draft-ietf-httpbis-header-compression-10.txt   draft-ietf-httpbis-header-compression-11.txt 
HTTPbis Working Group R. Peon HTTPbis Working Group R. Peon
Internet-Draft Google, Inc Internet-Draft Google, Inc
Intended status: Standards Track H. Ruellan Intended status: Standards Track H. Ruellan
Expires: June 2, 2015 Canon CRF Expires: August 14, 2015 Canon CRF
November 29, 2014 February 10, 2015
HPACK - Header Compression for HTTP/2 HPACK - Header Compression for HTTP/2
draft-ietf-httpbis-header-compression-10 draft-ietf-httpbis-header-compression-11
Abstract Abstract
This specification defines HPACK, a compression format for This specification defines HPACK, a compression format for
efficiently representing HTTP header fields, to be used in HTTP/2. efficiently representing HTTP header fields, to be used in HTTP/2.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Discussion of this draft takes place on the HTTPBIS working group Discussion of this draft takes place on the HTTPBIS working group
mailing list (ietf-http-wg@w3.org), which is archived at [1]. mailing list (ietf-http-wg@w3.org), which is archived at [1].
Working Group information can be found at [2]; that specific to Working Group information can be found at [2]; that specific to
HTTP/2 are at [3]. HTTP/2 are at [3].
The changes in this draft are summarized in Appendix D.1. The changes in this draft are summarized in Appendix D.2.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 2, 2015. This Internet-Draft will expire on August 14, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Conventions . . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Conventions . . . . . . . . . . . . . . . . . . . . . . . 5
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Compression Process Overview . . . . . . . . . . . . . . . . 5 2. Compression Process Overview . . . . . . . . . . . . . . . . 6
2.1. Header List Ordering . . . . . . . . . . . . . . . . . . 6 2.1. Header List Ordering . . . . . . . . . . . . . . . . . . 6
2.2. Encoding and Decoding Contexts . . . . . . . . . . . . . 6 2.2. Encoding and Decoding Contexts . . . . . . . . . . . . . 6
2.3. Indexing Tables . . . . . . . . . . . . . . . . . . . . . 6 2.3. Indexing Tables . . . . . . . . . . . . . . . . . . . . . 6
2.3.1. Static Table . . . . . . . . . . . . . . . . . . . . 6 2.3.1. Static Table . . . . . . . . . . . . . . . . . . . . 6
2.3.2. Dynamic Table . . . . . . . . . . . . . . . . . . . . 6 2.3.2. Dynamic Table . . . . . . . . . . . . . . . . . . . . 6
2.3.3. Index Address Space . . . . . . . . . . . . . . . . . 7 2.3.3. Index Address Space . . . . . . . . . . . . . . . . . 7
2.4. Header Field Representation . . . . . . . . . . . . . . . 7 2.4. Header Field Representation . . . . . . . . . . . . . . . 8
3. Header Block Decoding . . . . . . . . . . . . . . . . . . . . 8 3. Header Block Decoding . . . . . . . . . . . . . . . . . . . . 8
3.1. Header Block Processing . . . . . . . . . . . . . . . . . 8 3.1. Header Block Processing . . . . . . . . . . . . . . . . . 8
3.2. Header Field Representation Processing . . . . . . . . . 8 3.2. Header Field Representation Processing . . . . . . . . . 9
4. Dynamic Table Management . . . . . . . . . . . . . . . . . . 9 4. Dynamic Table Management . . . . . . . . . . . . . . . . . . 9
4.1. Calculating Table Size . . . . . . . . . . . . . . . . . 9 4.1. Calculating Table Size . . . . . . . . . . . . . . . . . 10
4.2. Maximum Table Size . . . . . . . . . . . . . . . . . . . 9 4.2. Maximum Table Size . . . . . . . . . . . . . . . . . . . 10
4.3. Entry Eviction when Dynamic Table Size Changes . . . . . 10 4.3. Entry Eviction when Dynamic Table Size Changes . . . . . 11
4.4. Entry Eviction when Adding New Entries . . . . . . . . . 10 4.4. Entry Eviction when Adding New Entries . . . . . . . . . 11
5. Primitive Type Representations . . . . . . . . . . . . . . . 11 5. Primitive Type Representations . . . . . . . . . . . . . . . 11
5.1. Integer Representation . . . . . . . . . . . . . . . . . 11 5.1. Integer Representation . . . . . . . . . . . . . . . . . 11
5.2. String Literal Representation . . . . . . . . . . . . . . 12 5.2. String Literal Representation . . . . . . . . . . . . . . 13
6. Binary Format . . . . . . . . . . . . . . . . . . . . . . . . 13 6. Binary Format . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Indexed Header Field Representation . . . . . . . . . . . 14 6.1. Indexed Header Field Representation . . . . . . . . . . . 14
6.2. Literal Header Field Representation . . . . . . . . . . . 14 6.2. Literal Header Field Representation . . . . . . . . . . . 15
6.2.1. Literal Header Field with Incremental Indexing . . . 14 6.2.1. Literal Header Field with Incremental Indexing . . . 15
6.2.2. Literal Header Field without Indexing . . . . . . . . 15 6.2.2. Literal Header Field without Indexing . . . . . . . . 16
6.2.3. Literal Header Field never Indexed . . . . . . . . . 16 6.2.3. Literal Header Field never Indexed . . . . . . . . . 17
6.3. Dynamic Table Size Update . . . . . . . . . . . . . . . . 17 6.3. Dynamic Table Size Update . . . . . . . . . . . . . . . . 18
7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19
7.1. Probing Dynamic Table State . . . . . . . . . . . . . . . 18 7.1. Probing Dynamic Table State . . . . . . . . . . . . . . . 19
7.1.1. Applicability to HPACK and HTTP . . . . . . . . . . . 19 7.1.1. Applicability to HPACK and HTTP . . . . . . . . . . . 20
7.1.2. Mitigation . . . . . . . . . . . . . . . . . . . . . 20 7.1.2. Mitigation . . . . . . . . . . . . . . . . . . . . . 20
7.1.3. Never Indexed Literals . . . . . . . . . . . . . . . 21 7.1.3. Never Indexed Literals . . . . . . . . . . . . . . . 21
7.2. Static Huffman Encoding . . . . . . . . . . . . . . . . . 21 7.2. Static Huffman Encoding . . . . . . . . . . . . . . . . . 22
7.3. Memory Consumption . . . . . . . . . . . . . . . . . . . 21 7.3. Memory Consumption . . . . . . . . . . . . . . . . . . . 22
7.4. Implementation Limits . . . . . . . . . . . . . . . . . . 21 7.4. Implementation Limits . . . . . . . . . . . . . . . . . . 23
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23
9.1. Normative References . . . . . . . . . . . . . . . . . . 22 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.2. Informative References . . . . . . . . . . . . . . . . . 22 10.1. Normative References . . . . . . . . . . . . . . . . . . 23
Appendix A. Static Table Definition . . . . . . . . . . . . . . 24 10.2. Informative References . . . . . . . . . . . . . . . . . 24
Appendix B. Huffman Code . . . . . . . . . . . . . . . . . . . . 25 Appendix A. Static Table Definition . . . . . . . . . . . . . . 25
Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 31 Appendix B. Huffman Code . . . . . . . . . . . . . . . . . . . . 26
C.1. Integer Representation Examples . . . . . . . . . . . . . 32 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 32
C.1.1. Example 1: Encoding 10 Using a 5-bit Prefix . . . . . 32 C.1. Integer Representation Examples . . . . . . . . . . . . . 33
C.1.2. Example 2: Encoding 1337 Using a 5-bit Prefix . . . . 32 C.1.1. Example 1: Encoding 10 Using a 5-bit Prefix . . . . . 33
C.1.3. Example 3: Encoding 42 Starting at an Octet Boundary 33 C.1.2. Example 2: Encoding 1337 Using a 5-bit Prefix . . . . 33
C.2. Header Field Representation Examples . . . . . . . . . . 33 C.1.3. Example 3: Encoding 42 Starting at an Octet Boundary 34
C.2.1. Literal Header Field with Indexing . . . . . . . . . 33 C.2. Header Field Representation Examples . . . . . . . . . . 34
