draft-ietf-httpbis-tunnel-protocol-05.txt   rfc7639.txt 
HTTP Working Group A. Hutton Internet Engineering Task Force (IETF) A. Hutton
Internet-Draft Unify Request for Comments: 7639 Unify
Intended status: Standards Track J. Uberti Category: Standards Track J. Uberti
Expires: December 13, 2015 Google ISSN: 2070-1721 Google
M. Thomson M. Thomson
Mozilla Mozilla
June 11, 2015 August 2015
The ALPN HTTP Header Field The ALPN HTTP Header Field
draft-ietf-httpbis-tunnel-protocol-05
Abstract Abstract
This specification allows HTTP CONNECT requests to indicate what This specification allows HTTP CONNECT requests to indicate what
protocol is intended to be used within the tunnel once established, protocol is intended to be used within the tunnel once established,
using the ALPN header field. using the ALPN header field.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on December 13, 2015. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7639.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 18
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. The ALPN HTTP Header Field . . . . . . . . . . . . . . . . . 3 2. The ALPN HTTP Header Field . . . . . . . . . . . . . . . . . 3
2.1. Header Field Values . . . . . . . . . . . . . . . . . . . 3 2.1. Header Field Values . . . . . . . . . . . . . . . . . . . 3
2.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.3. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Normative References . . . . . . . . . . . . . . . . . . 6 5.1. Normative References . . . . . . . . . . . . . . . . . . 6
5.2. Informative References . . . . . . . . . . . . . . . . . 6 5.2. Informative References . . . . . . . . . . . . . . . . . 6
5.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The HTTP CONNECT method (Section 4.3.6 of [RFC7231]) requests that The HTTP CONNECT method (Section 4.3.6 of [RFC7231]) requests that
the recipient establish a tunnel to the identified origin server and the recipient establish a tunnel to the identified origin server and
thereafter forward packets, in both directions, until the tunnel is thereafter forward packets, in both directions, until the tunnel is
closed. Such tunnels are commonly used to create end-to-end virtual closed. Such tunnels are commonly used to create end-to-end virtual
connections, through one or more proxies. connections through one or more proxies.
The HTTP ALPN header field identifies the protocol or protocols that The ALPN HTTP header field identifies the protocol or protocols that
the client intends to use within a tunnel that is established using the client intends to use within a tunnel that is established using
CONNECT. This uses the Application Layer Protocol Negotiation CONNECT. This uses the Application-Layer Protocol Negotiation (ALPN)
identifier (ALPN, [RFC7301]). identifier [RFC7301].
For a tunnel that is then secured using TLS [RFC5246], the header For a tunnel that is then secured using Transport Layer Security
field carries the same application protocol label as will be carried (TLS) [RFC5246], the header field carries the same application
within the TLS handshake [RFC7301]. If there are multiple possible protocol label as will be carried within the TLS handshake [RFC7301].
application protocols, all of those application protocols are If there are multiple possible application protocols, all of those
indicated. application protocols are indicated.
The ALPN header field carries an indication of client intent only. The ALPN header field carries an indication of client intent only.
An ALPN identifier is used here only to identify the application An ALPN identifier is used here only to identify the application
protocol or suite of protocols that the client intends to use in the protocol or suite of protocols that the client intends to use in the
tunnel. No negotiation takes place using this header field. In TLS, tunnel. No negotiation takes place using this header field. In TLS,
the final choice of application protocol is made by the server from the final choice of application protocol is made by the server from
the set of choices presented by the client. Other substrates could the set of choices presented by the client. Other substrates could
negotiate the application protocol differently. negotiate the application protocol differently.
Proxies do not implement the tunneled protocol, though they might Proxies do not implement the tunneled protocol, though they might
skipping to change at page 3, line 16 skipping to change at page 3, line 14
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. The ALPN HTTP Header Field 2. The ALPN HTTP Header Field
Clients include the ALPN header field in an HTTP CONNECT request to Clients include the ALPN header field in an HTTP CONNECT request to
indicate the application layer protocol that a client intends to use indicate the application-layer protocol that a client intends to use
within the tunnel, or a set of protocols that might be used within within the tunnel, or a set of protocols that might be used within
the tunnel. the tunnel.
2.1. Header Field Values 2.1. Header Field Values
Valid values for the protocol field are taken from the "Application- Valid values for the protocol field are taken from the "Application-
Layer Protocol Negotiation (ALPN) Protocol ID" registry ([1]) Layer Protocol Negotiation (ALPN) Protocol ID" registry [ALPN-IDS]
established by [RFC7301]. established by [RFC7301].
2.2. Syntax 2.2. Syntax
The ABNF (Augmented Backus-Naur Form) syntax for the ALPN header The ABNF (Augmented Backus-Naur Form) syntax for the ALPN header
field value is given below. It uses the syntax defined in field value is given below. It uses the syntax defined in
Section 1.2 of [RFC7230]. Section 1.2 of [RFC7230].
ALPN = 1#protocol-id ALPN = 1#protocol-id
protocol-id = token ; percent-encoded ALPN protocol identifier protocol-id = token ; percent-encoded ALPN protocol identifier
ALPN protocol names are octet sequences with no additional ALPN protocol names are octet sequences with no additional
constraints on format. Octets not allowed in tokens ([RFC7230], constraints on format. Octets not allowed in tokens ([RFC7230],
Section 3.2.6) MUST be percent-encoded as per Section 2.1 of Section 3.2.6) MUST be percent-encoded as per Section 2.1 of
[RFC3986]. Consequently, the octet representing the percent [RFC3986]. Consequently, the octet representing the percent
character "%" (hex 25) MUST be percent-encoded as well. character "%" (hex 25) MUST be percent-encoded as well.
In order to have precisely one way to represent any ALPN protocol In order to have precisely one way to represent any ALPN protocol
name, the following additional constraints apply: name, the following additional constraints apply:
o Octets in the ALPN protocol MUST NOT be percent-encoded if they o Octets in the ALPN protocol MUST NOT be percent-encoded if they
are valid token characters except "%", and are valid token characters except "%".
o When using percent-encoding, uppercase hex digits MUST be used. o When using percent-encoding, uppercase hex digits MUST be used.
With these constraints, recipients can apply simple string comparison With these constraints, recipients can apply simple string comparison
to match protocol identifiers. to match protocol identifiers.
For example: For example:
CONNECT www.example.com HTTP/1.1 CONNECT www.example.com HTTP/1.1
Host: www.example.com Host: www.example.com
skipping to change at page 4, line 24 skipping to change at page 4, line 24
identify an entire application protocol stack, not a single protocol identify an entire application protocol stack, not a single protocol
layer or component. layer or component.
For a CONNECT tunnel that conveys a protocol secured with TLS, the For a CONNECT tunnel that conveys a protocol secured with TLS, the
value of the ALPN header field contains the same list of ALPN value of the ALPN header field contains the same list of ALPN
identifiers that will be sent in the TLS ClientHello message identifiers that will be sent in the TLS ClientHello message
[RFC7301]. [RFC7301].
Where no protocol negotiation is expected to occur, such as in Where no protocol negotiation is expected to occur, such as in
protocols that do not use TLS, the ALPN header field contains a protocols that do not use TLS, the ALPN header field contains a
single ALPN Protocol Identifier corresponding to the application single ALPN protocol identifier corresponding to the application
protocol that is intended to be used. If an alternative form of protocol that is intended to be used. If an alternative form of
protocol negotiation is possible, the ALPN header field contains the protocol negotiation is possible, the ALPN header field contains the
set of protocols that might be negotiated. set of protocols that might be negotiated.
A proxy can use the value of the ALPN header field to more cleanly A proxy can use the value of the ALPN header field to more cleanly
and efficiently reject requests for a CONNECT tunnel. Exposing and efficiently reject requests for a CONNECT tunnel. Exposing
protocol information at the HTTP layer allows a proxy to deny protocol information at the HTTP layer allows a proxy to deny
requests earlier, with better error reporting (such as a 403 status requests earlier, with better error reporting (such as a 403 status
code). The ALPN header field can be falsified and is therefore not code). The ALPN header field can be falsified and therefore is not a
sufficient basis for authorizing a request. sufficient basis for authorizing a request.
A proxy could attempt to inspect packets to determine the protocol in A proxy could attempt to inspect packets to determine the protocol in
use. This requires that the proxy understand each ALPN identifier. use. This requires that the proxy understand each ALPN identifier.
Protocols like TLS could hide negotiated protocols, or protocol Protocols like TLS could hide negotiated protocols, or protocol
negotiation details could change over time. Proxies SHOULD NOT break negotiation details could change over time. Proxies SHOULD NOT break
a CONNECT tunnel solely on the basis of a failure to recognize the a CONNECT tunnel solely on the basis of a failure to recognize the
protocol. protocol.
A proxy can use the ALPN header field value to change how it manages A proxy can use the ALPN header field value to change how it manages
or prioritizes connections. or prioritizes connections.
3. IANA Considerations 3. IANA Considerations
HTTP header fields are registered within the "Permanent Message HTTP header fields are registered within the "Permanent Message
Header Field Names" registry maintained at [2]. This document Header Field Names" registry maintained by IANA [MSG-HDRS]. This
defines and registers the ALPN header field, according to [RFC3864] document defines and registers the ALPN header field, according to
as follows: [RFC3864] as follows:
Header Field Name: ALPN Header Field Name: ALPN
Protocol: http Protocol: http
Status: Standard Status: Standard
Reference: Section 2 Reference: Section 2 of this document (RFC 7639)
Change Controller: IETF (iesg@ietf.org) - Internet Engineering Task Change Controller: IETF (iesg@ietf.org) - Internet Engineering Task
Force Force
4. Security Considerations 4. Security Considerations
In case of using HTTP CONNECT to a TURN server ("Traversal Using In case of using HTTP CONNECT to a TURN (Traversal Using Relays
Relays around NAT", [RFC5766]) the security considerations of around NAT, [RFC5766]) server, the security considerations of
Section 4.3.6 of [RFC7231] apply. It states that there "are Section 4.3.6 of [RFC7231] apply. It states that there "are
significant risks in establishing a tunnel to arbitrary servers, significant risks in establishing a tunnel to arbitrary servers,
particularly when the destination is a well-known or reserved TCP particularly when the destination is a well-known or reserved TCP
port that is not intended for Web traffic. Proxies that support port that is not intended for Web traffic. ... Proxies that support
CONNECT SHOULD restrict its use to a limited set of known ports or a CONNECT SHOULD restrict its use to a limited set of known ports or a
configurable whitelist of safe request targets." configurable whitelist of safe request targets."
