draft-ietf-httpbis-cache-digest-01.txt   draft-ietf-httpbis-cache-digest-02.txt 
Network Working Group K. Oku HTTP Working Group K. Oku
Internet-Draft DeNA Co, Ltd. Internet-Draft DeNA Co, Ltd.
Intended status: Standards Track M. Nottingham Intended status: Experimental M. Nottingham
Expires: May 5, 2017 November 1, 2016 Expires: December 1, 2017 May 30, 2017
Cache Digests for HTTP/2 Cache Digests for HTTP/2
draft-ietf-httpbis-cache-digest-01 draft-ietf-httpbis-cache-digest-02
Abstract Abstract
This specification defines a HTTP/2 frame type to allow clients to This specification defines a HTTP/2 frame type to allow clients to
inform the server of their cache's contents. Servers can then use inform the server of their cache's contents. Servers can then use
this to inform their choices of what to push to clients. this to inform their choices of what to push to clients.
Note to Readers Note to Readers
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 5, 2017. This Internet-Draft will expire on December 1, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The CACHE_DIGEST Frame . . . . . . . . . . . . . . . . . . . 3 2. The CACHE_DIGEST Frame . . . . . . . . . . . . . . . . . . . 3
2.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 4 2.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 4
2.1.1. Computing the Digest-Value . . . . . . . . . . . . . 5 2.1.1. Computing the Digest-Value . . . . . . . . . . . . . 5
2.1.2. Computing a Hash Value . . . . . . . . . . . . . . . 6 2.1.2. Computing a Hash Value . . . . . . . . . . . . . . . 6
2.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 6 2.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 7
2.2.1. Querying the Digest for a Value . . . . . . . . . . . 7 2.2.1. Querying the Digest for a Value . . . . . . . . . . . 7
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 3. The ACCEPT_CACHE_DIGEST SETTINGS Parameter . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10
5.1. Normative References . . . . . . . . . . . . . . . . . . 9 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.2. Informative References . . . . . . . . . . . . . . . . . 9 6.1. Normative References . . . . . . . . . . . . . . . . . . 10
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Appendix A. Encoding the CACHE_DIGEST frame as an HTTP Header . 12
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 13
Appendix C. Changes . . . . . . . . . . . . . . . . . . . . . . 13
C.1. Since draft-ietf-httpbis-cache-digest-01 . . . . . . . . 13
C.2. Since draft-ietf-httpbis-cache-digest-00 . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
HTTP/2 [RFC7540] allows a server to "push" synthetic request/response HTTP/2 [RFC7540] allows a server to "push" synthetic request/response
pairs into a client's cache optimistically. While there is strong pairs into a client's cache optimistically. While there is strong
interest in using this facility to improve perceived Web browsing interest in using this facility to improve perceived Web browsing
performance, it is sometimes counterproductive because the client performance, it is sometimes counterproductive because the client
might already have cached the "pushed" response. might already have cached the "pushed" response.
When this is the case, the bandwidth used to "push" the response is When this is the case, the bandwidth used to "push" the response is
effectively wasted, and represents opportunity cost, because it could effectively wasted, and represents opportunity cost, because it could
be used by other, more relevant responses. HTTP/2 allows a stream to be used by other, more relevant responses. HTTP/2 allows a stream to
be cancelled by a client using a RST_STREAM frame in this situation, be cancelled by a client using a RST_STREAM frame in this situation,
but there is still at least one round trip of potentially wasted but there is still at least one round trip of potentially wasted
capacity even then. capacity even then.
This specification defines a HTTP/2 frame type to allow clients to This specification defines a HTTP/2 frame type to allow clients to
inform the server of their cache's contents using a Golumb-Rice Coded inform the server of their cache's contents using a Golomb-Rice Coded
Set [Rice]. Servers can then use this to inform their choices of Set [Rice]. Servers can then use this to inform their choices of
what to push to clients. what to push to clients.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. The CACHE_DIGEST Frame 2. The CACHE_DIGEST Frame
The CACHE_DIGEST frame type is 0xf1. NOTE: This is an experimental The CACHE_DIGEST frame type is 0xd (decimal 13).
value; if standardised, a permanent value will be assigned.
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
| Origin-Len (16) | Origin? (\*) ... | Origin-Len (16) | Origin? (\*) ...
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
| Digest-Value? (\*) ... | Digest-Value? (\*) ...
+---------------------------------------------------------------+ +---------------------------------------------------------------+
The CACHE_DIGEST frame payload has the following fields: The CACHE_DIGEST frame payload has the following fields:
Origin-Len: An unsigned, 16-bit integer indicating the length, in Origin-Len: An unsigned, 16-bit integer indicating the length, in
skipping to change at page 8, line 11 skipping to change at page 8, line 17
2. Read the next 5 bits of "digest-value" as an integer; let "P" be 2. Read the next 5 bits of "digest-value" as an integer; let "P" be
two raised to the power of that value. two raised to the power of that value.