C.2.2. Literal Header Field without Indexing . . . . . . . . 34 C.2.1. Literal Header Field with Indexing . . . . . . . . . 34
C.2.3. Literal Header Field never Indexed . . . . . . . . . 35 C.2.2. Literal Header Field without Indexing . . . . . . . . 35
C.2.4. Indexed Header Field . . . . . . . . . . . . . . . . 35 C.2.3. Literal Header Field never Indexed . . . . . . . . . 36
C.3. Request Examples without Huffman Coding . . . . . . . . . 36 C.2.4. Indexed Header Field . . . . . . . . . . . . . . . . 36
C.3.1. First Request . . . . . . . . . . . . . . . . . . . . 36 C.3. Request Examples without Huffman Coding . . . . . . . . . 37
C.3.2. Second Request . . . . . . . . . . . . . . . . . . . 37 C.3.1. First Request . . . . . . . . . . . . . . . . . . . . 37
C.3.3. Third Request . . . . . . . . . . . . . . . . . . . . 38 C.3.2. Second Request . . . . . . . . . . . . . . . . . . . 38
C.4. Request Examples with Huffman Coding . . . . . . . . . . 39 C.3.3. Third Request . . . . . . . . . . . . . . . . . . . . 39
C.4.1. First Request . . . . . . . . . . . . . . . . . . . . 39 C.4. Request Examples with Huffman Coding . . . . . . . . . . 40
C.4.2. Second Request . . . . . . . . . . . . . . . . . . . 40 C.4.1. First Request . . . . . . . . . . . . . . . . . . . . 40
C.4.3. Third Request . . . . . . . . . . . . . . . . . . . . 41 C.4.2. Second Request . . . . . . . . . . . . . . . . . . . 41
C.5. Response Examples without Huffman Coding . . . . . . . . 43 C.4.3. Third Request . . . . . . . . . . . . . . . . . . . . 42
C.5.1. First Response . . . . . . . . . . . . . . . . . . . 43 C.5. Response Examples without Huffman Coding . . . . . . . . 44
C.5.2. Second Response . . . . . . . . . . . . . . . . . . . 45 C.5.1. First Response . . . . . . . . . . . . . . . . . . . 44
C.5.3. Third Response . . . . . . . . . . . . . . . . . . . 46 C.5.2. Second Response . . . . . . . . . . . . . . . . . . . 46
C.6. Response Examples with Huffman Coding . . . . . . . . . . 48 C.5.3. Third Response . . . . . . . . . . . . . . . . . . . 47
C.6.1. First Response . . . . . . . . . . . . . . . . . . . 48 C.6. Response Examples with Huffman Coding . . . . . . . . . . 49
C.6.2. Second Response . . . . . . . . . . . . . . . . . . . 50 C.6.1. First Response . . . . . . . . . . . . . . . . . . . 49
C.6.3. Third Response . . . . . . . . . . . . . . . . . . . 51 C.6.2. Second Response . . . . . . . . . . . . . . . . . . . 51
C.6.3. Third Response . . . . . . . . . . . . . . . . . . . 52
Appendix D. Change Log (to be removed by RFC Editor before Appendix D. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 53 publication) . . . . . . . . . . . . . . . . . . . . 54
D.1. Since draft-ietf-httpbis-header-compression-09 . . . . . 54 D.1. Since draft-ietf-httpbis-header-compression-10 . . . . . 55
D.2. Since draft-ietf-httpbis-header-compression-08 . . . . . 54 D.2. Since draft-ietf-httpbis-header-compression-09 . . . . . 55
D.3. Since draft-ietf-httpbis-header-compression-07 . . . . . 54 D.3. Since draft-ietf-httpbis-header-compression-08 . . . . . 55
D.4. Since draft-ietf-httpbis-header-compression-06 . . . . . 54 D.4. Since draft-ietf-httpbis-header-compression-07 . . . . . 55
D.5. Since draft-ietf-httpbis-header-compression-05 . . . . . 55 D.5. Since draft-ietf-httpbis-header-compression-06 . . . . . 56
D.6. Since draft-ietf-httpbis-header-compression-04 . . . . . 55 D.6. Since draft-ietf-httpbis-header-compression-05 . . . . . 56
D.7. Since draft-ietf-httpbis-header-compression-03 . . . . . 55 D.7. Since draft-ietf-httpbis-header-compression-04 . . . . . 56
D.8. Since draft-ietf-httpbis-header-compression-02 . . . . . 56 D.8. Since draft-ietf-httpbis-header-compression-03 . . . . . 57
D.9. Since draft-ietf-httpbis-header-compression-01 . . . . . 56 D.9. Since draft-ietf-httpbis-header-compression-02 . . . . . 57
D.10. Since draft-ietf-httpbis-header-compression-00 . . . . . 56 D.10. Since draft-ietf-httpbis-header-compression-01 . . . . . 57
D.11. Since draft-ietf-httpbis-header-compression-00 . . . . . 57
1. Introduction 1. Introduction
In HTTP/1.1 (see [RFC7230]), header fields are not compressed. As In HTTP/1.1 (see [RFC7230]), header fields are not compressed. As
Web pages have grown to include dozens to hundreds of requests, the Web pages have grown to require dozens to hundreds of requests, the
redundant header fields in these requests unnecessarily consume redundant header fields in these requests unnecessarily consume
bandwidth, measurably increasing latency. bandwidth, measurably increasing latency.
SPDY [SPDY] initially addressed this redundancy by compressing header SPDY [SPDY] initially addressed this redundancy by compressing header
fields using the DEFLATE [DEFLATE] format, which proved very fields using the DEFLATE [DEFLATE] format, which proved very
effective at efficiently representing the redundant header fields. effective at efficiently representing the redundant header fields.
However, that approach exposed a security risk as demonstrated by the However, that approach exposed a security risk as demonstrated by the
CRIME attack (see [CRIME]). CRIME attack (see [CRIME]).
This specification defines HPACK, a new compressor for header fields This specification defines HPACK, a new compressor for header fields
which eliminates redundant header fields, limits vulnerability to which eliminates redundant header fields, limits vulnerability to
known security attacks, and which has a bounded memory requirement known security attacks, and which has a bounded memory requirement
for use in constrained environments. for use in constrained environments. Potential security concerns for
HPACK are described in Section 7.
The HPACK format is intentionally simple and inflexible. Both
characteristics reduce the risk of interoperability or security
issues due to implementation error. No extensibility mechanisms are
defined; changes to the format are only possible by defining a
complete replacement.
1.1. Overview 1.1. Overview
The format defined in this specification treats a list of header The format defined in this specification treats a list of header
fields as an ordered collection of name-value pairs that can include fields as an ordered collection of name-value pairs that can include
duplicates. Names and values are considered to be opaque sequences duplicate pairs. Names and values are considered to be opaque
of octets, and the order of header fields is preserved after being sequences of octets, and the order of header fields is preserved
compressed and decompressed. after being compressed and decompressed.
Encoding is informed by header tables that map name-value pairs to Encoding is informed by header field tables that map header fields to
indexed values. These header tables can be incrementally updated as indexed values. These header field tables can be incrementally
new pairs are encoded or decoded. updated as new header fields are encoded or decoded.
In the encoded form, a header field is represented either literally In the encoded form, a header field is represented either literally
or as a reference to a name-value pair in one of the header tables. or as a reference to a header field in one of the header field
Therefore, a list of header fields can be encoded using a mixture of tables. Therefore, a list of header fields can be encoded using a
references and literal values. mixture of references and literal values.
Literal values are either encoded directly or using a static Huffman
code.
