draft-ietf-httpbis-origin-frame-02.txt   draft-ietf-httpbis-origin-frame-03.txt 
HTTP Working Group M. Nottingham HTTP Working Group M. Nottingham
Internet-Draft E. Nygren Internet-Draft
Intended status: Standards Track Akamai Intended status: Standards Track E. Nygren
Expires: August 17, 2017 February 13, 2017 Expires: October 22, 2017 Akamai
April 20, 2017
The ORIGIN HTTP/2 Frame The ORIGIN HTTP/2 Frame
draft-ietf-httpbis-origin-frame-02 draft-ietf-httpbis-origin-frame-03
Abstract Abstract
This document specifies the ORIGIN frame for HTTP/2, to indicate what This document specifies the ORIGIN frame for HTTP/2, to indicate what
origins are available on a given connection. origins are available on a given connection.
Note to Readers Note to Readers
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
skipping to change at page 1, line 41 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 17, 2017. This Internet-Draft will expire on October 22, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 31
2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3 2.2. Processing ORIGIN Frames . . . . . . . . . . . . . . . . 3
2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4 2.3. The Origin Set . . . . . . . . . . . . . . . . . . . . . 4
2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5 2.4. Authority, Push and Coalescing with ORIGIN . . . . . . . 5
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Normative References . . . . . . . . . . . . . . . . . . 6 5.1. Normative References . . . . . . . . . . . . . . . . . . 6
5.2. Informative References . . . . . . . . . . . . . . . . . 7 5.2. Informative References . . . . . . . . . . . . . . . . . 7
Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7 Appendix A. Non-Normative Processing Algorithm . . . . . . . . . 7
Appendix B. Operational Considerations for Servers . . . . . . . 8 Appendix B. Operational Considerations for Servers . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
HTTP/2 [RFC7540] allows clients to coalesce different origins HTTP/2 [RFC7540] allows clients to coalesce different origins
[RFC6454] onto the same connection when certain conditions are met. [RFC6454] onto the same connection when certain conditions are met.
However, in certain cases, a connection is is not usable for a However, in certain cases, a connection is is not usable for a
coalesced origin, so the 421 (Misdirected Request) status code coalesced origin, so the 421 (Misdirected Request) status code
([RFC7540], Section 9.1.2) was defined. ([RFC7540], Section 9.1.2) was defined.
Using a status code in this manner allows clients to recover from Using a status code in this manner allows clients to recover from
skipping to change at page 3, line 20 skipping to change at page 3, line 20
2. The ORIGIN HTTP/2 Frame 2. The ORIGIN HTTP/2 Frame
The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to
indicate what origin(s) [RFC6454] the server would like the client to indicate what origin(s) [RFC6454] the server would like the client to
consider as members of the Origin Set (Section 2.3) for the consider as members of the Origin Set (Section 2.3) for the
connection it occurs within. connection it occurs within.
2.1. Syntax 2.1. Syntax
The ORIGIN frame type is 0xb (decimal 11). The ORIGIN frame type is 0xc (decimal 12).
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
| Origin-Len (16) | ASCII-Origin? (*) ... | Origin-Len (16) | ASCII-Origin? (*) ...
+-------------------------------+-------------------------------+ +-------------------------------+-------------------------------+
The ORIGIN frame's payload contains the following fields, sets of The ORIGIN frame's payload contains the following fields, sets of
which may be repeated within the frame to indicate multiple origins: which may be repeated within the frame to indicate multiple origins:
Origin-Len: An unsigned, 16-bit integer indicating the length, in Origin-Len: An unsigned, 16-bit integer indicating the length, in
octets, of the ASCII-Origin field. octets, of the ASCII-Origin field.
skipping to change at page 4, line 15 skipping to change at page 4, line 12
Likewise, the ORIGIN frame is only valid on connections with the "h2" Likewise, the ORIGIN frame is only valid on connections with the "h2"
protocol identifier, or when specifically nominated by the protocol's protocol identifier, or when specifically nominated by the protocol's
definition; it MUST be ignored when received on a connection with the definition; it MUST be ignored when received on a connection with the
"h2c" protocol identifier. "h2c" protocol identifier.
This specification does not define any flags for the ORIGIN frame, This specification does not define any flags for the ORIGIN frame,
but future updates might use them to change its semantics. The first but future updates might use them to change its semantics. The first
four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards- four flags (0x1, 0x2, 0x4 and 0x8) are reserved for backwards-
incompatible changes, and therefore when any of them are set, the incompatible changes, and therefore when any of them are set, the
ORIGIN frame containing them MUST be ignored by clients conforming to ORIGIN frame containing them MUST be ignored by clients conforming to
this specification. The remaining flags are reserved for backwards- this specification, unless the flag's semantics are understood. The
compatible changes, and do not affect processing by clients remaining flags are reserved for backwards-compatible changes, and do
conformant to this specification. not affect processing by clients conformant to this specification.
The ORIGIN frame describes a property of the connection, and The ORIGIN frame describes a property of the connection, and
therefore is processed hop-by-hop. An intermediary MUST NOT forward therefore is processed hop-by-hop. An intermediary MUST NOT forward
ORIGIN frames. Clients configured to use a proxy MUST ignore any ORIGIN frames. Clients configured to use a proxy MUST ignore any
ORIGIN frames received from it. ORIGIN frames received from it.
Each ASCII-Origin field in the frame's payload MUST be parsed as an Each ASCII-Origin field in the frame's payload MUST be parsed as an
ASCII serialisation of an origin ([RFC6454], Section 6.2). If ASCII serialisation of an origin ([RFC6454], Section 6.2). If
parsing fails, the field MUST be ignored. parsing fails, the field MUST be ignored.
skipping to change at page 6, line 11 skipping to change at page 6, line 11
clients SHOULD not emit new requests on any connection whose Origin clients SHOULD not emit new requests on any connection whose Origin
Set is a subset of another connection's Origin Set, and SHOULD close Set is a subset of another connection's Origin Set, and SHOULD close
it once all outstanding requests are satisfied. it once all outstanding requests are satisfied.
3. IANA Considerations 3. IANA Considerations
This specification adds an entry to the "HTTP/2 Frame Type" registry. This specification adds an entry to the "HTTP/2 Frame Type" registry.
o Frame Type: ORIGIN o Frame Type: ORIGIN
o Code: 0xb o Code: 0xc
o Specification: [this document] o Specification: [this document]
4. Security Considerations 4. Security Considerations
Clients that blindly trust the ORIGIN frame's contents will be Clients that blindly trust the ORIGIN frame's contents will be
vulnerable to a large number of attacks. See Section 2.4 for vulnerable to a large number of attacks. See Section 2.4 for
mitigations. mitigations.
Relaxing the requirement to consult DNS when determining authority Relaxing the requirement to consult DNS when determining authority
skipping to change at page 8, line 37 skipping to change at page 8, line 37
Therefore, the ORIGIN frame ought be sent as soon as possible on a Therefore, the ORIGIN frame ought be sent as soon as possible on a
connection, ideally before any HEADERS or PUSH_PROMISE frames. connection, ideally before any HEADERS or PUSH_PROMISE frames.
However, if it's desirable to associate a large number of origins However, if it's desirable to associate a large number of origins
with a connection, doing so might introduce end-user perceived with a connection, doing so might introduce end-user perceived
latency, due to their size. As a result, it might be necessary to latency, due to their size. As a result, it might be necessary to
select a "core" set of origins to send initially, expanding the set select a "core" set of origins to send initially, expanding the set
of origins the connection is used for with subsequent ORIGIN frames of origins the connection is used for with subsequent ORIGIN frames
later (e.g., when the connection is idle). later (e.g., when the connection is idle).
Senders should note that, as per [RFC6454] Section 4, the values in That said, senders are encouraged to include as many origins as
an ORIGIN header need to be case-normalised before serialisation. practical within a single ORIGIN frame; clients need to make
decisions about creating connections on the fly, and if the origin
set is split across many frames, their behaviour might be suboptimal.
Finally, servers that allow alternative services [RFC7838] will need Senders take note that, as per [RFC6454] Section 4, the values in an
to explicitly advertise those origins when sending ORIGIN, because ORIGIN header need to be case-normalised before serialisation.
Finally, servers that host alternative services [RFC7838] will need
to explicitly advertise their origins when sending ORIGIN, because
the default contents of the Origin Set (as per Section 2.3) do not the default contents of the Origin Set (as per Section 2.3) do not
contain any Alternative Services, even if they have been used contain any Alternative Services' origins, even if they have been
previously on the connection. used previously on the connection.
Authors' Addresses Authors' Addresses
Mark Nottingham Mark Nottingham
Akamai
Email: mnot@mnot.net Email: mnot@mnot.net
URI: https://www.mnot.net/ URI: https://www.mnot.net/
Erik Nygren Erik Nygren
Akamai Akamai
Email: nygren@akamai.com Email: nygren@akamai.com
 End of changes. 12 change blocks. 
18 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/