| draft-ietf-httpbis-origin-frame-02.txt | draft-ietf-httpbis-origin-frame-03.txt | |||
|---|---|---|---|---|
| HTTP Working Group M. Nottingham | HTTP Working Group M. Nottingham | |||
| Internet-Draft E. Nygren | Internet-Draft | |||
| Intended status: Standards Track Akamai | Intended status: Standards Track E. Nygren | |||
| Expires: August 17, 2017 February 13, 2017 | Expires: October 22, 2017 Akamai | |||
| April 20, 2017 | ||||
| The ORIGIN HTTP/2 Frame | The ORIGIN HTTP/2 Frame | |||
| draft-ietf-httpbis-origin-frame-02 | draft-ietf-httpbis-origin-frame-03 | |||
| Abstract | Abstract | |||
| This document specifies the ORIGIN frame for HTTP/2, to indicate what | This document specifies the ORIGIN frame for HTTP/2, to indicate what | |||
| origins are available on a given connection. | origins are available on a given connection. | |||
| Note to Readers | Note to Readers | |||
| Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
| mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 17, 2017. | This Internet-Draft will expire on October 22, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 31 ¶ | |||
| 2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3 | 2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3 | |||
| 2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4 | 2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5 | 2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 5.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 5.2. Informative References . . . . . . . . . . . . . . . . . 7 | 5.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7 | Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7 | |||
| Appendix B. Operational Considerations for Servers . . . . . . . 8 | Appendix B. Operational Considerations for Servers . . . . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 1. Introduction | 1. Introduction | |||
| HTTP/2 [RFC7540] allows clients to coalesce different origins | HTTP/2 [RFC7540] allows clients to coalesce different origins | |||
| [RFC6454] onto the same connection when certain conditions are met. | [RFC6454] onto the same connection when certain conditions are met. | |||
| However, in certain cases, a connection is is not usable for a | However, in certain cases, a connection is is not usable for a | |||
| coalesced origin, so the 421 (Misdirected Request) status code | coalesced origin, so the 421 (Misdirected Request) status code | |||
| ([RFC7540], Section 9.1.2) was defined. | ([RFC7540], Section 9.1.2) was defined. | |||
| Using a status code in this manner allows clients to recover from | Using a status code in this manner allows clients to recover from | |||
| skipping to change at page 3, line 20 ¶ | skipping to change at page 3, line 20 ¶ | |||
| 2. The ORIGIN HTTP/2 Frame | 2. The ORIGIN HTTP/2 Frame | |||
| The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to | The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to | |||
| indicate what origin(s) [RFC6454] the server would like the client to | indicate what origin(s) [RFC6454] the server would like the client to | |||
| consider as members of the Origin Set (Section 2.3) for the | consider as members of the Origin Set (Section 2.3) for the | |||
| connection it occurs within. | connection it occurs within. | |||
| 2.1. Syntax | 2.1. Syntax | |||
| The ORIGIN frame type is 0xb (decimal 11). | The ORIGIN frame type is 0xc (decimal 12). | |||
| +-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| | Origin-Len (16) | ASCII-Origin? (*) ... | | Origin-Len (16) | ASCII-Origin? (*) ... | |||
| +-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| The ORIGIN frame's payload contains the following fields, sets of | The ORIGIN frame's payload contains the following fields, sets of | |||
| which may be repeated within the frame to indicate multiple origins: | which may be repeated within the frame to indicate multiple origins: | |||
| Origin-Len: An unsigned, 16-bit integer indicating the length, in | Origin-Len: An unsigned, 16-bit integer indicating the length, in | |||
| octets, of the ASCII-Origin field. | octets, of the ASCII-Origin field. | |||
| skipping to change at page 4, line 15 ¶ | skipping to change at page 4, line 12 ¶ | |||
| Likewise, the ORIGIN frame is only valid on connections with the "h2" | Likewise, the ORIGIN frame is only valid on connections with the "h2" | |||
| protocol identifier, or when specifically nominated by the protocol's | protocol identifier, or when specifically nominated by the protocol's | |||
| definition; it MUST be ignored when received on a connection with the | definition; it MUST be ignored when received on a connection with the | |||
| "h2c" protocol identifier. | "h2c" protocol identifier. | |||
| This specification does not define any flags for the ORIGIN frame, | This specification does not define any flags for the ORIGIN frame, | |||
| but future updates might use them to change its semantics. The first | but future updates might use them to change its semantics. The first | |||
| four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards- | four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards- | |||
| incompatible changes, and therefore when any of them are set, the | incompatible changes, and therefore when any of them are set, the | |||
| ORIGIN frame containing them MUST be ignored by clients conforming to | ORIGIN frame containing them MUST be ignored by clients conforming to | |||