The encoder is responsible for deciding which header fields to insert The encoder is responsible for deciding which header fields to insert
as new entries in the header tables. The decoder executes the as new entries in the header field tables. The decoder executes the
modifications to the header tables prescribed by the encoder, modifications to the header field tables prescribed by the encoder,
reconstructing the list of header fields in the process. This reconstructing the list of header fields in the process. This
enables decoders to remain simple and interoperate with a wide enables decoders to remain simple and interoperate with a wide
variety of encoders. variety of encoders.
Examples illustrating the use of these different mechanisms to Examples illustrating the use of these different mechanisms to
represent header fields are available in Appendix C. represent header fields are available in Appendix C.
1.2. Conventions 1.2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 5, line 22 skipping to change at page 5, line 28
unless otherwise indicated. Literal values are provided in decimal unless otherwise indicated. Literal values are provided in decimal
or hexadecimal as appropriate. or hexadecimal as appropriate.
1.3. Terminology 1.3. Terminology
This specification uses the following terms: This specification uses the following terms:
Header Field: A name-value pair. Both the name and value are Header Field: A name-value pair. Both the name and value are
treated as opaque sequences of octets. treated as opaque sequences of octets.
Dynamic Table: The dynamic table (see Section 2.3.2) is a header Dynamic Table: The dynamic table (see Section 2.3.2) is a table that
table used to associate stored header fields to index values. associates stored header fields with index values. This table is
This table is dynamic and specific to an encoding or decoding dynamic and specific to an encoding or decoding context.
context.
Static Table: The static table (see Section 2.3.1) is a header table Static Table: The static table (see Section 2.3.1) is a table that
used to associate static header fields to index values. This statically associates header fields that occur frequently with
table is ordered, read-only, always accessible, and may be shared index values. This table is ordered, read-only, always
amongst all encoding or decoding contexts. accessible, and may be shared amongst all encoding or decoding
contexts.
Header List: A header list is an ordered collection of header fields Header List: A header list is an ordered collection of header fields
that are encoded jointly, and can contain duplicate header fields. that are encoded jointly, and can contain duplicate header fields.
A complete list of key-value pairs contained in an HTTP/2 header A complete list of header fields contained in an HTTP/2 header
block is a header list. block is a header list.
Header Field Representation: A header field can be represented in Header Field Representation: A header field can be represented in
encoded form either as a literal or as an index (see Section 2.4). encoded form either as a literal or as an index (see Section 2.4).
Header Block: An ordered list of header field representations which, Header Block: An ordered list of header field representations which,
when decoded, yields a complete header list. when decoded, yields a complete header list.
2. Compression Process Overview 2. Compression Process Overview
skipping to change at page 6, line 17 skipping to change at page 6, line 24
HPACK preserves the ordering of header fields inside the header list. HPACK preserves the ordering of header fields inside the header list.
An encoder MUST order header field representations in the header An encoder MUST order header field representations in the header
block according to their ordering in the original header list. A block according to their ordering in the original header list. A
decoder MUST order header fields in the decoded header list according decoder MUST order header fields in the decoded header list according
to their ordering in the header block. to their ordering in the header block.
2.2. Encoding and Decoding Contexts 2.2. Encoding and Decoding Contexts
To decompress header blocks, a decoder only needs to maintain a To decompress header blocks, a decoder only needs to maintain a
dynamic table (see Section 2.3.2) as a decoding context. No other dynamic table (see Section 2.3.2) as a decoding context. No other
state is needed. dynamic state is needed.
When used for bidirectional communication, such as in HTTP, the When used for bidirectional communication, such as in HTTP, the
encoding and decoding dynamic tables maintained by an endpoint are encoding and decoding dynamic tables maintained by an endpoint are
completely independent. I.e., the request and response dynamic completely independent. I.e., the request and response dynamic
tables are separate. tables are separate.
2.3. Indexing Tables 2.3. Indexing Tables
HPACK uses two tables for associating header fields to indexes. The HPACK uses two tables for associating header fields to indexes. The
static table (see Section 2.3.1) is predefined and contains common static table (see Section 2.3.1) is predefined and contains common
skipping to change at page 6, line 50 skipping to change at page 7, line 8
2.3.2. Dynamic Table 2.3.2. Dynamic Table
The dynamic table consists of a list of header fields maintained in The dynamic table consists of a list of header fields maintained in
first-in, first-out order. The first and newest entry in a dynamic first-in, first-out order. The first and newest entry in a dynamic
table is at the lowest index, and the oldest entry of a dynamic table table is at the lowest index, and the oldest entry of a dynamic table
is at the highest index. is at the highest index.
The dynamic table is initially empty. Entries are added as each The dynamic table is initially empty. Entries are added as each
header block is decompressed. header block is decompressed.
The dynamic table can contain duplicate entries. Therefore, The dynamic table can contain duplicate entries (i.e., entries with
duplicate entries MUST NOT be treated as an error by a decoder. the same name and same value). Therefore, duplicate entries MUST NOT
be treated as an error by a decoder.
The encoder decides how to update the dynamic table and as such can The encoder decides how to update the dynamic table and as such can
control how much memory is used by the dynamic table. To limit the control how much memory is used by the dynamic table. To limit the
memory requirements of the decoder, the dynamic table size is memory requirements of the decoder, the dynamic table size is
strictly bounded (see Section 4.2). strictly bounded (see Section 4.2).
The decoder updates the dynamic table during the processing of a list The decoder updates the dynamic table during the processing of a list
of header field representations (see Section 3.2). of header field representations (see Section 3.2).
2.3.3. Index Address Space 2.3.3. Index Address Space
skipping to change at page 7, line 44 skipping to change at page 8, line 7
| 1 | ... | s | |s+1| ... |s+k| | 1 | ... | s | |s+1| ... |s+k|
+---+-----------+---+ +---+-----------+---+ +---+-----------+---+ +---+-----------+---+
^ | ^ |
| V | V
Insertion Point Dropping Point Insertion Point Dropping Point
Figure 1: Index Address Space Figure 1: Index Address Space
2.4. Header Field Representation 2.4. Header Field Representation
An encoded header field can be represented either as a literal or as An encoded header field can be represented either as an index or as a
an index. literal.
An indexed representation defines a header field as a reference to an
entry in either the static table or the dynamic table (see
Section 6.1).
A literal representation defines a header field by specifying its A literal representation defines a header field by specifying its
name and value. The header field name can be represented literally name and value. The header field name can be represented literally
or as a reference to an entry in either the static table or the or as a reference to an entry in either the static table or the
dynamic table. The header field value is represented literally. dynamic table. The header field value is represented literally.
Three different literal representations are defined: Three different literal representations are defined:
o A literal representation that adds the header field as a new entry
at the beginning of the dynamic table (see Section 6.2.1).
o A literal representation that does not add the header field to the o A literal representation that does not add the header field to the
dynamic table (see Section 6.2.2). dynamic table (see Section 6.2.2).
o A literal representation that does not add the header field to the o A literal representation that does not add the header field to the
dynamic table, with the additional stipulation that this header dynamic table, with the additional stipulation that this header
field always use a literal representation, in particular when re- field always use a literal representation, in particular when re-
encoded by an intermediary (see Section 6.2.3). encoded by an intermediary (see Section 6.2.3). This
representation is intended for protecting header field values that
are not to be put at risk by compressing them (see Section 7.1.3
for more details).
o A literal representation that adds the header field as a new entry The selection of one of these literal representations can be guided
at the beginning of the dynamic table (see Section 6.2.1). by security considerations, in order to protect sensitive header
field values (see Section 7.1).
An indexed representation defines a header field as a reference to an The literal representation of a header field name or of a header
entry in either the static table or the dynamic table (see field value can encode the sequence of octets either directly or
Section 6.1). using a static Huffman code (see Section 5.2).
3. Header Block Decoding 3. Header Block Decoding
3.1. Header Block Processing 3.1. Header Block Processing
A decoder processes a header block sequentially to reconstruct the A decoder processes a header block sequentially to reconstruct the
original header list. original header list.
A header block is the concatenation of header field representations.
The different possible header field representations are described in
Section 6.
Once a header field is decoded and added to the reconstructed header Once a header field is decoded and added to the reconstructed header
list, it cannot be removed from it. A header field added to the list, the header field cannot be removed. A header field added to
header list can be safely passed to the application. the header list can be safely passed to the application.
By passing the resulting header fields to the application, a decoder By passing the resulting header fields to the application, a decoder
can be implemented with minimal transitory memory commitment in can be implemented with minimal transitory memory commitment in
addition to the dynamic table. addition to the dynamic table.
3.2. Header Field Representation Processing 3.2. Header Field Representation Processing
The processing of a header block to obtain a header list is defined The processing of a header block to obtain a header list is defined
in this section. To ensure that the decoding will successfully in this section. To ensure that the decoding will successfully
produce a header list, a decoder MUST obey the following rules. produce a header list, a decoder MUST obey the following rules.
skipping to change at page 9, line 29 skipping to change at page 10, line 10
4. Dynamic Table Management 4. Dynamic Table Management
To limit the memory requirements on the decoder side, the dynamic To limit the memory requirements on the decoder side, the dynamic
table is constrained in size. table is constrained in size.
4.1. Calculating Table Size 4.1. Calculating Table Size
The size of the dynamic table is the sum of the size of its entries. The size of the dynamic table is the sum of the size of its entries.
The size of an entry is the sum of its name's length in octets (as The size of an entry is the sum of its name's length in octets (as
defined in Section 5.2), its value's length in octets (see defined in Section 5.2), its value's length in octets, plus 32.
Section 5.2), plus 32.
The size of an entry is calculated using the length of the name and The size of an entry is calculated using the length of its name and
value without any Huffman encoding applied. value without any Huffman encoding applied.
NOTE: The additional 32 octets account for the overhead associated Note: The additional 32 octets account for an estimated overhead
with an entry. For example, an entry structure using two 64-bit associated with an entry. For example, an entry structure using
pointers to reference the name and the value of the entry, and two two 64-bit pointers to reference the name and the value of the
64-bit integers for counting the number of references to the name and entry, and two 64-bit integers for counting the number of
value would have 32 octets of overhead. references to the name and value would have 32 octets of overhead.
4.2. Maximum Table Size 4.2. Maximum Table Size
Protocols that use HPACK determine the maximum size that the encoder Protocols that use HPACK determine the maximum size that the encoder
is permitted to use for the dynamic table. In HTTP/2, this value is is permitted to use for the dynamic table. In HTTP/2, this value is
determined by the SETTINGS_HEADER_TABLE_SIZE setting (see determined by the SETTINGS_HEADER_TABLE_SIZE setting (see
Section 6.5.2 of [HTTP2]). Section 6.5.2 of [HTTP2]).
An encoder can choose to use less capacity than this maximum size An encoder can choose to use less capacity than this maximum size
(see Section 6.3), but the chosen size MUST stay lower than or equal (see Section 6.3), but the chosen size MUST stay lower than or equal
to the maximum set by the protocol. to the maximum set by the protocol.
The maximum size of the dynamic table can be changed by the protocol A change in the maximum size of the dynamic table is signaled via an
at any time other than during the encoding of a header block. After encoding context update (see Section 6.3). This encoding context
changing the maximum size of the dynamic table used by the encoder, update MUST occur at the beginning of the first header block
the encoder MUST signal this change via an encoding context update following the change to the dynamic table size. In HTTP/2, this
(see Section 6.3). This encoding context update MUST occur at the follows a settings acknowledgment (see Section 6.5.3 of [HTTP2]).
beginning of the first header block following the change to the
header table size. In HTTP/2, this follows a settings
acknowledgement (see Section 6.5.3 of [HTTP2]).
Multiple updates to the maximum table size can occur between the Multiple updates to the maximum table size can occur between the
sending of two header blocks. In the case that the value of this transmission of two header blocks. In the case that this size is
parameter is changed more than once, if any changed value is smaller changed more than once in this interval, the smallest maximum table
than the new maximum size, the smallest value for the parameter MUST size that occurs in that interval MUST be signaled in an encoding
be sent in an encoding context update. The altered maximum size is context update. The final maximum size is always signaled, resulting
always sent, resulting in at most two encoding context updates. This in at most two encoding context updates. This ensures that the
ensures that the decoder is able to perform eviction based on the decoder is able to perform eviction based on reductions in dynamic
decoder table size (see Section 4.3). table size (see Section 4.3).
This mechanism can be used to completely clear entries from the This mechanism can be used to completely clear entries from the
dynamic table by setting a maximum size of 0, which can subsequently dynamic table by setting a maximum size of 0, which can subsequently
be restored. be restored.
4.3. Entry Eviction when Dynamic Table Size Changes 4.3. Entry Eviction when Dynamic Table Size Changes
Whenever the maximum size for the dynamic table is reduced, entries Whenever the maximum size for the dynamic table is reduced, entries
are evicted from the end of the dynamic table until the size of the are evicted from the end of the dynamic table until the size of the
dynamic table is less than or equal to the maximum size. dynamic table is less than or equal to the maximum size.
4.4. Entry Eviction when Adding New Entries 4.4. Entry Eviction when Adding New Entries
Whenever a new entry is to be added to the dynamic table, entries are Before a new entry is added to the dynamic table, entries are evicted
evicted from the end of the dynamic table until the size of the from the end of the dynamic table until the size of the dynamic table
dynamic table is less than or equal to (maximum size - new entry is less than or equal to (maximum size - new entry size), or until
size), or until the table is empty. the table is empty.
If the representation of the added entry references the name of an
entry in the dynamic table, the referenced name is cached prior to
performing eviction to avoid having the name inadvertently evicted.
If the size of the new entry is less than or equal to the maximum If the size of the new entry is less than or equal to the maximum
size, that entry is added to the table. It is not an error to size, that entry is added to the table. It is not an error to
attempt to add an entry that is larger than the maximum size; an attempt to add an entry that is larger than the maximum size; an
attempt to add an entry larger than the entire table causes the table attempt to add an entry larger than the maximum size causes the table
to be emptied of all existing entries, and results in an empty table. to be emptied of all existing entries, and results in an empty table.
A new entry can reference the name of an entry in the dynamic table
that will be evicted when adding this new entry into the dynamic
table. Implementations are cautioned to avoid deleting the
referenced name if the referenced entry is evicted from the dynamic
table prior to inserting the new entry.
5. Primitive Type Representations 5. Primitive Type Representations
HPACK encoding uses two primitive types: unsigned variable length HPACK encoding uses two primitive types: unsigned variable length
integers, and strings of octets. integers, and strings of octets.
5.1. Integer Representation 5.1. Integer Representation
Integers are used to represent name indexes, pair indexes or string Integers are used to represent name indexes, header field indexes or
lengths. To allow for optimized processing, an integer string lengths. An integer representation can start anywhere within
an octet. To allow for optimized processing, an integer
representation always finishes at the end of an octet. representation always finishes at the end of an octet.
An integer is represented in two parts: a prefix that fills the An integer is represented in two parts: a prefix that fills the
current octet and an optional list of octets that are used if the current octet and an optional list of octets that are used if the
integer value does not fit within the prefix. The number of bits of integer value does not fit within the prefix. The number of bits of
the prefix (called N) is a parameter of the integer representation. the prefix (called N) is a parameter of the integer representation.
If the integer value is small enough, i.e., strictly less than 2^N-1,
it is encoded within the N-bit prefix.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| ? | ? | ? | Value (N) | | ? | ? | ? | Value |
+---+---+---+-------------------+ +---+---+---+-------------------+
Figure 2: Integer Value Encoded within the Prefix (shown for N = 5) Figure 2: Integer Value Encoded within the Prefix (shown for N = 5)
If the integer value is small enough, i.e. strictly less than 2^N-1, Otherwise, all the bits of the prefix are set to 1 and the value,
it is encoded within the N-bit prefix. decreased by 2^N-1, is encoded using a list of one or more octets.
