index.html

<!DOCTYPE html>
<!-- Slides from Google (slides.html5rocks.com) cleaned up for new presentations
Copyright 2011 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Original slides: Marcin Wichary (mwichary@google.com)
Modifications: Chrome DevRel Team (chrome-devrel@googlegroups.com)
Alex Russell (slightlyoff@chromium.org)
Brad Neuberg
-->
<html manifest="cache.appcache">
    <head>
        <meta charset="utf-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=Edge;chrome=1" />
        <title>Présentation de HTTP</title>
        <link href="http://fonts.googleapis.com/css?family=Droid+Sans|Droid+Sans+Mono" rel="stylesheet" type="text/css" />
        <link id="prettify-link" href="src/prettify/prettify.css" rel="stylesheet" disabled />
        <link href="css/moon.css" class="theme" rel="stylesheet" />
        <link href="css/sand.css" class="theme" rel="stylesheet" />
        <link href="css/sea_wave.css" class="theme" rel="stylesheet" />
        <link href="css/default.css" class="theme" rel="stylesheet" media="screen" />
        <style>
            .slide h2 { font-size: 2em; }
            a { color: #654; text-decoration: underline; border-bottom:  none; }
            li { font-size: 1.4em; padding: 5px 0; }
            abbr { border-bottom: 1px dashed #654; }
            section { margin: 2em 2em 0 2em }
            ol li { list-style: decimal inside; }
            ul li { list-style: square outside; }
            pre { overflow-x: auto; }
            pre.client { background: url("imgs/computer.png") no-repeat 98% 10px, #EADDE8; }
            pre.server { background: url("imgs/server_lightning.png") no-repeat 98% 10px, #EADDE8; }
            kbd { white-space: pre; }
        </style>
    </head>
    <body>
        <div class="presentation">
            <div id="presentation-counter">Loading...</div>
            <div class="slides">
                <div class="slide" id="landing-slide">
                    <style scoped>
                        #landing-slide p { font-size: 35px; }
                        p#disclaimer-message { font-size: 20px; }
                    </style>
                    <section class="middle">
                    <p>Cette présentation est un site en HTML5</p>
                    <p>Appuyez sur <span id="left-init-key" class="key">&rarr;</span> pour avancer.</p>
                    </section>
                </div>

                <div class="slide" id="controls-slide">
                    <style scoped>
                        #controls-slide li, #controls-slide p { font-size: 35px; }
                    </style>
                    <section>
                    <p>Contrôles :</p>
                    <ul>
                        <li><span class="key">&larr;</span> et <span class="key">&rarr;</span> pour vous déplacer.</li>
                        <li><span class="key">Ctrl/Command</span> et <span class="key">+</span> ou <span class="key">-</span> pour zoomer.</li>
                        <li><span class="key">T</span> pour changer le thème.</li>
                        <li><span class="key">H</span> pour changer le surlignage de la syntaxe.</li>
                    </ul>
                    </section>
                </div>

                <div class="slide" id="title-slide">
                    <style scoped>
                        #title-slide h1, #title-slide h2 { color: black; }
                        #title-slide h1 { letter-spacing: -2px; font-size: 70px; }
                        #title-slide h2 { margin-top: 1em; font-size: 36px; color: #665544; }
                    </style>
                    <section class="middle">
                    <hgroup>
                    <h1>HTTP</h1>
                    <h2>Hypertext Transfer Protocol</h2>
                    <h3>Grégory Paul - <a href="http://paulgreg.me" title="Portfolio">paulgreg.me</a></h3>
                    <a href="http://www.valtech.fr/" title="Se rendre sur le site de Valtech France"><img src="imgs/valtech-logo.png" title="" alt="valtech_"></a>
                    </hgroup>
                    </section>
                </div>

                <div class="slide" id="summary-slide">
                    <style scoped>
                        #summary-slide ol { column-count: 2; }
                    </style>
                    <section>
                    <h2>Sommaire</h2>
                    <ol>
                        <li>Vue d’ensemble
                        <li>La petite histoire...
                        <li>Versions 0.9, 1.0. 1.1
                        <li>URI, URL, URN
                        <li>Verbes
                        <li>Codes de retour
                        <li>Cookies
                        <li>Négociation de contenu
                        <li>Plage de réponse et réponse partielle
                        <li>Cache
                        <li>Authentification
                        <li>SSL/TLS
                        <li>Extensions (WebDAV,...)
                        <li>SPDY et HTTP 2.0
                        <li>Outils
                    </ol>
                    </section>
                </div>

                <div class="slide" id="overview-title-slide">
                    <section class="middle">
                    <h2>Vue d’ensemble</h2>
                    </section>
                </div>
                <div class="slide" id="overview-model-slide">
                    <section>
                    <h2>Modèle OSI</h2>
                    <p class="center"><img src="https://docs.google.com/drawings/pub?id=13JohKX0LOXs74gu-DB8gKaSY_OIB050vX14_lKBp_HQ&amp;w=574&amp;h=448" title="Couches réseau" alt="Couches réseau" /></p>
                    </section>
                </div>
                <div class="slide" id="network-diagram-slide">
                    <section>
                    <h2>Illustration</h2>
                    <p class="center"><img src="https://docs.google.com/drawings/pub?id=1ggKV4njxl4zbp3ASytetj2zgf2jM22acs5B1XZOoU24&amp;w=960&amp;h=720" title="Diagramme réseau HTTP" alt="Diagramme réseau HTTP" /></p>
                    </section>
                </div>
                <div class="slide" id="overview-example-slide">
                    <section>
                    <h2>HTTP à la main</h2>
                    <pre>➜  ~  ping www.google.fr
PING www.google.fr (74.125.230.247) 56(84) bytes of data.
...
^C
➜  ~  telnet 74.125.230.247 80 
Trying 74.125.230.247...
Connected to 74.125.230.247.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.google.fr

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2011 15:03:11 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 4386
Set-Cookie: ... 
Server: gws