| this specification. The remaining flags are reserved for backwards- | this specification, unless the flag's semantics are understood. The | |||
| compatible changes, and do not affect processing by clients | remaining flags are reserved for backwards-compatible changes, and do | |||
| conformant to this specification. | not affect processing by clients conformant to this specification. | |||
| The ORIGIN frame describes a property of the connection, and | The ORIGIN frame describes a property of the connection, and | |||
| therefore is processed hop-by-hop. An intermediary MUST NOT forward | therefore is processed hop-by-hop. An intermediary MUST NOT forward | |||
| ORIGIN frames. Clients configured to use a proxy MUST ignore any | ORIGIN frames. Clients configured to use a proxy MUST ignore any | |||
| ORIGIN frames received from it. | ORIGIN frames received from it. | |||
| Each ASCII-Origin field in the frame's payload MUST be parsed as an | Each ASCII-Origin field in the frame's payload MUST be parsed as an | |||
| ASCII serialisation of an origin ([RFC6454], Section 6.2). If | ASCII serialisation of an origin ([RFC6454], Section 6.2). If | |||
| parsing fails, the field MUST be ignored. | parsing fails, the field MUST be ignored. | |||
| skipping to change at page 6, line 11 ¶ | skipping to change at page 6, line 11 ¶ | |||
| clients SHOULD not emit new requests on any connection whose Origin | clients SHOULD not emit new requests on any connection whose Origin | |||
| Set is a subset of another connection's Origin Set, and SHOULD close | Set is a subset of another connection's Origin Set, and SHOULD close | |||
| it once all outstanding requests are satisfied. | it once all outstanding requests are satisfied. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| This specification adds an entry to the "HTTP/2 Frame Type" registry. | This specification adds an entry to the "HTTP/2 Frame Type" registry. | |||
| o Frame Type: ORIGIN | o Frame Type: ORIGIN | |||
| o Code: 0xb | o Code: 0xc | |||
| o Specification: [this document] | o Specification: [this document] | |||
| 4. Security Considerations | 4. Security Considerations | |||
| Clients that blindly trust the ORIGIN frame's contents will be | Clients that blindly trust the ORIGIN frame's contents will be | |||
| vulnerable to a large number of attacks. See Section 2.4 for | vulnerable to a large number of attacks. See Section 2.4 for | |||
| mitigations. | mitigations. | |||
| Relaxing the requirement to consult DNS when determining authority | Relaxing the requirement to consult DNS when determining authority | |||
| skipping to change at page 8, line 37 ¶ | skipping to change at page 8, line 37 ¶ | |||
| Therefore, the ORIGIN frame ought be sent as soon as possible on a | Therefore, the ORIGIN frame ought be sent as soon as possible on a | |||
| connection, ideally before any HEADERS or PUSH_PROMISE frames. | connection, ideally before any HEADERS or PUSH_PROMISE frames. | |||
| However, if it's desirable to associate a large number of origins | However, if it's desirable to associate a large number of origins | |||
| with a connection, doing so might introduce end-user perceived | with a connection, doing so might introduce end-user perceived | |||
| latency, due to their size. As a result, it might be necessary to | latency, due to their size. As a result, it might be necessary to | |||
| select a "core" set of origins to send initially, expanding the set | select a "core" set of origins to send initially, expanding the set | |||
| of origins the connection is used for with subsequent ORIGIN frames | of origins the connection is used for with subsequent ORIGIN frames | |||
| later (e.g., when the connection is idle). | later (e.g., when the connection is idle). | |||
| Senders should note that, as per [RFC6454] Section 4, the values in | That said, senders are encouraged to include as many origins as | |||
| an ORIGIN header need to be case-normalised before serialisation. | practical within a single ORIGIN frame; clients need to make | |||
| decisions about creating connections on the fly, and if the origin | ||||
| set is split across many frames, their behaviour might be suboptimal. | ||||
| Finally, servers that allow alternative services [RFC7838] will need | Senders take note that, as per [RFC6454] Section 4, the values in an | |||
| to explicitly advertise those origins when sending ORIGIN, because | ORIGIN header need to be case-normalised before serialisation. | |||
| Finally, servers that host alternative services [RFC7838] will need | ||||
| to explicitly advertise their origins when sending ORIGIN, because | ||||
| the default contents of the Origin Set (as per Section 2.3) do not | the default contents of the Origin Set (as per Section 2.3) do not | |||
| contain any Alternative Services, even if they have been used | contain any Alternative Services' origins, even if they have been | |||
| previously on the connection. | used previously on the connection. | |||
| Authors' Addresses | Authors' Addresses | |||
| Mark Nottingham | Mark Nottingham | |||
| Akamai | ||||
| Email: mnot@mnot.net | Email: mnot@mnot.net | |||
| URI: https://www.mnot.net/ | URI: https://www.mnot.net/ | |||
| Erik Nygren | Erik Nygren | |||
| Akamai | Akamai | |||
| Email: nygren@akamai.com | Email: nygren@akamai.com | |||
| End of changes. 12 change blocks. | ||||
| 18 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||