The most significant bit of each octet is used as a continuation
flag: its value is set to 1 except for the last octet in the list.
The remaining bits of the octets are used to encode the decreased
value.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| ? | ? | ? | 1 1 1 1 1 | | ? | ? | ? | 1 1 1 1 1 |
+---+---+---+-------------------+ +---+---+---+-------------------+
| 1 | Value-(2^N-1) LSB (7) | | 1 | Value-(2^N-1) LSB |
+---+---------------------------+ +---+---------------------------+
... ...
+---+---------------------------+ +---+---------------------------+
| 0 | Value-(2^N-1) MSB (7) | | 0 | Value-(2^N-1) MSB |
+---+---------------------------+ +---+---------------------------+
Figure 3: Integer Value Encoded after the Prefix (shown for N = 5) Figure 3: Integer Value Encoded after the Prefix (shown for N = 5)
Otherwise, all the bits of the prefix are set to 1 and the value,
decreased by 2^N-1, is encoded using a list of one or more octets.
The most significant bit of each octet is used as a continuation
flag: its value is set to 1 except for the last octet in the list.
The remaining bits of the octets are used to encode the decreased
value.
Decoding the integer value from the list of octets starts by Decoding the integer value from the list of octets starts by
reversing the order of the octets in the list. Then, for each octet, reversing the order of the octets in the list. Then, for each octet,
its most significant bit is removed. The remaining bits of the its most significant bit is removed. The remaining bits of the
octets are concatenated and the resulting value is increased by 2^N-1 octets are concatenated and the resulting value is increased by 2^N-1
to obtain the integer value. to obtain the integer value.
The prefix size, N, is always between 1 and 8 bits. An integer The prefix size, N, is always between 1 and 8 bits. An integer
starting at an octet-boundary will have an 8-bit prefix. starting at an octet-boundary will have an 8-bit prefix.
Pseudo-code to represent an integer I is as follows: Pseudo-code to represent an integer I is as follows:
skipping to change at page 12, line 41 skipping to change at page 13, line 24
M = M + 7 M = M + 7
while B & 128 == 128 while B & 128 == 128
return I return I
Examples illustrating the encoding of integers are available in Examples illustrating the encoding of integers are available in
Appendix C.1. Appendix C.1.
This integer representation allows for values of indefinite size. It This integer representation allows for values of indefinite size. It
is also possible for an encoder to send a large number of zero is also possible for an encoder to send a large number of zero
values, which can waste octets and could be used to overflow integer values, which can waste octets and could be used to overflow integer
values. Excessively large integer encodings - in value or octet values. Integer encodings that exceed an implementation limits - in
length - MUST be treated as a decoding error. Different limits can value or octet length - MUST be treated as a decoding error.
be set for each of the different uses of integers, based on Different limits can be set for each of the different uses of
implementation constraints. integers, based on implementation constraints.
5.2. String Literal Representation 5.2. String Literal Representation
Header field names and header field values can be represented as Header field names and header field values can be represented as
literal string. A literal string is encoded as a sequence of octets, literal strings. A literal string is encoded as a sequence of
either by directly encoding the literal string's octets, or by using octets, either by directly encoding the literal string's octets, or
a Huffman code (see [HUFFMAN]). by using a Huffman code (see [HUFFMAN]).
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| H | String Length (7+) | | H | String Length (7+) |
+---+---------------------------+ +---+---------------------------+
| String Data (Length octets) | | String Data (Length octets) |
+-------------------------------+ +-------------------------------+
Figure 4: String Literal Representation Figure 4: String Literal Representation
skipping to change at page 14, line 21 skipping to change at page 15, line 6
added to the decoded header list, as described in Section 3.2. added to the decoded header list, as described in Section 3.2.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| 1 | Index (7+) | | 1 | Index (7+) |
+---+---------------------------+ +---+---------------------------+
Figure 5: Indexed Header Field Figure 5: Indexed Header Field
An indexed header field starts with the '1' 1-bit pattern, followed An indexed header field starts with the '1' 1-bit pattern, followed
by the index of the matching pair, represented as an integer with a by the index of the matching header field, represented as an integer
7-bit prefix (see Section 5.1). with a 7-bit prefix (see Section 5.1).
The index value of 0 is not used. It MUST be treated as a decoding The index value of 0 is not used. It MUST be treated as a decoding
error if found in an indexed header field representation. error if found in an indexed header field representation.
6.2. Literal Header Field Representation 6.2. Literal Header Field Representation
A literal header field representation contains a literal header field A literal header field representation contains a literal header field
value. Header field names are either provided as a literal or by value. Header field names are either provided as a literal or by
reference to an existing table entry, either from the static table or reference to an existing table entry, either from the static table or
the dynamic table (see Section 2.3). the dynamic table (see Section 2.3).
skipping to change at page 18, line 17 skipping to change at page 19, line 6
| 0 | 0 | 1 | Max size (5+) | | 0 | 0 | 1 | Max size (5+) |
+---+---------------------------+ +---+---------------------------+
Figure 12: Maximum Dynamic Table Size Change Figure 12: Maximum Dynamic Table Size Change
A dynamic table size update starts with the '001' 3-bit pattern, A dynamic table size update starts with the '001' 3-bit pattern,
followed by the new maximum size, represented as an integer with a followed by the new maximum size, represented as an integer with a
5-bit prefix (see Section 5.1). 5-bit prefix (see Section 5.1).
The new maximum size MUST be lower than or equal to the last value of The new maximum size MUST be lower than or equal to the last value of
the SETTINGS_HEADER_TABLE_SIZE parameter (see Section 6.5.2 of the maximum size of the dynamic table. A value that exceeds this
[HTTP2]) received from the decoder and acknowledged by the encoder limit MUST be treated as a decoding error. In HTTP/2, this limit is
(see Section 6.5.3 of [HTTP2]). the last value of the SETTINGS_HEADER_TABLE_SIZE parameter (see
Section 6.5.2 of [HTTP2]) received from the decoder and acknowledged
by the encoder (see Section 6.5.3 of [HTTP2]).
Reducing the maximum size of the dynamic table can cause entries to Reducing the maximum size of the dynamic table can cause entries to
be evicted (see Section 4.3). be evicted (see Section 4.3).
7. Security Considerations 7. Security Considerations
This section describes potential areas of security concern with This section describes potential areas of security concern with
HPACK: HPACK:
o Use of compression as a length-based oracle for verifying guesses o Use of compression as a length-based oracle for verifying guesses
skipping to change at page 19, line 5 skipping to change at page 19, line 42
requests or responses. requests or responses.
The compression context used to encode header fields can be probed by The compression context used to encode header fields can be probed by
an attacker who can both define header fields to be encoded and an attacker who can both define header fields to be encoded and
transmitted and observe the length of those fields once they are transmitted and observe the length of those fields once they are
encoded. When an attacker can do both, they can adaptively modify encoded. When an attacker can do both, they can adaptively modify
requests in order to confirm guesses about the dynamic table state. requests in order to confirm guesses about the dynamic table state.
If a guess is compressed into a shorter length, the attacker can If a guess is compressed into a shorter length, the attacker can
observe the encoded length and infer that the guess was correct. observe the encoded length and infer that the guess was correct.
This is possible even over TLS, because while TLS provides This is possible even over the Transport Layer Security Protocol
confidentiality protection for content, it only provides a limited (TLS, see [TLS12]), because while TLS provides confidentiality
amount of protection for the length of that content. protection for content, it only provides a limited amount of
protection for the length of that content.
Note: Padding schemes only provide limited protection against an Note: Padding schemes only provide limited protection against an
attacker with these capabilities, potentially only forcing an attacker with these capabilities, potentially only forcing an
increased number of guesses to learn the length associated with a increased number of guesses to learn the length associated with a
given guess. Padding schemes also work directly against given guess. Padding schemes also work directly against
compression by increasing the number of bits that are transmitted. compression by increasing the number of bits that are transmitted.
