draft-ietf-httpbis-origin-frame-02.txt | draft-ietf-httpbis-origin-frame-03.txt | |||
---|---|---|---|---|
HTTP Working Group M. Nottingham | HTTP Working Group M. Nottingham | |||
Internet-Draft E. Nygren | Internet-Draft | |||
Intended status: Standards Track Akamai | Intended status: Standards Track E. Nygren | |||
Expires: August 17, 2017 February 13, 2017 | Expires: October 22, 2017 Akamai | |||
April 20, 2017 | ||||
The ORIGIN HTTP/2 Frame | The ORIGIN HTTP/2 Frame | |||
draft-ietf-httpbis-origin-frame-02 | draft-ietf-httpbis-origin-frame-03 | |||
Abstract | Abstract | |||
This document specifies the ORIGIN frame for HTTP/2, to indicate what | This document specifies the ORIGIN frame for HTTP/2, to indicate what | |||
origins are available on a given connection. | origins are available on a given connection. | |||
Note to Readers | Note to Readers | |||
Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 42 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on August 17, 2017. | This Internet-Draft will expire on October 22, 2017. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 31 ¶ | |||
2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3 | 2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3 | |||
2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4 | 2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4 | |||
2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5 | 2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5 | |||
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
5.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 5.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
5.2. Informative References . . . . . . . . . . . . . . . . . 7 | 5.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7 | Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7 | |||
Appendix B. Operational Considerations for Servers . . . . . . . 8 | Appendix B. Operational Considerations for Servers . . . . . . . 8 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
1. Introduction | 1. Introduction | |||
HTTP/2 [RFC7540] allows clients to coalesce different origins | HTTP/2 [RFC7540] allows clients to coalesce different origins | |||
[RFC6454] onto the same connection when certain conditions are met. | [RFC6454] onto the same connection when certain conditions are met. | |||
However, in certain cases, a connection is is not usable for a | However, in certain cases, a connection is is not usable for a | |||
coalesced origin, so the 421 (Misdirected Request) status code | coalesced origin, so the 421 (Misdirected Request) status code | |||
([RFC7540], Section 9.1.2) was defined. | ([RFC7540], Section 9.1.2) was defined. | |||
Using a status code in this manner allows clients to recover from | Using a status code in this manner allows clients to recover from | |||
skipping to change at page 3, line 20 ¶ | skipping to change at page 3, line 20 ¶ | |||
2. The ORIGIN HTTP/2 Frame | 2. The ORIGIN HTTP/2 Frame | |||
The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to | The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to | |||
indicate what origin(s) [RFC6454] the server would like the client to | indicate what origin(s) [RFC6454] the server would like the client to | |||
consider as members of the Origin Set (Section 2.3) for the | consider as members of the Origin Set (Section 2.3) for the | |||
connection it occurs within. | connection it occurs within. | |||
2.1. Syntax | 2.1. Syntax | |||
The ORIGIN frame type is 0xb (decimal 11). | The ORIGIN frame type is 0xc (decimal 12). | |||
+-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| Origin-Len (16) | ASCII-Origin? (*) ... | | Origin-Len (16) | ASCII-Origin? (*) ... | |||
+-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
The ORIGIN frame's payload contains the following fields, sets of | The ORIGIN frame's payload contains the following fields, sets of | |||
which may be repeated within the frame to indicate multiple origins: | which may be repeated within the frame to indicate multiple origins: | |||
Origin-Len: An unsigned, 16-bit integer indicating the length, in | Origin-Len: An unsigned, 16-bit integer indicating the length, in | |||
octets, of the ASCII-Origin field. | octets, of the ASCII-Origin field. | |||
skipping to change at page 4, line 15 ¶ | skipping to change at page 4, line 12 ¶ | |||
Likewise, the ORIGIN frame is only valid on connections with the "h2" | Likewise, the ORIGIN frame is only valid on connections with the "h2" | |||
protocol identifier, or when specifically nominated by the protocol's | protocol identifier, or when specifically nominated by the protocol's | |||
definition; it MUST be ignored when received on a connection with the | definition; it MUST be ignored when received on a connection with the | |||
"h2c" protocol identifier. | "h2c" protocol identifier. | |||
This specification does not define any flags for the ORIGIN frame, | This specification does not define any flags for the ORIGIN frame, | |||
but future updates might use them to change its semantics. The first | but future updates might use them to change its semantics. The first | |||
four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards- | four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards- | |||
incompatible changes, and therefore when any of them are set, the | incompatible changes, and therefore when any of them are set, the | |||
