IPv6 URIs in IE7
One of the benefits of creating a new URI parsing API for IE7 was that we were able to more easily add support for IPv6 addresses in URIs throughout IE7. This blog post will describe the use of IPv6 URIs in IE7.
IPv6 Syntax
One of the advantages of IPv6 over IPv4 is that IPv6 addresses are four times longer than IPv4 addresses (128 bits vs. 32 bits) allowing for about 3.402 * 1038 unique IPv6 addresses. Due to the longer length, a new and more compact textual representation is used for IPv6 addresses. IPv6 addresses are written as groups of four hexadecimal digits delimited by colons. For the full details on IPv6 addresses and their textual representation, see the IPv6 Addressing standard. The following is an example of an IPv6 address:
fec0::abcd
The old URI syntax and the IPv6 address syntax conflicted so in accommodation, the URI syntax was modified. According to the latest URI standard, when you put an IPv6 address in the host, you must enclose it in square brackets. Thus, the previous example IPv6 address could appear as follows in a URI:
https://[fec0::abcd]/
URIs containing IPv6 addresses are not considered “special” in IE and they may be used anywhere IE accepts or displays a URI.
Scope-IDs
One explicit omission from the latest URI standard concerning IPv6 addresses is IPv6 scope-ids. IPv6 scope-ids specify which zone (a group of network connections) on a computer should be used when resolving a particular IPv6 address. See the IPv6 Scoped Address Architecture proposed standard for a full description of scope-ids. The scope-id appears after the IPv6 address delimited by a percent character. The previous IPv6 address example with a scope-id of 1 looks like this:
fec0::abcd%1
Non-encoded percents are not permitted in URIs, so in order to support scope-ids in IPv6 URIs, IE7 allows scope-ids following the IPv6 address when delimited by a percent-encoded percent character. Therefore, the previous example IPv6 address could appear in a URI in IE7 as follows:
https://[fec0::abcd%251]/
There is currently an IETF document describing an update to the URI standard to include scope-ids, however this is still in draft stage and so is not supported by IE7. MSDN has more details on IE7’s support for IPv6 scope-ids in URIs.
Trying It Out
If you’re interested in trying this out yourself with your own web server, but aren’t connected to an IPv6 network, you can enable the IPv6 stack in Windows, and open the URI https://[::1]/ in IE7. The IPv6 address ::1 is the loopback address, similar to the IPv4 address 127.0.0.1. This will allow you to connect to your own computer’s web server via an IPv6 address.
Conclusion
I’ve described the use of and syntax of IPv6 URIs in IE7 at a high level, but if you’re interested in the nitty-gritty details, check out the provided links to documents that describe IPv6 addressing and URIs in greater detail and try out IPv6 URIs on your own. Additionally, I should mention that although support for IPv6 URIs is new to IE7 and not available in IE6, IE6 does support DNS names backed by IPv6 addresses. Please leave me any IPv6 URI related comments or questions.
Dave Risney
Software Design Engineer
Comments
Anonymous
February 20, 2007
PingBack from http://www.ie7security.net/2007/02/20/ipv6-uris-in-ie7/Anonymous
February 20, 2007
The comment has been removedAnonymous
February 21, 2007
@Dave Risney Since RFC 4007 leaves it open whether to encode the % delimiter I would have prefered that it is not escaped in URIs to be consistent with the textual form of IPv6 addresses. >Non-encoded percents are not permitted in URIs This is not entirely true. In section 2.4.2 of RFC 2396 it is only mandatory to escape the percent sign "when used as data within a URI". In this special case, however, the percent sign is used as a delimiter, not data. Another thing I noticed recently is that IE7 does not automatically prepend the http scheme when entering an IPv6 address in the address bar. Both "127.0.0.1" and "[::1]" should connect to "http://127.0.0.1/" and "http://[::1]/" respectively.Anonymous
February 21, 2007
The comment has been removedAnonymous
February 21, 2007
Why does IE7 not show any details of the certificate on: javascript:alert(window.document.security); It appears to return: "This type of document does not have a security certificate" regardless of what page you view, anywhere on the 'Net. Is this feature dead? and just hasn't been cleaned out? Ditto for things like window.screen Why create the object if it never contains any details about the screen size/position?Anonymous
February 21, 2007
The comment has been removedAnonymous
February 21, 2007