&lt;!doctype html&gt;&lt;html&gt;&lt;head&gt;...</pre>
              </section>
          </div>
          <div class="slide" id="overview-live-http-headers-example-slide">
              <section>
              <h2>Avec des outils : <a href="http://livehttpheaders.mozdev.org/">Live HTTP Headers</a> ou <a href="https://addons.mozilla.org/en-US/firefox/addon/httpfox/">HttpFox</a></h2>
              <p><img src="imgs/livehttpheaders.png" style="border:1px solid black; width: 800px;" alt="LiveHTTPHeaders" title="LiveHTTPHeadesr" /></p>
              </section>
          </div>
          <div class="slide" id="request-diagram-slide">
              <section>
              <h2>Séquence</h2>
              <p class="center"><img src="https://docs.google.com/drawings/pub?id=1Q_bxxPigoJG1iQlL8lBQOjzv-zqw7UiSd05Q8z3gnuE&amp;w=880&amp;h=600" title="Diagramme requête HTTP" alt="Diagramme requête HTTP" /></p>
              </section>
          </div>

          <div class="slide" id="intro-title-slide">
              <section class="middle">
              <h2>La petite histoire...</h2>
              </section>
          </div>
          <div class="slide" id="story-slide">
              <section>
              <h2>La petite histoire...</h2>
              <ul>
                  <li>En 1989, au <abbr title="Conseil Européen pour la Recherche Nucléaire">CERN</abbr>,
                  <li><a href="http://www.w3.org/People/Berners-Lee/">Tim Berners-Lee</a> et <a href="http://www.robertcailliau.eu/Welcome-en.html">Robert Cailliau</a>
                  <li>propose un système hypertexte
                  <li>bâti sur <abbr title="Transmission Control Protocol">TCP</abbr>/<abbr title="Internet Protocol">IP</abbr>.
                  <li>En 1991, devient HTTP/0.9
                  <li>En 1993, le <abbr title="National Center for Supercomputing Applications">NCSA</abbr> créé <a href="ftp://ftp.ncsa.uiuc.edu/Mosaic/">Mosaic</a> et <a href="http://httpd.apache.org/ABOUT_APACHE.html">HTTPd</a>
                  <li>En 1996, <a href="http://tools.ietf.org/html/rfc1945"><abbr title="Request for comment">RFC</abbr> 1945</a> : HTTP/1.0
                  <li>En 1997, <a href="http://tools.ietf.org/html/rfc2068">RFC 2068</a> : HTTP/1.1
                  <li>En 2000, <a href="http://www.ics.uci.edu/~fielding/">Roy Fielding</a> publie sa thèse <a href="http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm">Architectural Styles and the Design of Network-based Software Architectures</a><br>(<a href="http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm"><abbr title="Representational state transfer">REST</abbr></a>)
                  <li><a href="http://www.w3.org/Protocols/">19 révisions</a> de HTTP/1.1 entre 2007 et 2012,
                  <li>En 2009, Google <a href="http://googleresearch.blogspot.com/2009/11/2x-faster-web.html">propose</a> <a href="http://www.chromium.org/spdy">SPDY</a>,
                  <li>En 2012, le groupe de travail <a href="https://tools.ietf.org/wg/httpbis/">httpbis</a> de l’<a href="https://ietf.org/"><abbr title="Internet Engineering Task Force">IETF</abbr></a> planche sur HTTP 2.0
              </ul>
              </section>
          </div>

          <div class="slide" id="URI-URL-URN-title-slide">
              <section class="middle">
              <h2>(URI / URL / URN)</h2>
              </section>
          </div>
          <div class="slide" id="URI-URL-URN-slide">
              <section>
              <h2>URI / URL / URN</h2>
              <img width="200" src="imgs/URI-URL-URN.svg" style="float: left; margin: .5em 2em 0 0" alt="URN / URL / URI" title="URN / URL / URI" />
              <p>Une <abbr title="Uniform Resource Identifier">URI</abbr> identifie.</p>
              <p>Une <abbr title="Uniform Resource Locator">URL</abbr> identifie et localise.</p>
              <p>une <abbr title="Uniform Resource Name">URN</abbr> identifie et nomme.</p>
              <h3>URLs :</h3>
              <ul>
                  <li>mailto:someone@example.com
                  <li>http://www.damnhandy.com/
                  <li>file:///home/someuser/somefile.txt
              </ul>
              <h3>URNs :</h3>
              <ul>
                  <li>urn:mpeg:mpeg7:schema:2001urn:isbn:0451450523
                  <li>urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C
                  <li>urn:uuid:6e8bc430-9c3a-11d9-9669-0800200c9a66
              </ul>
              </section>
          </div>


          <div class="slide" id="versions-details-title-slide">
              <section class="middle">
              <h2>HTTP 0.9, 1.0 et 1.1</h2>
              </section>
          </div>
          <div class="slide" id="http-0-9-slide">
              <section>
              <h2>HTTP 0.9</h2>
              <ul>
                  <li>n’est <strong>pas</strong> un standard
                  <li>n’est pas figé, constantes évolutions
                  <li>en cours de développement dans les années 91~95
                  <li>un seul verbe : GET
                  <li>port 80 par défaut
                  <li>introduit le concept d’URI
                  <li>introduit le code de retour (status code)
                  <li>puis l’entête content-type
                  <li>sans état...
                  <li>mais les cookies apparaissent par <a href="http://www.montulli.org/lou">Lou Montulli</a> en 94 pour une boutique d’ecommerce
              </ul>
              </section>
          </div>
          <div class="slide" id="http-1-0-slide">
              <section>
              <h2>HTTP 1.0</h2>
              <ul>
                  <li>en 1996, <a href="http://tools.ietf.org/html/rfc1945"><abbr title="Request for comment">RFC</abbr> 1945</a>
                  <li>verbe GET, POST, HEAD mais aussi PUT, DELETE, LINK, UNLINK
                  <li>standardisation des entêtes, du formatage des réponses, des codes d’erreurs
                  <li>cache côté client via les en‐têtes <code>Last-modified</code>, <code>Pragma</code>, <code>Expires</code> et la compression
              </ul>
              </section>
          </div>
          <div class="slide" id="http-1-1-slide">
              <section>
              <h2>HTTP 1.1</h2>
              <ul>
                  <li>En 1997, <a href="http://tools.ietf.org/html/rfc2068"><abbr title="Request for comment">RFC</abbr> 2068</a> : HTTP/1.1
                  <li>OPTIONS, CONNECT et TRACE (<del>LINK</del>, <del>UNLINK</del>)
                  <li>en-tête <code>Host</code> obligatoire <small>(permettant plusieurs sites web depuis une même IP)</small>
                  <li>négociation de contenu et de langage (<code>Accept</code>, <code>Accept-Language</code>, <code>Accept-Charset</code>)<small>, un pas en avant vers REST</small>
                  <li><img src="imgs/pipeline.png" alt="HTTP Pipelining" style="float:right; width:400px; border: 1px solid black;" /><code>Connection: keep-alive</code> permettant le pipelining
                  <li>découpe de la réponse en plusieurs morceaux via <code>Transfer-Encoding: chunked</code> <small>(un exemple est l’usage "temps réel" tel que les premiers chats)</small>
                  <li><a href="http://www.w3.org/Protocols/">19 révisions</a> entre 2007 et 2012 et des ajouts divers tels que <a href="http://www.w3.org/TR/CSP/">Content Security Policy</a>
              </ul>
              </section>
          </div>


          <div class="slide" id="verbs-title-slide">
              <section class="middle">
              <h2>Verbes</h2>
              </section>
          </div>
          <div class="slide" id="verbs-slide">
              <style scoped>
                  #verbs-slide .used span { font-weight: bold; } 
                  #verbs-slide span:after { color: #654; margin-left: .5em;  font-size: .7em; vertical-align: super; font-weight: normal;  }
                  #verbs-slide .idempotent span:after { content: "idempotent"; }
                  #verbs-slide .safe.idempotent span:after { content: "safe, idempotent"; }
              </style>
              <section>
              <h2>Verbes</h2>
              <ul>
                  <li class="safe idempotent used"><span>GET</span> : récupération d’une ressource
                  <li class="safe idempotent used"><span>HEAD</span> : seulement les entêtes
                  <li class="used"><span>POST</span> : soumission d’un formulaire / modification d’une ressource
                  <li class="idempotent used"><span>PUT</span> : création d’une ressource
                  <li class="idempotent used"><span>DELETE</span> : suppression d’une ressource
                  <li class="safe idempotent"><span>TRACE</span> : echo de la requête 
                  <li class="safe idempotent"><span>OPTIONS</span> : Capacités du serveur
                  <li class=""><span>CONNECT</span> : SSL/TLS pour les proxies
                  <li class=""><span>PATCH</span> : modification partielle <small>(<a href="https://tools.ietf.org/html/rfc5789">RFC 5789</a>, mai 2010)</small>
              </ul>
              </section>
          </div>

          <div class="slide" id="status-code-title-slide">
              <section class="middle">
              <h2>Code de retour (status code)</h2>
              </section>
          </div>
          <div class="slide" id="status-code-slide">
              <style scoped>
                  #status-code-slide ul > li > ul { 
                      max-height: 90px; overflow-y: auto;border: 1px dotted #654;
                      font-size: 10px; column-count: 2;
                  }
                  #status-code-slide ul > li > ul > li { padding: 0; }
              </style>
              <section>
              <h2><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">Codes de retour</a></h2>
              <ul>
                  <li class="100">1xx Informational (3)
                  <ul>
                      <li>100 Continue
                      <li>101 Switching Protocols
                      <li>102 Processing (<a href="/wiki/WebDAV" title="WebDAV">WebDAV</a>; RFC 2518)
                  </ul>
                  <li class="200">2xx Success (10)
                  <ul>
                      <li>200 OK
                      <li>201 Created
                      <li>202 Accepted
                      <li>203 Non-Authoritative Information (since HTTP/1.1)
                      <li>204 No Content
                      <li>205 Reset Content
                      <li>206 Partial Content
                      <li>207 Multi-Status (WebDAV; RFC 4918)
                      <li>208 Already Reported (WebDAV; RFC 5842)
                      <li>226 IM Used (RFC 3229)
                  </ul>
                  <li class="300">3xx Redirection (9)
                  <ul>
                      <li>300 Multiple Choices
                      <li><a href="https://en.wikipedia.org/wiki/HTTP_301" title="HTTP 301">301 Moved Permanently</a>
                      <li><a href="https://en.wikipedia.org/wiki/HTTP_302" title="HTTP 302">302 Found</a>
                      <li><a href="https://en.wikipedia.org/wiki/HTTP_303" title="HTTP 303">303 See Other</a> (since HTTP/1.1)
                      <li>304 Not Modified
                      <li>305 Use Proxy (since HTTP/1.1)
                      <li>306 Switch Proxy
                      <li>307 Temporary Redirect (since HTTP/1.1)
                      <li>308 Permanent Redirect (approved as experimental)
                  </ul>
                  <li class="400">4xx Client Error (38)
                  <ul>
                      <li>400 Bad Request
                      <li>401 Unauthorized
                      <li>402 Payment Required
                      <li><a href="https://en.wikipedia.org//wiki/HTTP_403" title="HTTP 403">403 Forbidden</a>
                      <li><a href="https://en.wikipedia.org//wiki/HTTP_404" title="HTTP 404">404 Not Found</a>
                      <li>405 Method Not Allowed
                      <li>406 Not Acceptable
                      <li>407 Proxy Authentication Required
                      <li>408 Request Timeout
                      <li>409 Conflict
                      <li>410 Gone
                      <li>411 Length Required
                      <li>412 Precondition Failed
                      <li>413 Request Entity Too Large
                      <li>414 Request-URI Too Long
                      <li>415 Unsupported Media Type
                      <li>416 Requested Range Not Satisfiable
                      <li>417 Expectation Failed
                      <li>418 I'm a teapot (RFC 2324)
                      <li>420 Enhance Your Calm (Twitter)
                      <li>422 Unprocessable Entity (WebDAV; RFC 4918)
                      <li>423 Locked (WebDAV; RFC 4918)
                      <li>424 Failed Dependency (WebDAV; RFC 4918)
                      <li>424 Method Failure (<a href="https://en.wikipedia.org//wiki/WebDAV" title="WebDAV">WebDAV</a>)
                      <li>425 Unordered Collection (Internet draft)
                      <li>426 Upgrade Required (RFC 2817)
                      <li>428 Precondition Required (<a class="external mw-magiclink-rfc" href="//tools.ietf.org/html/rfc6585">RFC 6585</a>)
                      <li>429 Too Many Requests (<a class="external mw-magiclink-rfc" href="//tools.ietf.org/html/rfc6585">RFC 6585</a>)
                      <li>431 Request Header Fields Too Large (<a class="external mw-magiclink-rfc" href="//tools.ietf.org/html/rfc6585">RFC 6585</a>)
                      <li>444 No Response (Nginx)
                      <li>449 Retry With (Microsoft)
                      <li>450 Blocked by Windows Parental Controls (Microsoft)
                      <li>451 Unavailable For Legal Reasons (Internet draft)
                      <li>494 Request Header Too Large (Nginx)
                      <li>495 Cert Error (Nginx)
                      <li>496 No Cert (Nginx)
                      <li>497 HTTP to HTTPS (Nginx)
                      <li>499 Client Closed Request (Nginx)
                  </ul>
                  <li class="500">5xx Server Error (14)
                  <ul>
                      <li>500 Internal Server Error
                      <li>501 Not Implemented
                      <li>502 Bad Gateway
                      <li>503 Service Unavailable
                      <li>504 Gateway Timeout
                      <li>505 HTTP Version Not Supported
                      <li>506 Variant Also Negotiates (RFC 2295)
                      <li>507 Insufficient Storage (WebDAV; RFC 4918)
                      <li>508 Loop Detected (WebDAV; RFC 5842)
                      <li>509 Bandwidth Limit Exceeded (Apache bw/limited extension)
                      <li>510 Not Extended (RFC 2774)
                      <li>511 Network Authentication Required (<a class="external mw-magiclink-rfc" href="//tools.ietf.org/html/rfc6585">RFC 6585</a>)
                      <li>598 Network read timeout error (Unknown)
                      <li>599 Network connect timeout error (Unknown)
                  </ul>
              </ul>
              </section>
          </div>