ORIGIN frame containing them MUST be ignored by clients conforming to | ORIGIN frame containing them MUST be ignored by clients conforming to | |||
this specification. The remaining flags are reserved for backwards- | this specification, unless the flag's semantics are understood. The | |||
compatible changes, and do not affect processing by clients | remaining flags are reserved for backwards-compatible changes, and do | |||
conformant to this specification. | not affect processing by clients conformant to this specification. | |||
The ORIGIN frame describes a property of the connection, and | The ORIGIN frame describes a property of the connection, and | |||
therefore is processed hop-by-hop. An intermediary MUST NOT forward | therefore is processed hop-by-hop. An intermediary MUST NOT forward | |||
ORIGIN frames. Clients configured to use a proxy MUST ignore any | ORIGIN frames. Clients configured to use a proxy MUST ignore any | |||
ORIGIN frames received from it. | ORIGIN frames received from it. | |||
Each ASCII-Origin field in the frame's payload MUST be parsed as an | Each ASCII-Origin field in the frame's payload MUST be parsed as an | |||
ASCII serialisation of an origin ([RFC6454], Section 6.2). If | ASCII serialisation of an origin ([RFC6454], Section 6.2). If | |||
parsing fails, the field MUST be ignored. | parsing fails, the field MUST be ignored. | |||
skipping to change at page 6, line 11 ¶ | skipping to change at page 6, line 11 ¶ | |||
clients SHOULD not emit new requests on any connection whose Origin | clients SHOULD not emit new requests on any connection whose Origin | |||
Set is a subset of another connection's Origin Set, and SHOULD close | Set is a subset of another connection's Origin Set, and SHOULD close | |||
it once all outstanding requests are satisfied. | it once all outstanding requests are satisfied. | |||
3. IANA Considerations | 3. IANA Considerations | |||
This specification adds an entry to the "HTTP/2 Frame Type" registry. | This specification adds an entry to the "HTTP/2 Frame Type" registry. | |||
o Frame Type: ORIGIN | o Frame Type: ORIGIN | |||
o Code: 0xb | o Code: 0xc | |||
o Specification: [this document] | o Specification: [this document] | |||
4. Security Considerations | 4. Security Considerations | |||
Clients that blindly trust the ORIGIN frame's contents will be | Clients that blindly trust the ORIGIN frame's contents will be | |||
vulnerable to a large number of attacks. See Section 2.4 for | vulnerable to a large number of attacks. See Section 2.4 for | |||
mitigations. | mitigations. | |||
Relaxing the requirement to consult DNS when determining authority | Relaxing the requirement to consult DNS when determining authority | |||
skipping to change at page 8, line 37 ¶ | skipping to change at page 8, line 37 ¶ | |||
Therefore, the ORIGIN frame ought be sent as soon as possible on a | Therefore, the ORIGIN frame ought be sent as soon as possible on a | |||
connection, ideally before any HEADERS or PUSH_PROMISE frames. | connection, ideally before any HEADERS or PUSH_PROMISE frames. | |||
However, if it's desirable to associate a large number of origins | However, if it's desirable to associate a large number of origins | |||
with a connection, doing so might introduce end-user perceived | with a connection, doing so might introduce end-user perceived | |||
latency, due to their size. As a result, it might be necessary to | latency, due to their size. As a result, it might be necessary to | |||
select a "core" set of origins to send initially, expanding the set | select a "core" set of origins to send initially, expanding the set | |||
of origins the connection is used for with subsequent ORIGIN frames | of origins the connection is used for with subsequent ORIGIN frames | |||
later (e.g., when the connection is idle). | later (e.g., when the connection is idle). | |||
Senders should note that, as per [RFC6454] Section 4, the values in | That said, senders are encouraged to include as many origins as | |||
an ORIGIN header need to be case-normalised before serialisation. | practical within a single ORIGIN frame; clients need to make | |||
decisions about creating connections on the fly, and if the origin | ||||
set is split across many frames, their behaviour might be suboptimal. | ||||
Finally, servers that allow alternative services [RFC7838] will need | Senders take note that, as per [RFC6454] Section 4, the values in an | |||
to explicitly advertise those origins when sending ORIGIN, because | ORIGIN header need to be case-normalised before serialisation. | |||
Finally, servers that host alternative services [RFC7838] will need | ||||
to explicitly advertise their origins when sending ORIGIN, because | ||||
the default contents of the Origin Set (as per Section 2.3) do not | the default contents of the Origin Set (as per Section 2.3) do not | |||
contain any Alternative Services, even if they have been used | contain any Alternative Services' origins, even if they have been | |||
previously on the connection. | used previously on the connection. | |||
Authors' Addresses | Authors' Addresses | |||
Mark Nottingham | Mark Nottingham | |||
Akamai | ||||
Email: mnot@mnot.net | Email: mnot@mnot.net | |||
URI: https://www.mnot.net/ | URI: https://www.mnot.net/ | |||
Erik Nygren | Erik Nygren | |||
Akamai | Akamai | |||
Email: nygren@akamai.com | Email: nygren@akamai.com | |||
End of changes. 12 change blocks. | ||||
18 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |