</td></tr>
<tr><td class="author" align="right">EMail:&nbsp;</td>
<td class="author-text"><a href="mailto:anthonybryan@gmail.com">anthonybryan@gmail.com</a></td></tr>
<tr><td class="author" align="right">URI:&nbsp;</td>
<td class="author-text"><a href="http://www.metalinker.org">http://www.metalinker.org</a></td></tr>
<tr cellpadding="3"><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Tatsuhiro Tsujikawa</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Shiga</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Japan</td></tr>
<tr><td class="author" align="right">EMail:&nbsp;</td>
<td class="author-text"><a href="mailto:tatsuhiro.t@gmail.com">tatsuhiro.t@gmail.com</a></td></tr>
<tr><td class="author" align="right">URI:&nbsp;</td>
<td class="author-text"><a href="http://aria2.sourceforge.net">http://aria2.sourceforge.net</a></td></tr>
<tr cellpadding="3"><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Neil McNab</td></tr>
<tr><td class="author" align="right">EMail:&nbsp;</td>
<td class="author-text"><a href="mailto:neil@nabber.org">neil@nabber.org</a></td></tr>
<tr><td class="author" align="right">URI:&nbsp;</td>
<td class="author-text"><a href="http://www.nabber.org">http://www.nabber.org</a></td></tr>
<tr cellpadding="3"><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Dr. med. Peter Poeml</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">MirrorBrain</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Venloer Str. 317</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">Koeln  50823</td></tr>
<tr><td class="author-text">&nbsp;</td>
<td class="author-text">DE</td></tr>
<tr><td class="author" align="right">Phone:&nbsp;</td>
<td class="author-text">+49 221 6778 333 8</td></tr>
<tr><td class="author" align="right">EMail:&nbsp;</td>
<td class="author-text"><a href="mailto:peter@poeml.de">peter@poeml.de</a></td></tr>
<tr><td class="author" align="right">URI:&nbsp;</td>
<td class="author-text"><a href="http://mirrorbrain.org/~poeml/">http://mirrorbrain.org/~poeml/</a></td></tr>
</table>
</body></html>