          <div class="slide" id="cookie-title-slide">
              <section class="middle">
              <h2>Les Cookies</h2>
              <a href="http://www.instructables.com/id/HTTP-Sugar-Cookies/"><img src="http://www.instructables.com/files/deriv/FWM/8RMH/GX82ORQY/FWM8RMHGX82ORQY.LARGE.jpg" width="600" alt="" title="Image from http://www.instructables.com/id/HTTP-Sugar-Cookies/" /></a>
              </section>
          </div>
          <div class="slide" id="cookie-example-slide">
              <section>
              <h2>Les Cookies : exemple</h2>
<pre class="client">GET / HTTP/1.1
Host: www.exemple.org
...</pre>
<pre class="server">HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
...</pre>
<pre class="client">GET /page.html HTTP/1.1
Host: www.exemple.org
Cookie: name=value
...</pre>
              </section>
          </div>

          <div class="slide" id="cookie-details-slide">
              <section>
              <h2>Les Cookies</h2>
              <ul>
                  <li>Défini pour un nom de domaine complet par défaut <small>(www.domain.com)</small>
                  <li>limité à 20 cookies par domaine, d’environ 4000 caractères
                  <li>Envoyé à chaque requête <small>(html, JS, Ajax, images, etc)</small>
                  <li>Cookie = contenu personalisé = pas de cache
                  <li>D’où l’intérêt de servir les ressources communes <small>(images, css, js)</small> depuis un autre sous-domaine <small>(static.domain.com)</small>
                  <li>Cookie de session
                  <li>Cookie chiffré
                  <li>Entête <a href="https://fr.wikipedia.org/wiki/P3P"><abbr title="Platform for Privacy Preferences">P3P</abbr></a>
                  <li>Entête <a href="https://fr.wikipedia.org/wiki/Do_Not_Track"><abbr title="Do Not Track">DNT</abbr></a>
              </ul>
              </section>
          </div>

          <div class="slide" id="cookie-first-third-party-slide">
             <section>
             <h2>Les Cookies</h2>
             <ul>
                 <li>Cookie "first/third party"
             </ul>
             <p align="center"><img src="https://docs.google.com/drawings/pub?id=1ZGi5Yuf_PmyIrP_WoxAjnq2NdQUg3H3TMpXVJFiP0Hw&amp;w=430&amp;h=399" title="First / third party cookie" alt=""/></p>
             </section>
          </div>


          <div class="slide" id="cookie-details-2-slide">
              <section>
              <h2>Les Cookies : attributs facultatifs</h2>
              <ul>
                  <li>un nom de domaine <small>(pour permettre le "cross-subdomain")</small>,
                  <li>un chemin,
                  <li>date d'expiration <small>(sans, le cookie est supprimé lorsque le navigateur est fermé)</small>,
                  <li>type de connexion prévu <small>(chiffrée ou non)</small>,
                  <li>type d’accès <small>(HTTP seul ou aussi via JS)</small>.
              </ul>
              <h3>Exemples</h3>
<pre class="server">Set-Cookie: LSID=DQAAAK…Eaem_vYg; Domain=docs.foo.com; Path=/accounts; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly</pre>
<pre class="server">Set-Cookie: HSID=AYQEVn….DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT; HttpOnly</pre>
<pre class="server">Set-Cookie: SSID=Ap4P….GTEq; Domain=.foo.com; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly</pre>

              </section>
          </div>
          <div class="slide" id="cookie-security-demo-slide">
              <section class="middle">
              <h2>Les Cookies : Sécurité</h2>
              </section>
          </div>
          <div class="slide" id="cookie-security-slide">
              <section>
              <h2>Vol de cookie (cookie hijacking)</h2>
              <h3>À la main</h3>
              <p>Démo sur <a href="http://blog.valtech.fr/wp-login">blog.valtech.fr</a> avec <a href="http://livehttpheaders.mozdev.org/">LiveHTTPHeaders</a> et telnet</p>
              <h3>Via Firesheep</h3>
              <p><a href="http://codebutler.com/firesheep?c=1"><img src="imgs/firesheep.png" alt="Firesheep" title="Firesheep" /></a></p>
              <h2>Forge de cookie</h2>
              </section>
          </div>

          <div class="slide" id="content-negociation-title-slide">
              <section class="middle">
              <h2>Négociation de contenu</h2>
              </section>
          </div>
          <div class="slide" id="content-negociation-basics-slide">
              <section>
              <h2>Négociation de contenu</h2>
              <h3>Navigateur demandant une page web</h3>
<pre class="client">GET / HTTP/1.1
Host: www.exemple.org
Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6, image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate
Accept-Language: fr-FR; q=1.0, en; q=0.5
... </pre>
<pre class="server">HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 25719
Content-type: text/html; charset=UTF-8
Content-Language: en-US
...</pre>
            </section>
        </div>