Attacks like CRIME [CRIME] demonstrated the existence of these Attacks like CRIME [CRIME] demonstrated the existence of these
general attacker capabilities. The specific attack exploited the general attacker capabilities. The specific attack exploited the
fact that DEFLATE [DEFLATE] removes redundancy based on prefix fact that DEFLATE [DEFLATE] removes redundancy based on prefix
matching. This permitted the attacker to confirm guesses a character matching. This permitted the attacker to confirm guesses a character
at a time, reducing an exponential-time attack into a linear-time at a time, reducing an exponential-time attack into a linear-time
attack. attack.
7.1.1. Applicability to HPACK and HTTP 7.1.1. Applicability to HPACK and HTTP
HPACK mitigates but does not completely prevent attacks modelled on HPACK mitigates but does not completely prevent attacks modeled on
CRIME [CRIME] by forcing a guess to match an entire header field CRIME [CRIME] by forcing a guess to match an entire header field
value, rather than individual characters. An attacker can only learn value, rather than individual characters. An attacker can only learn
whether a guess is correct or not, so is reduced to a brute force whether a guess is correct or not, so is reduced to a brute force
guess for the header field values. guess for the header field values.
The viability of recovering specific header field values therefore The viability of recovering specific header field values therefore
depends on the entropy of values. As a result, values with high depends on the entropy of values. As a result, values with high
entropy are unlikely to be recovered successfully. However, values entropy are unlikely to be recovered successfully. However, values
with low entropy remain vulnerable. with low entropy remain vulnerable.
skipping to change at page 20, line 28 skipping to change at page 21, line 20
entity that is constructing header fields. Header field values that entity that is constructing header fields. Header field values that
are added to the table are attributed to an entity, and only the are added to the table are attributed to an entity, and only the
entity that created a particular value can extract that value. entity that created a particular value can extract that value.
To improve compression performance of this option, certain entries To improve compression performance of this option, certain entries
might be tagged as being public. For example, a web browser might might be tagged as being public. For example, a web browser might
make the values of the Accept-Encoding header field available in all make the values of the Accept-Encoding header field available in all
requests. requests.
An encoder without good knowledge of the provenance of header fields An encoder without good knowledge of the provenance of header fields
might instead introduce a penalty for bad guesses, such that attempts might instead introduce a penalty for a header field with many
to guess a header field value results in all values being removed different values, such that a large number of attempts to guess a
from consideration in all future requests, effectively preventing header field value results in the header field no more being compared
further guesses. to the dynamic table entries in future messages, effectively
preventing further guesses.
Note: Simply removing values from the dynamic table can be Note: Simply removing entries corresponding to the header field from
ineffectual if the attacker has a reliable way of causing values the dynamic table can be ineffectual if the attacker has a
to be reinstalled. For example, a request to load an image in a reliable way of causing values to be reinstalled. For example, a
web browser typically includes the Cookie header field (a request to load an image in a web browser typically includes the
potentially highly valued target for this sort of attack), and web Cookie header field (a potentially highly valued target for this
sites can easily force an image to be loaded, thereby refreshing sort of attack), and web sites can easily force an image to be
the entry in the dynamic table. loaded, thereby refreshing the entry in the dynamic table.
This response might be made inversely proportional to the length of This response might be made inversely proportional to the length of
the header field. Marking as inaccessible might occur for shorter the header field value. Marking a header field as not using the
values more quickly or with higher probability than for longer dynamic table any more might occur for shorter values more quickly or
values. with higher probability than for longer values.
Implementations might also choose to protect certain header fields
that are known to be highly valued, such as the Authorization or
Cookie header fields, by disabling or further limiting compression.
7.1.3. Never Indexed Literals 7.1.3. Never Indexed Literals
Implementations can also choose to protect sensitive header fields by
not compressing them and instead encoding their value as literals.
Refusing to generate an indexed representation for a header field is Refusing to generate an indexed representation for a header field is
only effective if compression is avoided on all hops. The never only effective if compression is avoided on all hops. The never
indexed literal (see Section 6.2.3) can be used to signal to indexed literal (see Section 6.2.3) can be used to signal to
intermediaries that a particular value was intentionally sent as a intermediaries that a particular value was intentionally sent as a
literal. An intermediary MUST NOT re-encode a value that uses the literal.
never indexed literal with a representation that would index it.
An intermediary MUST NOT re-encode a value that uses the never
indexed literal representation with another representation that would
index it. If HPACK is used for re-encoding, the never indexed
literal representation MUST be used.
The choice to use a never indexed literal representation for a header
field depends on several factors. Since HPACK doesn't protect
against guessing an entire header field value, short or low-entropy
values are more readily recovered by an adversary. Therefore, an
encoder might choose not to index values with low entropy.
An encoder might also choose not to index values for header fields
that are considered to be highly valuable or sensitive to recovery,
such as the Cookie or Authorization header fields.
On the contrary, an encoder might prefer indexing values for header
fields that have little or no value if they were exposed. For
instance, a User-Agent header field does not commonly vary between
requests and is sent to any server. In that case, confirmation that
a particular User-Agent value has been used provides little value.
Note that these criteria for deciding to use a never indexed literal
representation will evolve over time as new attacks are discovered.
7.2. Static Huffman Encoding 7.2. Static Huffman Encoding
There is no currently known attack against a fixed Huffman encoding. There is no currently known attack against a static Huffman encoding.
A study has shown that using a fixed Huffman encoding table created A study has shown that using a static Huffman encoding table created
an information leakage, however this same study concluded that an an information leakage, however this same study concluded that an
attacker could not take advantage of this information leakage to attacker could not take advantage of this information leakage to
recover any meaningful amount of information (see [PETAL]). recover any meaningful amount of information (see [PETAL]).
7.3. Memory Consumption 7.3. Memory Consumption
An attacker can try to cause an endpoint to exhaust its memory. An attacker can try to cause an endpoint to exhaust its memory.
HPACK is designed to limit both the peak and state amounts of memory HPACK is designed to limit both the peak and state amounts of memory
allocated by an endpoint. allocated by an endpoint.
The amount of memory used by the compressor state is limited by the The amount of memory used by the compressor is limited by the
decoder using the value of the HTTP/2 setting parameter protocol using HPACK through the definition of the maximum size of
SETTINGS_HEADER_TABLE_SIZE (see Section 6.5.2 of [HTTP2]). This the dynamic table. In HTTP/2, this value is controlled by the
limit takes into account both the size of the data stored in the decoder through the setting parameter SETTINGS_HEADER_TABLE_SIZE (see
dynamic table, plus a small allowance for overhead. Section 6.5.2 of [HTTP2]). This limit takes into account both the
size of the data stored in the dynamic table, plus a small allowance
for overhead.
A decoder can limit the amount of state memory used by setting an A decoder can limit the amount of state memory used by setting an
appropriate value for the SETTINGS_HEADER_TABLE_SIZE parameter. An appropriate value for the maximum size of the dynamic table. In
encoder can limit the amount of state memory it uses by signalling HTTP/2, this is realized by setting an appropriate value for the
lower dynamic table size than the decoder allows (see Section 6.3). SETTINGS_HEADER_TABLE_SIZE parameter. An encoder can limit the
amount of state memory it uses by signaling lower dynamic table size
than the decoder allows (see Section 6.3).
The amount of temporary memory consumed by an encoder or decoder can The amount of temporary memory consumed by an encoder or decoder can
be limited by processing header fields sequentially. An be limited by processing header fields sequentially. An
implementation does not need to retain a complete list of header implementation does not need to retain a complete list of header
fields. Note however that it might be necessary for an application fields. Note however that it might be necessary for an application
to retain a complete header list for other reasons; even though HPACK to retain a complete header list for other reasons; even though HPACK
does not force this to occur, application constraints might make this does not force this to occur, application constraints might make this
necessary. necessary.
7.4. Implementation Limits 7.4. Implementation Limits
An implementation of HPACK needs to ensure that large values for An implementation of HPACK needs to ensure that large values for
integers, long encoding for integers, or long string literals do not integers, long encoding for integers, or long string literals do not
create security weaknesses. create security weaknesses.
An implementation has to set a limit for the values it accepts for An implementation has to set a limit for the values it accepts for
integers, as well as for the encoded length (see Section 5.1). In integers, as well as for the encoded length (see Section 5.1). In
the same way, it has to set a limit to the length it accepts for the same way, it has to set a limit to the length it accepts for
string literals (see Section 5.2). string literals (see Section 5.2).
8. Acknowledgements 8. IANA Considerations
This document has no IANA actions.
9. Acknowledgments
This specification includes substantial input from the following This specification includes substantial input from the following
individuals: individuals:
o Mike Bishop, Jeff Pinner, Julian Reschke, Martin Thomson o Mike Bishop, Jeff Pinner, Julian Reschke, Martin Thomson
(substantial editorial contributions). (substantial editorial contributions).
o Johnny Graettinger (Huffman code statistics). o Johnny Graettinger (Huffman code statistics).
9. References 10. References
9.1. Normative References 10.1. Normative References
[HTTP2] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext [HTTP2] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol version 2", draft-ietf-httpbis-http2-16 Transfer Protocol version 2", draft-ietf-httpbis-http2-17
(work in progress), October 2014. (work in progress), February 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", RFC Protocol (HTTP/1.1): Message Syntax and Routing", RFC
7230, June 2014. 7230, June 2014.
9.2. Informative References 10.2. Informative References
[CANONICAL] [CANONICAL]
Schwartz, E. and B. Kallick, "Generating a canonical Schwartz, E. and B. Kallick, "Generating a canonical
prefix encoding", Communications of the ACM Volume 7 Issue prefix encoding", Communications of the ACM Volume 7 Issue
3, pp. 166-169, March 1964, <https://dl.acm.org/ 3, pp. 166-169, March 1964, <https://dl.acm.org/
citation.cfm?id=363991>. citation.cfm?id=363991>.
[CRIME] Rizzo, J. and T. Duong, "The CRIME Attack", September [CRIME] Rizzo, J. and T. Duong, "The CRIME Attack", September
2012, <https://docs.google.com/a/twist.com/presentation/ 2012, <https://docs.google.com/a/twist.com/presentation/
d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/ d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU>.
edit#slide=id.g1eb6c1b5_3_6>.
[DEFLATE] Deutsch, P., "DEFLATE Compressed Data Format Specification [DEFLATE] Deutsch, P., "DEFLATE Compressed Data Format Specification
version 1.3", RFC 1951, May 1996. version 1.3", RFC 1951, May 1996.
[HUFFMAN] Huffman, D., "A Method for the Construction of Minimum [HUFFMAN] Huffman, D., "A Method for the Construction of Minimum
Redundancy Codes", Proceedings of the Institute of Radio Redundancy Codes", Proceedings of the Institute of Radio
Engineers Volume 40, Number 9, pp. 1098-1101, September Engineers Volume 40, Number 9, pp. 1098-1101, September
1952, <https://ieeexplore.ieee.org/xpl/ 1952, <http://ieeexplore.ieee.org/xpl/
articleDetails.jsp?arnumber=4051119>. articleDetails.jsp?arnumber=4051119>.
[ORIGIN] Barth, A., "The Web Origin Concept", RFC 6454, December [ORIGIN] Barth, A., "The Web Origin Concept", RFC 6454, December
2011. 2011.
[PETAL] Tan, J. and J. Nahata, "PETAL: Preset Encoding [PETAL] Tan, J. and J. Nahata, "PETAL: Preset Encoding
Table Information Leakage", April 2013, Table Information Leakage", April 2013,
<http://www.pdl.cmu.edu/PDL-FTP/associated/ <http://www.pdl.cmu.edu/PDL-FTP/associated/
CMU-PDL-13-106.pdf>. CMU-PDL-13-106.pdf>.
[SPDY] Belshe, M. and R. Peon, "SPDY Protocol", draft-mbelshe- [SPDY] Belshe, M. and R. Peon, "SPDY Protocol", draft-mbelshe-
httpbis-spdy-00 (work in progress), February 2012. httpbis-spdy-00 (work in progress), February 2012.
[TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
Appendix A. Static Table Definition Appendix A. Static Table Definition
The static table (see Section 2.3.1) consists of a predefined and The static table (see Section 2.3.1) consists in a predefined and
unchangeable list of header fields. unchangeable list of header fields.
The static table was created by listing the most common header fields The static table was created by listing the most common header fields
that are valid for messages exchanged inside a HTTP/2 connection. that are valid for messages exchanged inside a HTTP/2 connection.
For header fields with a few frequent values, an entry was added for For header fields with a few frequent values, an entry was added for
each of these frequent values. For other header fields, an entry was each of these frequent values. For other header fields, an entry was
added with an empty value. added with an empty value.
The following table lists the pre-defined header fields that make-up The following table lists the predefined header fields that make-up
the static table. the static table.
+-------+-----------------------------+---------------+ +-------+-----------------------------+---------------+
| Index | Header Name | Header Value | | Index | Header Name | Header Value |
+-------+-----------------------------+---------------+ +-------+-----------------------------+---------------+
| 1 | :authority | | | 1 | :authority | |
| 2 | :method | GET | | 2 | :method | GET |
| 3 | :method | POST | | 3 | :method | POST |
| 4 | :path | / | | 4 | :path | / |
| 5 | :path | /index.html | | 5 | :path | /index.html |
skipping to change at page 26, line 20 skipping to change at page 27, line 20
code as bits: The Huffman code for the symbol represented as a code as bits: The Huffman code for the symbol represented as a
base-2 integer, aligned on the most significant bit (MSB). base-2 integer, aligned on the most significant bit (MSB).
code as hex: The Huffman code for the symbol, represented as a code as hex: The Huffman code for the symbol, represented as a
hexadecimal integer, aligned on the least significant bit (LSB). hexadecimal integer, aligned on the least significant bit (LSB).
len: The number of bits for the code representing the symbol. len: The number of bits for the code representing the symbol.
As an example, the code for the symbol 47 (corresponding to the ASCII As an example, the code for the symbol 47 (corresponding to the ASCII
character "/") consists in the 6 bits "0", "1", "1", "0", "0", "0". character "/") consists in the 6 bits "0", "1", "1", "0", "0", "0".
This corresponds to the value 0x18 (in hexadecimal) encoded on 6 This corresponds to the value 0x18 (in hexadecimal) encoded in 6
bits. bits.
code code
code as bits as hex len code as bits as hex len
sym aligned to MSB aligned in sym aligned to MSB aligned in
to LSB bits to LSB bits
( 0) |11111111|11000 1ff8 [13] ( 0) |11111111|11000 1ff8 [13]
( 1) |11111111|11111111|1011000 7fffd8 [23] ( 1) |11111111|11111111|1011000 7fffd8 [23]
( 2) |11111111|11111111|11111110|0010 fffffe2 [28] ( 2) |11111111|11111111|11111110|0010 fffffe2 [28]
( 3) |11111111|11111111|11111110|0011 fffffe3 [28] ( 3) |11111111|11111111|11111110|0011 fffffe3 [28]
skipping to change at page 32, line 46 skipping to change at page 33, line 46
26 + 128 == 154 26 + 128 == 154
154 is encoded in 8 bits as: 10011010 154 is encoded in 8 bits as: 10011010
I is set to 10 (1306 / 128 == 10) I is set to 10 (1306 / 128 == 10)
I is no longer greater than or equal to 128, the while loop I is no longer greater than or equal to 128, the while loop
terminates. terminates.