Ah, IPv6, the standard that wasn't. I wonder what it would actually take to make people actually use this format? Nothing short of a nuclear war I think. To use it, an app MUST be writen against WinSock 2, and that seems very very unlikely. Maybe if someone put in an effort making IPv6 work with winsock 1.0, maybe it might fly, but I suspect that a lot of programs would still break. How many people out there can confess to using a double word to storing an IPv4 format, because although the standard was written to be flexible, it never actually happened? Ya, I thought so, you could start a hurricane strength wind with all the hands going up... @zuneone -> I use it exactly opposite of you. I type the search term in on one page and then click to a new tab to do the actual search. If I need different search terms per page, I use my google search bar. Personally, I prefer it the way it is, persistant across pages. Unfortunately, I think you have point. Everything else changes per tab including the address bar, so the search toolbar is inconsitent in its behaviour.Anonymous
February 21, 2007
@Viktor, that looks really nice, I'll give it a try! Thanks never heard of it before today.Anonymous
February 21, 2007
@Viktor Krammer RFC 4007 explicitly doesn't address the issue after noting that the '%' conflicts with the URI syntax and that representation in a URI would require something such as percent-encoding the delimiter. Wrt "Non-encoded percents are not permitted in URIs". The section of RFC 2396 you mention says '... the percent "%" character always has the reserved purpose of being the escape indicator ...' (the corresponding section in RFC 3986 which obsoletes 2396 has similar text) . That is, the percent character alone only appears in a URI as the delimiter of a percent-encoded octet and never as data or anything else. The '%' in an IPv6 address is a delimiter for the textual representation of the IPv6 address but from the URI syntax perspective its still data that needs to be encoded so as not to interfere with the URI syntax. Accordingly in IE7 we only allow percent-encoded percents as the IPv6 scope-id delimiter. Thanks for your comments! @RubenP Sorry its not working for you. Make sure that your HTTP server supports IPv6.Anonymous
February 21, 2007
@Dave: So you mean IIS doesn't support IPv6?Anonymous
February 21, 2007
"Why create the object if it never contains any details about the screen size/position?" Perhaps it is there for backwards compatability? So certain things don't immediately break. Just don't show anything?Anonymous
February 21, 2007
@RubenP IIS6 and later support IPv6 but I don't believe earlier versions do. I don't know if any additional configuration is required to get IPv6 support in IIS going. The following page talks about IPv6 in IIS and may be able to help: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4c7c6bce-213a-4125-bc36-2202e3b4c8c8.mspx?mfr=trueAnonymous
February 21, 2007
The comment has been removedAnonymous
February 22, 2007
I'll give it a try! Thanks never heard of it before today.Anonymous
February 22, 2007
What does it mean when IPv6 is Limited? this is the status of on my dial-up connections.Anonymous
February 23, 2007
Another bug found in IE7 for Vista: http://crunchysoftware.wordpress.com/2007/02/23/ie7-refreshing-in-xp-but-not-in-vista/ Seems like the refresh doesn't work in IE7 for Vista. any word on when the Feedback site will be back up? we've got lots of bugs to submit, but nowhere to submit them! :-)Anonymous
February 23, 2007
Another security issues with IE7 ? http://lcamtuf.coredump.cx/ietrap/ Great for sites that want to keep you lure you on their site and then can keep you thereAnonymous
February 23, 2007
The comment has been removedAnonymous
February 23, 2007
Is there a reason why you guys took IE7 off of the critical updates for Microsoft as well as Windows Updates? That was a very stupid move, IMHO! You're leaving many people at risk! Is there at least a site that explains the move? Why so stealth? Please guys, Eric, anyone???Anonymous
February 24, 2007
The comment has been removedAnonymous
February 24, 2007
@ralph would be nice, if you could also quote the update on the socalled bug in IE7. Never mind, I'll do it for you: "Update 24/02/07: This isn’t actually a Windows problem it’s a Wordpress problem" There is a general problem here, seen zillions of time throughout the web: software, that is buggy causes problems, and guess who gets the blame: either Windows or Microsoft in general. It seems to be an exercise in futility, that MS even has the thousands of pages of "best pract" and programming examples, when too many people simply dont care. Cheers harryAnonymous
February 24, 2007
How do the speeds of IE7 and Firefox compare. Is it possible to configure 'HTTP pipelining' on IE7 as this site suggests you can do in Firefox? http://firefoxpluginreviews.blogspot.comAnonymous
February 25, 2007
@blogmeme, http pipelining is very unstable even in firefox, webpages that use tables alot tend to be rendered incorrectly when they are pipelined.Anonymous
February 26, 2007
The comment has been removed