          <div class="slide" id="content-negociation-slide">
              <section>
              <h2>Négociation de contenu</h2>
              <h3>Client d’API REST</h3>
<pre class="client">GET /shops/all/address HTTP/1.1
Host: www.exemple.org
Accept: application/json; q=1.0, text/xml; q=0.8
Accept-Charset: ISO-8859-1,utf-8; q=0.7, *; q=0.3
Accept-Encoding: gzip,deflate
Accept-Language: fr-FR; q=1.0, en; q=0.5
... </pre>
<pre class="server">HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 25719
Content-type: application/json; charset=utf-8
Content-Language: en-US
 ...</pre>
              </section>
          </div>

          <div class="slide" id="partial-request-title-slide">
              <section class="middle">
              <h2>Requête et réponse partielle</h2>
              </section>
          </div>
          <div class="slide" id="partial-request-slide">
              <section>
              <h2>Requête et réponse partielle</h2>
<pre class="client">HEAD /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1
Host: farm3.static.flickr.com</pre>
<pre class="server">HTTP/1.0 200 OK
Date: Mon, 05 May 2008 00:33:14 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 3980
Content-Type: image/jpeg</pre>
<pre class="client">GET /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1
Host: farm3.static.flickr.com
Range: bytes=0-999</pre>
<pre class="server">HTTP/1.0 206 Partial Content
Date: Mon, 05 May 2008 00:36:57 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 1000
Content-Range: bytes 0-999/3980
Content-Type: image/jpeg
...</pre>
              </section>
          </div>

          <div class="slide" id="cache-title-slide">
              <section class="middle">
              <h2>Cache</h2>
              </section>
          </div>
          <div class="slide" id="cache-in-action-slide">
              <section>
              <h2>Cache : En Action</h2>
              <h3>Chargement initial, sans cache :</h3>
              <img src="imgs/twitter-1.png" alt="First twitter load" title="First twitter load" />
              <h3>Rechargement de la même page :</h3>
              <img src="imgs/twitter-2.png" alt="Second twitter load" title="Second twitter load" />
              </section>
          </div>
          <div class="slide" id="cache-type-slide">
              <section>
              <h2>Cache : Introduction</h2>
              <h3>Qui ?</h3>
              <ul>
                  <li>Navigateur / Client
                  <li>Proxy <small>(squid, équipement réseau/"network appliance")</small>
                  <li>Reverse-proxy <small>(squid, varnish, etc)</small>
                  <li><abbr title="Content Delivery Network">CDN</abbr> <small>(Akamai, Amazon Cloud Front, ...)</small>
              </ul>
              <h3>2 types :</h3>
              <ul>
                  <li>Cache privé
                  <li>Cache public
              </ul>
              <h3>Définitions :</h3>
              <ul>
                  <li>Revalidation
                  <li>Cache hit
                  <li>Cache miss
              </ul>
              </section>
          </div>
          <div class="slide" id="cache-date-expires-slide">
              <section>
              <h2>Cache : Date et Expires</h2>
<pre class="server">Date:Tue, 04 Sep 2012 09:24:26 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT</pre>
              <ul>
                  <li><code>Date</code> obligatoire !
                  <li><code>Expires &gt; now()</code> : caché jusqu’à la date indiquée puis revalidation
                  <li><code>Expires == now()</code> : caché mais revalidation à la prochaine requête
                  <li><code>Expires &lt; now() || Expires == -1</code> : pas de cache
              </ul>
              </section>
          </div>
          <div class="slide" id="cache-control-slide">
              <section>
              <h2>Cache : Cache-Control</h2>
              <ul>
                  <li><code>Cache-Control: private</code> : Cache client
                  <li><code>Cache-Control: public</code> : Cache client et proxy
                  <li><code>Cache-Control: no-cache</code> : Cache client et proxy mais revalidation
                  <li><code>Cache-Control: no-cache=Set-Cookie</code> : Ne pas cacher cet entête
                  <li><code>Cache-Control: no-store</code> : Cache client ou proxy interdit
                  <li><code>Cache-Control: must-revalidate</code> : Revalidation après expiration
                  <li><code>Cache-Control: proxy-revalidate</code> : Idem mais pour les proxies
                  <li><code>Cache-Control: max-age=xxx</code> : Temps relatif, en secondes
                  <li><code>Cache-Control: s-maxage=xxx</code> : Idem mais que pour les proxies
                  <li><code>Cache-Control: no-transform</code> : Les proxies ne doivent pas transformer la ressource
              </ul>
              </section>
          </div>
          <div class="slide" id="cache-last-modified-conditionnal-slide">
              <section>
              <h2>Cache : Last-Modified et requête conditionnelle</h2>
<pre class="client">GET /logo.png HTTP/1.1
...</pre>
<pre class="server">HTTP/1.1 200 OK
Date: Mon, 03 Sep 2012 15:05:20 GMT
Expires: Mon, 03 Sep 2012 15:05:20 GMT
Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT
...</pre>
<pre class="client">GET /logo.png HTTP/1.1
If-Modified-Since: Mon, 02 Apr 2012 02:13:37 GMT
...</pre>
<pre class="server">HTTP/1.1 304 Not Modified
Date: Mon, 03 Sep 2012 15:07:07 GMT
Expires: Mon, 03 Sep 2012 15:07:07 GMT
...</pre>
              </section>
          </div>
          <div class="slide" id="cache-etag-conditionnal-slide">
              <section>
              <h2>Cache : Entity Tag et requête conditionnelle</h2>
<pre class="client">GET /logo.png HTTP/1.1
...</pre>
<pre class="server">HTTP/1.1 200 OK
Date: Mon, 03 Sep 2012 15:05:20 GMT
ETag: "8eca4-205f-17b94c"
...</pre>
<pre class="client">GET /logo.png HTTP/1.1
If-None-Match "8eca4-205f-17b94c"
...</pre>
<pre class="server">HTTP/1.1 304 Not Modified
Date: Mon, 03 Sep 2012 15:07:07 GMT
ETag: "8eca4-205f-17b94c"
...</pre>
            </section>
          </div>
          <div class="slide" id="cache-vary-slide">
              <section>
              <h2>Cache : Vary</h2>
<h3>Exemple sur la compression :</h3>
<pre class="client">GET /file.js HTTP/1.1
Accept-Encoding: gzip, deflate
...</pre>
<pre class="server">HTTP/1.1 200 OK
Content-Encoding:gzip
Date:Thu, 06 Sep 2012 13:56:47 GMT
Expires:Thu, 13 Sep 2012 13:56:47 GMT
ETag:M0-0eb75f26
Vary:Accept-Encoding
...</pre>
<h3>Exemple sur la négociation de contenu :</h3>
<pre class="client">GET /shops/all/address HTTP/1.1
Host: www.exemple.org
Accept: application/json
Accept-Language: fr-FR; q=1.0, en; q=0.5
... </pre>
<pre class="server">HTTP/1.1 200 OK
Content-type: application/json; charset=utf-8
Content-Language: en-US
Vary: Accept,Accept-Language
 ...</pre>
            </section>
          </div>
          <div class="slide" id="cache-summary-slide">
              <section>
              <h2>Cache : Recommandations</h2>
              <ul>
                  <li>Utilisez soit <code>Expires</code>, soit <code>Cache-Control: max-age</code>
                  <li>avec soit <code>Last-Modified</code>, soit <code>ETag</code> <small>pour permettre les requêtes conditionnelles</small>
                  <li>Idéalement, cachez pour un mois ou un an <small>(mais pas plus !)</small> et utiliser l’url fingerprinting
                  <li>SSL/TLS : <code>Cache control: public</code> <small>(sinon, pas de cache sous FF)</small>
                  <li>Attention aux paramètres dans les URL (proxies)
                  <li>Limitez les cookies aux ressources qui ont en besoin <small>(html)</small>
                  <li>Rappel : ressources statiques sur un autre sous-domaine
                  <li>Attention de bien configurer <code>Vary</code> en fonction du <code>Content-Encoding</code>, <code>Content-Type</code> ou encore sur les champs <code>Accept</code> <small>(Négociation de contenu)</small>
              </ul>
              </section>
          </div>

          <div class="slide" id="authentification-title-slide">
              <section class="middle">
              <h2>Authenfication</h2>
              </section>
          </div>
          <div class="slide" id="authentification-basic-slide">
              <section>
              <h2>Authenfication basique</h2>
<pre class="client">GET /private/index.html HTTP/1.1
Host: www.exemple.org
...</pre>
<pre class="server">HTTP/1.1 401 Authorization Required
Content-type: text/html
WWW-Authenticate: Basic realm="Secure Area"
...</pre>
<pre class="client">GET /private/index.html HTTP/1.1
Host: www.exemple.org
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
</pre>
<h3>Encodage/décodage base 64</h3>
<kbd>&gt; echo -n "Aladdin:open sesame" | base64 -
&gt; QWxhZGRpbjpvcGVuIHNlc2FtZQ==
&gt; echo -n QWxhZGRpbjpvcGVuIHNlc2FtZQ== | base64 -d
&gt; Aladdin:open sesame
</kbd>
            </section>
        </div>
        <div class="slide" id="authentification-digest-slide">
            <section>
            <h2>Authenfication Digest</h2>
<pre class="server">HTTP/1.1 401 Authorization Required
Content-type: text/html
WWW-Authenticate: Digest realm="testrealm@host.com",
qop="auth, auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
...</pre>
<pre class="server">GET /private/index.html HTTP/1.1
Host: www.exemple.org
GET /dir/index.html HTTP/1.0
Host: localhost
Authorization: Digest username="gpaul",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/private/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
</pre>
        </section>
        </div>

        <div class="slide" id="ssl-tls-title-slide">
            <section class="middle">
            <h2><abbr title="Secure Sockets Layer">SSL</abbr>/<abbr title="Transport Layer Security">TLS</abbr></h2>
            </section>
        </div>
        <div class="slide" id="ssl-tls-main-slide">
              <section>
              <h2><abbr title="Secure Sockets Layer">SSL</abbr>/<abbr title="Transport Layer Security">TLS</abbr> : Introduction</h2>
              <ul>
                  <li>SSL 1.0 (jamais publique), 2.0 en 1995,  3.0 en 1996 (<a href="https://tools.ietf.org/html/rfc6101"><abbr title="Request for comment">RFC</abbr> 6101</a>),
                  <li>TLS 1.0 en 1999 (<a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>)
                  <li>TLS 1.1 en 2006 (<a href="https://tools.ietf.org/html/rfc4346">RFC 4346</a>)
                  <li>TLS 1.2 en 2008 (<a href="https://tools.ietf.org/html/rfc5246">RFC 5246</a>)
                  <li>Mise à jour sur TLS 1.2 en 2011 (<a href="https://tools.ietf.org/html/rfc6176">RFC 6176</a>)
                  <li>TLS utilisé sur <abbr title="HyperText Transfert Protocol">HTTP</abbr>, <abbr title="File Transfert Protocol">FTP</abbr>, <abbr title="Simple Mail Transfert Protocol">SMTP</abbr>, <abbr title="Network News Transfert Protocol">NNTP</abbr> et <abbr title="eXtensible Messaging and Presence Protocol">XMPP</abbr>
                  <li><abbr title="Hypertext Transfer Protocol Secure">HTTPS</abbr> sur le port 443
              </ul>
              <h3>5 principes</h3>
              <ul>
                  <li>l'authentification du serveur,
                  <li>la confidentialité des données échangées,
                  <li>l'intégrité des données échangées,
                  <li>la spontanéité,
                  <li>de manière optionnelle, l'authentification du <a href="http://pilif.github.com/2008/05/why-is-nobody-using-ssl-client-certificates/">client avec un certificat</a>,
                  <li>la transparence (HTTP over TLS).
              </ul>
              </section>
          </div>
          <div class="slide" id="ssl-tls-pre-requisites-slide">
            <section>
            <h2>Quelques rappels cryptographiques</h2>
            <ul>
                <li>Chiffrement symétrique <small>(DES, 3DES, AES, BlowFish,...)</small>
                <li>Chiffrement asymétrique <small>(RSA)</small>
                <li>Fonction de hashage <small>(MD5, SHA1, SHA256,...)</small>
                <li>Signature
                <img style="float:right" src="https://docs.google.com/drawings/pub?id=1IScYN4qTqqQCkpZ1GTeK8vTO26pMso7rRj-UMBH6Cwc&amp;w=343&amp;h=283">
                <li>Certificats <small>(x509)</small>
                <li>Autorité de certification
                <li>Chaînes de confiance
            </ul>
<h3>Création d’une signature</h3>
<pre>var hash = sha1(certificat.info)
return encrypt(ca.privatekey, hash)</pre>
<h3>Vérification d’une signature</h3>
<pre>var hash = sha1(certificat.info)
var uncryptedSignature = decrypt(ca.publickey, signature)
return hash == uncryptedSignature</pre>
            </section>
          </div>
          <div class="slide" id="ssl-tls-handshake-slide">
              <style scoped>
              #ssl-tls-handshake-slide ul li { list-style-type:none; }
              </style>
              <section>
              <h2><abbr title="Secure Sockets Layer">SSL</abbr>/<abbr title="Transport Layer Security">TLS</abbr> : Handshake</h2>
              <img src="https://docs.google.com/drawings/pub?id=1kpEunBK1rm_KH-loMb2K0OKCEut4A0tP08fF1e5_-OM&amp;w=796&amp;h=362" alt="SSL/TLS handshake" />
              <ul>
                  <li><span style="color: blue;">1.</span> Client hello : chiffrements supportés ordonnés
                  <li><span style="color: blue;">2.</span> Server hello : chiffrement utilisé et certificat
                  <small>(le client vérifie le certificat et la chaîne de confiance)</small>
                  <li><span style="color: red;">3.</span> Pré-clé chiffrée avec la clé publique du serveur
                  <li><span>4.</span> Négociation terminée, calcul de la clé secrête symétrique
                  <li><span style="color: green;">5.</span> Échanges HTTP chiffrés avec la clé symétrique
              </ul>
              </section>
          </div>
          <div class="slide" id="ssl-tls-algorithms-slide">
            <style scoped>
            #ssl-tls-algorithms-slide ul { column-count: 3; }
            #ssl-tls-algorithms-slide ul li { font-size: 13px; }
            </style>
              <section>
              <h2>Algorithmes d’encryption</h2>
              <p>Version, chiffrement asymétrique, chiffrement symétrique, négociation des clés, signature</p>
              <ul>
                <li>SSL2-RC4-128-with-MD5
                <li>SSL2-RC2-128-CBC-with-MD5
                <li>SSL2-DES-168-EDE3-CBC-with-MD5
                <li>SSL2-DES-56-CBC-with-MD5
                <li>SSL2-RC4-128-EXPORT40-with-MD5
                <li>SSL2-RC2-128-CBC-EXPORT40-with-MD5
                <li>SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA
                <li>SSL3-FORTEZZA-DMS-with-RC4-128-SHA
                <li>SSL3-RSA-with-RC4-128-MD5
                <li>SSL3-RSA-with-3DES-EDE-CBC-SHA
                <li>SSL3-RSA-with-DES-CBC-SHA
                <li>SSL3-RSA-with-RC4-40-MD5
                <li>SSL3-RSA-with-RC2-CBC-40-MD5
                <li>SSL3-FORTEZZA-DMS-with-null-SHA
                <li>SSL3-RSA-with-null-MD5
                <li>SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA
                <li>SSL3-RSA-FIPS-with-DES-CBC-SHA
                <li>SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA
                <li>SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA
                <li>SSL3-DHE-RSA-with-DES-CBC-SHA
                <li>SSL3-DHE-DSS-with-DES-CBC-SHA
                <li>TLS-RSA-1024-with-RC4-56-SHA
                <li>TLS-RSA-1024-with-DES-CBC-SHA
                <li>TLS-RSA-with-RC4-128-MD5
                <li>SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA
                <li>TLS-RSA-with-3DES-EDE-CBC-SHA
                <li>TLS-RSA-with-DES-CBC-SHA
                <li>TLS-RSA-with-AES-256-CBC-SHA
                <li>TLS-RSA-with-AES-128-CBC-SHA
                <li>TLS-RSA-with-RC4-40-MD5
                <li>TLS-RSA-with-RC2-CBC-40-MD5
                <li>TLS-RSA-with-null-MD5
                <li>TLS-DHE-RSA-with-AES-256-CBC-SHA
                <li>TLS-DHE-RSA-with-AES-128-CBC-SHA
                <li>TLS-DHE-DSS-with-AES-256-CBC-SHA
                <li>TLS-DHE-DSS-with-AES-128-CBC-SHA
                <li>TLS-DHE-DSS-with-RC4-128-SHA
                <li>TLS-ECDH-ECDSA-with-RC4-128-SHA
                <li>TLS-ECDH-RSA-with-RC4-128-SHA
                <li>TLS-ECDHE-ECDSA-with-RC4-128-SHA
                <li>TLS-ECDHE-RSA-with-RC4-128-SHA
                <li>TLS-ECDH-ECDSA-with-3DES-EDE-CBC-SHA
                <li>TLS-ECDH-RSA-with-3DES-EDE-CBC-SHA
                <li>TLS-ECDHE-ECDSA-with-3DES-EDE-CBC-SHA
                <li>TLS-ECDHE-RSA-with-3DES-EDE-CBC-SHA
                <li>TLS-ECDH-ECDSA-with-AES-128-CBC-SHA
                <li>TLS-ECDH-RSA-with-AES-128-CBC-SHA
                <li>TLS-ECDHE-ECDSA-with-AES-128-CBC-SHA
                <li>TLS-ECDHE-RSA-with-AES-128-CBC-SHA
                <li>TLS-ECDH-ECDSA-with-AES-256-CBC-SHA
                <li>TLS-ECDH-RSA-with-AES-256-CBC-SHA
                <li>TLS-ECDHE-ECDSA-with-AES-256-CBC-SHA
                <li>TLS-ECDHE-RSA-with-AES-256-CBC-SHA
              </ul>
              </section>
          </div>
          <div class="slide" id="ssl-tls-diffie-hellman-slide">
              <section>
              <h2><abbr title="Secure Sockets Layer">SSL</abbr>/<abbr title="Transport Layer Security">TLS</abbr> : Diffie-Hellman</h2>
              <a href="http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html">SSL/TLS & Perfect Forward Secrecy</a>, <small>DHE-RSA-AES128-SHA, ECDHE-RSA-AES128-SHA</small>
              <p class="center"><img src="imgs/diffie-Hellman_key_exchange.png" alt="Algorithme de Diffie Hellman" /></p>
              </section>
          </div>
          <div class="slide" id="ssl-tls-security-slide">
                <section>
                <h2><abbr title="Secure Sockets Layer">SSL</abbr>/<abbr title="Transport Layer Security">TLS</abbr> : Securité</h2>
                <h3><a href="http://dev.chromium.org/sts"><abbr title="HTTP Strict Transport Security">HSTS</abbr></a></h3>
                <pre>Strict-Transport-Security: max-age=16070400; includeSubDomains</pre>
                <h3>Attaques connues</h3>
                <p>En 2011, Thai Duong et Juliano Rizzo démontrent <a href="http://vnhacker.blogspot.fr/2011/09/beast.html"><abbr title="Browser Exploit Against SSL/TLS">BEAST</abbr></a>, une attaque contre TLS/1.0.</p>
                <p>En 2012, ils présentent <a href="https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1d134dff_1_222"><abbr title="Compression Ratio Info-leak Made Easy">CRIME</abbr></a>, se basant sur la compression : TLS et SPDY sont vulnérables.</p>
                </section>
            </div>