I, now 10, is encoded on 8 bits as: 00001010. I, now 10, is encoded in 8 bits as: 00001010.
The process ends. The process ends.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| X | X | X | 1 | 1 | 1 | 1 | 1 | Prefix = 31, I = 1306 | X | X | X | 1 | 1 | 1 | 1 | 1 | Prefix = 31, I = 1306
| 1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1306>=128, encode(154), I=1306/128 | 1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1306>=128, encode(154), I=1306/128
| 0 | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 10<128, encode(10), done | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 10<128, encode(10), done
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
skipping to change at page 54, line 4 skipping to change at page 55, line 4
Decoded header list: Decoded header list:
:status: 200 :status: 200
cache-control: private cache-control: private
date: Mon, 21 Oct 2013 20:13:22 GMT date: Mon, 21 Oct 2013 20:13:22 GMT
location: https://www.example.com location: https://www.example.com
content-encoding: gzip content-encoding: gzip
set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1 set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1
Appendix D. Change Log (to be removed by RFC Editor before publication) Appendix D. Change Log (to be removed by RFC Editor before publication)
D.1. Since draft-ietf-httpbis-header-compression-09 D.1. Since draft-ietf-httpbis-header-compression-10
o Editorial corrections for taking into account IETF LC comments.
* Added links to security sections.
* Made spec more independent of HTTP/2.
* Expanded security section about never indexed literal usage.
o Removed most usages of 'name-value pair' instead of header field.
o Changed 'header table' to 'header field table'.
D.2. Since draft-ietf-httpbis-header-compression-09
o Renamed header table to dynamic table. o Renamed header table to dynamic table.
o Updated integer representation. o Updated integer representation.
o Editorial corrections. o Editorial corrections.
D.2. Since draft-ietf-httpbis-header-compression-08 D.3. Since draft-ietf-httpbis-header-compression-08
o Removed the reference set. o Removed the reference set.
o Removed header emission. o Removed header emission.
o Explicit handling of several SETTINGS_HEADER_TABLE_SIZE parameter o Explicit handling of several SETTINGS_HEADER_TABLE_SIZE parameter
changes. changes.
o Changed header set to header list, and forced ordering. o Changed header set to header list, and forced ordering.
o Updated examples. o Updated examples.
o Exchanged header and static table positions. o Exchanged header and static table positions.
D.3. Since draft-ietf-httpbis-header-compression-07 D.4. Since draft-ietf-httpbis-header-compression-07
o Removed old text on index value of 0. o Removed old text on index value of 0.
o Added clarification for signalling of maximum table size after a o Added clarification for signalling of maximum table size after a
SETTINGS_HEADER_TABLE_SIZE update. SETTINGS_HEADER_TABLE_SIZE update.
o Rewrote security considerations. o Rewrote security considerations.
o Many editorial clarifications or improvements. o Many editorial clarifications or improvements.
o Added convention section. o Added convention section.
o Reworked document's outline. o Reworked document's outline.
o Updated static table. Entry 16 has now "gzip, deflate" for value. o Updated static table. Entry 16 has now "gzip, deflate" for value.
o Updated Huffman table, using data set provided by Google. o Updated Huffman table, using data set provided by Google.
D.4. Since draft-ietf-httpbis-header-compression-06 D.5. Since draft-ietf-httpbis-header-compression-06
o Updated format to include literal headers that must never be o Updated format to include literal headers that must never be
compressed. compressed.
o Updated security considerations. o Updated security considerations.
o Moved integer encoding examples to the appendix. o Moved integer encoding examples to the appendix.
o Updated Huffman table. o Updated Huffman table.
o Updated static header table (adding and removing status values). o Updated static header table (adding and removing status values).
o Updated examples. o Updated examples.
D.5. Since draft-ietf-httpbis-header-compression-05 D.6. Since draft-ietf-httpbis-header-compression-05
o Regenerated examples. o Regenerated examples.
o Only one Huffman table for requests and responses. o Only one Huffman table for requests and responses.
o Added maximum size for dynamic table, independent of o Added maximum size for dynamic table, independent of
SETTINGS_HEADER_TABLE_SIZE. SETTINGS_HEADER_TABLE_SIZE.
o Added pseudo-code for integer decoding. o Added pseudo-code for integer decoding.
o Improved examples (removing unnecessary removals). o Improved examples (removing unnecessary removals).
D.6. Since draft-ietf-httpbis-header-compression-04 D.7. Since draft-ietf-httpbis-header-compression-04
o Updated examples: take into account changes in the spec, and show o Updated examples: take into account changes in the spec, and show
more features. more features.
o Use 'octet' everywhere instead of having both 'byte' and 'octet'. o Use 'octet' everywhere instead of having both 'byte' and 'octet'.
o Added reference set emptying. o Added reference set emptying.
o Editorial changes and clarifications. o Editorial changes and clarifications.
o Added "host" header to the static table. o Added "host" header to the static table.
o Ordering for list of values (either NULL- or comma-separated). o Ordering for list of values (either NULL- or comma-separated).
D.7. Since draft-ietf-httpbis-header-compression-03 D.8. Since draft-ietf-httpbis-header-compression-03
o A large number of editorial changes; changed the description of o A large number of editorial changes; changed the description of
evicting/adding new entries. evicting/adding new entries.
o Removed substitution indexing o Removed substitution indexing
o Changed 'initial headers' to 'static headers', as per issue #258 o Changed 'initial headers' to 'static headers', as per issue #258
o Merged 'request' and 'response' static headers, as per issue #259 o Merged 'request' and 'response' static headers, as per issue #259
o Changed text to indicate that new headers are added at index 0 and o Changed text to indicate that new headers are added at index 0 and
expire from the largest index, as per issue #233 expire from the largest index, as per issue #233
D.8. Since draft-ietf-httpbis-header-compression-02 D.9. Since draft-ietf-httpbis-header-compression-02
o Corrected error in integer encoding pseudocode. o Corrected error in integer encoding pseudocode.
D.9. Since draft-ietf-httpbis-header-compression-01 D.10. Since draft-ietf-httpbis-header-compression-01
o Refactored of Header Encoding Section: split definitions and o Refactored of Header Encoding Section: split definitions and
processing rule. processing rule.
o Backward incompatible change: Updated reference set management as o Backward incompatible change: Updated reference set management as
per issue #214. This changes how the interaction between the per issue #214. This changes how the interaction between the
reference set and eviction works. This also changes the working reference set and eviction works. This also changes the working
of the reference set in some specific cases. of the reference set in some specific cases.
o Backward incompatible change: modified initial header list, as per o Backward incompatible change: modified initial header list, as per
skipping to change at page 56, line 34 skipping to change at page 57, line 48
o Added example of 32 octets entry structure (issue #191). o Added example of 32 octets entry structure (issue #191).
o Added Header Set Completion section. Reflowed some text. o Added Header Set Completion section. Reflowed some text.
Clarified some writing which was akward. Added text about Clarified some writing which was akward. Added text about
duplicate header entry encoding. Clarified some language w.r.t duplicate header entry encoding. Clarified some language w.r.t
Header Set. Changed x-my-header to mynewheader. Added text in Header Set. Changed x-my-header to mynewheader. Added text in
the HeaderEmission section indicating that the application may the HeaderEmission section indicating that the application may
also be able to free up memory more quickly. Added information in also be able to free up memory more quickly. Added information in
Security Considerations section. Security Considerations section.
D.10. Since draft-ietf-httpbis-header-compression-00 D.11. Since draft-ietf-httpbis-header-compression-00
Fixed bug/omission in integer representation algorithm. Fixed bug/omission in integer representation algorithm.
Changed the document title. Changed the document title.
Header matching text rewritten. Header matching text rewritten.
Changed the definition of header emission. Changed the definition of header emission.
Changed the name of the setting which dictates how much memory the Changed the name of the setting which dictates how much memory the
 End of changes. 83 change blocks. 
219 lines changed or deleted 297 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/