3. Let "hash-value" be the result of computing a hash value 3. Let "hash-value" be the result of computing a hash value
(Section 2.1.2). (Section 2.1.2).
4. Let "C" be -1. 4. Let "C" be -1.
5. Read '0' bits from "digest-value" until a '1' bit is found; let 5. Read '0' bits from "digest-value" until a '1' bit is found; let
"Q" bit the number of '0' bits. Discard the '1'. "Q" be the number of '0' bits. Discard the '1'.
6. Read log2("P") bits from "digest-value" after the '1' as an 6. Read log2("P") bits from "digest-value" after the '1' as an
integer; let "R" be its value. integer; let "R" be its value.
7. Let "D" be "Q" * "P" + "R". 7. Let "D" be "Q" * "P" + "R".
8. Increment "C" by "D" + 1. 8. Increment "C" by "D" + 1.
9. If "C" is equal to "hash-value", return 'true'. 9. If "C" is equal to "hash-value", return 'true'.
10. Otherwise, return to step 5 and continue processing; if no match 10. Otherwise, return to step 5 and continue processing; if no match
is found before "digest-value" is exhausted, return 'false'. is found before "digest-value" is exhausted, return 'false'.
3. IANA Considerations 3. The ACCEPT_CACHE_DIGEST SETTINGS Parameter
This draft currently has no requirements for IANA. If the A server can notify its support for CACHE_DIGEST frame by sending the
CACHE_DIGEST frame is standardised, it will need to be assigned a ACCEPT_CACHE_DIGEST (0x7) SETTINGS parameter. If the server is
frame type. tempted to making optimizations based on CACHE_DIGEST frames, it
SHOULD send the SETTINGS parameter immediately after the connection
is established.
4. Security Considerations The value of the parameter is a bit-field of which the following bits
are defined:
FRESH (0x1): When set, it indicates that the server is willing to
make use of a digest of freshly-cached responses.
STALE (0x2): When set, it indicates that the server is willing to
make use of a digest of stale-cached responses.
Rest of the bits MUST be ignored and MUST be left unset when sending.
The initial value of the parameter is zero (0x0) meaning that the
server is not interested in seeing a CACHE_DIGEST frame.
Some underlying transports allow the server's first flight of
application data to reach the client at around the same time when the
client sends it's first flight data. When such transport (e.g., TLS
1.3 [I-D.ietf-tls-tls13] in full-handshake mode) is used, a client
can postpone sending the CACHE_DIGEST frame until it receives a
ACCEPT_CACHE_DIGEST settings value.
When the underlying transport does not have such property (e.g., TLS
1.3 in 0-RTT mode), a client can reuse the settings value found in
previous connections to that origin [RFC6454] to make assumptions.
4. IANA Considerations
This document registers the following entry in the Permanent Message
Headers Registry, as per [RFC3864]:
o Header field name: Cache-Digest
o Applicable protocol: http
o Status: experimental
o Author/Change controller: IESG
o Specification document(s): [this document]
This document registers the following entry in the HTTP/2 Frame Type
Registry, as per [RFC7540]:
o Frame Type: CACHE_DIGEST
o Code: 0xd
o Specification: [this document]
This document registers the following entry in the HTTP/2 Settings
Registry, as per [RFC7540]:
o Code: 0x7
o Name: ACCEPT_CACHE_DIGEST
o Initial Value: 0x0
o Reference: [this document]
5. Security Considerations
The contents of a User Agent's cache can be used to re-identify or The contents of a User Agent's cache can be used to re-identify or
"fingerprint" the user over time, even when other identifiers (e.g., "fingerprint" the user over time, even when other identifiers (e.g.,
Cookies [RFC6265]) are cleared. Cookies [RFC6265]) are cleared.
CACHE_DIGEST allows such cache-based fingerprinting to become CACHE_DIGEST allows such cache-based fingerprinting to become
passive, since it allows the server to discover the state of the passive, since it allows the server to discover the state of the
client's cache without any visible change in server behaviour. client's cache without any visible change in server behaviour.
As a result, clients MUST mitigate for this threat when the user As a result, clients MUST mitigate for this threat when the user
skipping to change at page 9, line 5 skipping to change at page 10, line 27
could be achieved in a number of ways; for example: by clearing the could be achieved in a number of ways; for example: by clearing the
cache, by changing one or both of N and P, or by adding new, cache, by changing one or both of N and P, or by adding new,
synthetic entries to the digest to change its contents. synthetic entries to the digest to change its contents.
TODO: discuss how effective the suggested mitigations actually would TODO: discuss how effective the suggested mitigations actually would
be. be.
Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in
"privacy mode." "privacy mode."
5. References 6. References
5.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>. <http://www.rfc-editor.org/info/rfc3986>.
skipping to change at page 9, line 48 skipping to change at page 11, line 25
[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
RFC 7234, DOI 10.17487/RFC7234, June 2014, RFC 7234, DOI 10.17487/RFC7234, June 2014,
<http://www.rfc-editor.org/info/rfc7234>. <http://www.rfc-editor.org/info/rfc7234>.
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol Version 2 (HTTP/2)", RFC 7540, Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
DOI 10.17487/RFC7540, May 2015, DOI 10.17487/RFC7540, May 2015,
<http://www.rfc-editor.org/info/rfc7540>. <http://www.rfc-editor.org/info/rfc7540>.
5.2. Informative References 6.2. Informative References
[Fetch] "Fetch Standard", n.d., <https://fetch.spec.whatwg.org/>.
[I-D.ietf-tls-tls13]
Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-20 (work in progress),
April 2017.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004,
<http://www.rfc-editor.org/info/rfc3864>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<http://www.rfc-editor.org/info/rfc4648>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<http://www.rfc-editor.org/info/rfc5234>.
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
DOI 10.17487/RFC6265, April 2011, DOI 10.17487/RFC6265, April 2011,
<http://www.rfc-editor.org/info/rfc6265>. <http://www.rfc-editor.org/info/rfc6265>.
[Rice] Rice, R. and J. Plaunt, "Adaptive variable-length coding [Rice] Rice, R. and J. Plaunt, "Adaptive variable-length coding
for efficient compression of spacecraft television data", for efficient compression of spacecraft television data",
IEEE Transactions on Communication Technology 19.6 , 1971. IEEE Transactions on Communication Technology 19.6 , 1971.
Appendix A. Acknowledgements [Service-Workers]
Russell, A., Song, J., Archibald, J., and M.
Kruisselbrink, "Service Workers 1", October 2016,
<https://www.w3.org/TR/2016/WD-service-workers-1/>.
Appendix A. Encoding the CACHE_DIGEST frame as an HTTP Header
On some web browsers that support Service Workers [Service-Workers]
but not Cache Digests (yet), it is possible to achieve the benefit of
using Cache Digests by emulating the frame using HTTP Headers.
For the sake of interoperability with such clients, this appendix
defines how a CACHE_DIGEST frame can be encoded as an HTTP header
named "Cache-Digest".
The definition uses the Augmented Backus-Naur Form (ABNF) notation of
[RFC5234] with the list rule extension defined in [RFC7230],
Appendix B.
Cache-Digest = 1#digest-entity
digest-entity = digest-value *(OWS ";" OWS digest-flag)
digest-value = <Digest-Value encoded using base64url>
digest-flag = token
A Cache-Digest request header is defined as a list construct of
cache-digest-entities. Each cache-digest-entity corresponds to a
CACHE_DIGEST frame.
Digest-Value is encoded using base64url [RFC4648], Section 5. Flags
that are set are encoded as digest-flags by their names that are
compared case-insensitively.
Origin is omitted in the header form. The value is implied from the
value of the ":authority" pseudo header. Client MUST only send
Cache-Digest headers containing digests that belong to the origin
specified by the HTTP request.
The example below contains one digest of fresh resource and has only
the "COMPLETE" flag set.
Cache-Digest: AfdA; complete
Clients MUST associate Cache-Digest headers to every HTTP request,
since Fetch [Fetch] - the HTTP API supported by Service Workers -
does not define the order in which the issued requests will be sent
to the server nor guarantees that all the requests will be
transmitted using a single HTTP/2 connection.
Also, due to the fact that any header that is supplied to Fetch is
required to be end-to-end, there is an ambiguity in what a Cache-
Digest header respresents when a request is transmitted through a
proxy. The header may represent the cache state of a client or that
of a proxy, depending on how the proxy handles the header.
Appendix B. Acknowledgements
Thanks to Adam Langley and Giovanni Bajo for their explorations of Thanks to Adam Langley and Giovanni Bajo for their explorations of
Golumb-coded sets. In particular, see Golomb-coded sets. In particular, see
http://giovanni.bajo.it/post/47119962313/golomb-coded-sets-smaller- http://giovanni.bajo.it/post/47119962313/golomb-coded-sets-smaller-
than-bloom-filters , which refers to sample code. than-bloom-filters , which refers to sample code.
Thanks to Stefan Eissing for his suggestions. Thanks to Stefan Eissing for his suggestions.
Appendix C. Changes
C.1. Since draft-ietf-httpbis-cache-digest-01
o Added definition of the Cache-Digest header.
o Introduce ACCEPT_CACHE_DIGEST SETTINGS parameter.
o Change intended status from Standard to Experimental.
C.2. Since draft-ietf-httpbis-cache-digest-00
o Make the scope of a digest frame explicit and shift to stream 0.
Authors' Addresses Authors' Addresses
Kazuho Oku Kazuho Oku
DeNA Co, Ltd. DeNA Co, Ltd.
Email: kazuhooku@gmail.com Email: kazuhooku@gmail.com
Mark Nottingham Mark Nottingham
Email: mnot@mnot.net Email: mnot@mnot.net
 End of changes. 19 change blocks. 
28 lines changed or deleted 183 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/