         <div class="slide" id="extension-title-slide">
             <section class="middle">
             <h2>Extension</h2>
             </section>
         </div>
          <div class="slide" id="extension-slide">
              <section>
              <h2>Extension : <abbr title="Web Distributed Authoring and Versioning">WebDAV</abbr></h2>
              <ul>
                  <li>permet de récupérer, déposer, synchroniser et publier des fichiers/dossiers,
                  <li>gestion des droits d’accès, vérrouillage des fichiers,
                  <li>Nouvelles méthodes, entêtes et codes de retour (<small><a href="//tools.ietf.org/html/rfc4918"><abbr title="Request for comment">RFC</abbr> 4918</a></small>) : 
              </ul>
<pre class="client">COPY /~fielding/index.html HTTP/1.1 
Host: www.example.com 
Destination: http://www.example.com/users/f/fielding/index.html 
If: &lt;http://www.example.com/users/f/fielding/index.html&gt; (&lt;urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6&gt;)</pre>
<pre class="server">HTTP/1.1 204 No Content</pre>
<pre class="client">DELETE /locked/member HTTP/1.1
Host: example.com</pre>
<pre class="server">HTTP/1.1 423 Locked
Content-Type: application/xml; charset="utf-8"
Content-Length: xxxx

&lt;?xml version="1.0" encoding="utf-8" ?&gt;
&lt;D:error xmlns:D="DAV:"&gt;
&lt;D:lock-token-submitted&gt;
&lt;D:href&gt;/locked/&lt;/D:href&gt;
&lt;/D:lock-token-submitted&gt;
&lt;/D:error&gt;
</pre>
              </section>
          </div>

          <div class="slide" id="spdy-http2-title-slide">
              <section class="middle">
              <h2>SPDY / HTTP 2.0</h2>
              </section>
          </div>
          <div class="slide" id="spdy-slide">
              <section>
              <h2><abbr title="Speedy"><a href="https://sites.google.com/a/chromium.org/dev/spdy">SPDY</a></abbr></h2>
              <ul>
                  <li>standard de facto, standardisation en cours <small>(<a href="https://tools.ietf.org/html/draft-mbelshe-httpbis-spdy-00">draft-mbelshe-httpbis-spdy-00</a>)</small>
                  <li>implémenté dans Google Chrome (<small><a href="chrome://net-internals/#spdy">chrome://net-internals/#spdy</a></small>) et Firefox 11 (<small><a href="https://hacks.mozilla.org/2012/02/spdy-brings-responsive-and-scalable-transport-to-firefox-11/">annonce</a></small>), actif par défaut dans Firefox 13 (<small><code>network.http.spdy.enabled</code>, cf <a href="about:config">about:config</a></small>) et Amazon Silk,
                  <li>utilisé sur presque tous les services Google, ainsi que twitter,
                  <li><img src="https://sites.google.com/a/chromium.org/dev/_/rsrc/1258490355439/spdy/spdy-whitepaper/soarjOjSeS5hoFYvjtAnxCg.png" alt="Speedy stack" style="float: right; margin: .5em;"/>
                  ne remplace pas HTTP mais change la façon dont les données sont envoyées,
                  <li>suppression des entêtes redondants (user-agent, accept, etc),
                  <li>compression des entêtes,
                  <li>multiplexage (plusieurs streams) au sein d’une requête TCP,
                  <li><a href="https://en.wikipedia.org/wiki/HTTP_pipelining">HTTP Pipelining</a>,
                  <li>priorise les ressources,
                  <li>"push" des resources liées (images, css, js) avant que le navigateur ne les demande,
                  <li>TLS/SSL obligatoire.
              </ul>
              </section>
          </div>
          <div class="slide" id="http2-slide">
              <section>
              <h2>HTTP 2.0</h2>
              <ul>
                  <li>en cours de réflexion par le groupe <a href="https://tools.ietf.org/wg/httpbis/">Hypertext Transfer Protocol Bis</a> <small>(httpbis)</small>,
                  <li>buts : multiplexage, compression des entête, pipelining,
                  <li>rétro-compatibilité complète,
                  <li>SPDY candidat pour HTTP/2.0,
                  <li>Microsoft propose <a href="https://tools.ietf.org/html/draft-montenegro-httpbis-speed-mobility-01">HTTP Speed+Mobility</a> (basé sur SPDY).
              </ul>
              </section>
          </div>

          <div class="slide" id="tools-and-resources-slide">
              <section>
              <h2>Outils et resources</h2>
              <ul>
                  <li>telnet, curl, wget,
                  <li><a href="http://livehttpheaders.mozdev.org/">Live HTTP Headers</a> ou <a href="https://addons.mozilla.org/en-US/firefox/addon/httpfox/">HttpFox</a> pour Firefox,
                  <li><a href="http://httpie.org">HTTPie</a> : curl pour "humain",
                  <li><a href="http://htty.github.com">htty</a> : une console http,
                  <li><a href="http://viewdns.info/">http://viewdns.info/</a>, boite à outils en ligne,
                  <li><a href="http://rsstodolist.appspot.com/?n=http&amp;l=100">http://rsstodolist.appspot.com/?name=http</a> : toutes les références.
              </ul>
              </section>
          </div>

      </div> <!-- slides -->

  </div> <!-- presentation -->

  <script src="js/slides.js"></script>
  <!--[if lt IE 9]>
  <script 
      src="http://ajax.googleapis.com/ajax/libs/chrome-frame/1/CFInstall.min.js">
  </script>
  <script>CFInstall.check({ mode: "overlay" });</script>
  <![endif]-->
  <script src="src/prettify/prettify.js" onload="prettyPrint();" defer></script>
  <script src="js/slides.js"></script>
  <script src="js/cache.js"></script>
  <script src="js/prefixfree.min.js"></script>
  </body>
</html>