The ALPN header field described in this document is OPTIONAL. The ALPN header field described in this document is OPTIONAL.
Clients and HTTP proxies could choose to not support it and therefore Clients and HTTP proxies could choose not to support it and therefore
either fail to provide it, or ignore it when present. If the header either fail to provide it or ignore it when present. If the header
field is not available or ignored, a proxy cannot identify the field is not available or is ignored, a proxy cannot identify the
purpose of the tunnel and use this as input to any authorization purpose of the tunnel and use this as input to any authorization
decision regarding the tunnel. This is indistinguishable from the decision regarding the tunnel. This is indistinguishable from the
case where either client or proxy does not support the ALPN header case where either client or proxy does not support the ALPN header
field. field.
There is no confidentiality protection for the ALPN header field. There is no confidentiality protection for the ALPN header field.
ALPN identifiers that might expose confidential or sensitive ALPN identifiers that might expose confidential or sensitive
information SHOULD NOT be sent, as described in Section 5 of information SHOULD NOT be sent, as described in Section 5 of
[RFC7301]. [RFC7301].
The value of the ALPN header field could be falsified by a client. The value of the ALPN header field could be falsified by a client.
If the data being sent through the tunnel is encrypted (for example, If the data being sent through the tunnel is encrypted (for example,
with TLS [RFC5246]), then the proxy might not be able to directly with TLS [RFC5246]), then the proxy might not be able to directly
inspect the data to verify that the claimed protocol is the one which inspect the data to verify that the claimed protocol is the one which
is actually being used, though a proxy might be able to perform is actually being used, though a proxy might be able to perform
traffic analysis [TRAFFIC]. A proxy therefore cannot rely on the traffic analysis [TRAFFIC]. Therefore, a proxy cannot rely on the
value of the ALPN header field as a policy input in all cases. value of the ALPN header field as a policy input in all cases.
5. References 5. References
5.1. Normative References 5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119,
RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004, DOI 10.17487/RFC3864, September 2004,
<http://www.rfc-editor.org/info/rfc3864>. <http://www.rfc-editor.org/info/rfc3864>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC Resource Identifier (URI): Generic Syntax", STD 66,
3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>. <http://www.rfc-editor.org/info/rfc3986>.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI (HTTP/1.1): Message Syntax and Routing", RFC 7230,
10.17487/RFC7230, June 2014, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>. <http://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Semantics and Content", RFC 7231, DOI (HTTP/1.1): Semantics and Content", RFC 7231,
10.17487/RFC7231, June 2014, DOI 10.17487/RFC7231, June 2014,
<http://www.rfc-editor.org/info/rfc7231>. <http://www.rfc-editor.org/info/rfc7231>.
[RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan,
"Transport Layer Security (TLS) Application-Layer Protocol "Transport Layer Security (TLS) Application-Layer Protocol
Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
July 2014, <http://www.rfc-editor.org/info/rfc7301>. July 2014, <http://www.rfc-editor.org/info/rfc7301>.
5.2. Informative References 5.2. Informative References
[ALPN-IDS] IANA, "Application-Layer Protocol Negotiation (ALPN)
Protocol ID", <http://www.iana.org/assignments/
tls-extensiontype-values>.
[MSG-HDRS] IANA, "Permanent Message Header Field Names>",
<https://www.iana.org/assignments/message-headers>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ (TLS) Protocol Version 1.2", RFC 5246,
RFC5246, August 2008, DOI 10.17487/RFC5246, August 2008,
<http://www.rfc-editor.org/info/rfc5246>. <http://www.rfc-editor.org/info/rfc5246>.
[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", RFC 5766, DOI Traversal Utilities for NAT (STUN)", RFC 5766,
10.17487/RFC5766, April 2010, DOI 10.17487/RFC5766, April 2010,
<http://www.rfc-editor.org/info/rfc5766>. <http://www.rfc-editor.org/info/rfc5766>.
[TRAFFIC] Pironti, A., Strub, P-Y., and K. Bhargavan, "Website Users [TRAFFIC] Pironti, A., Strub, P-Y., and K. Bhargavan, "Identifying
by TLS Traffic Analysis: New Attacks and Effective Website Users by TLS Traffic Analysis: New Attacks and
Countermeasures, Revision 1", 2012, Effective Countermeasures, Revision 1", 2012,
<https://alfredo.pironti.eu/research/publications/full/ <https://alfredo.pironti.eu/research/publications/full/
identifying-website-users-tls-traffic-analysis-new- identifying-website-users-tls-traffic-analysis-new-
attacks-and-effective-counterme>. attacks-and-effective-counterme>.
5.3. URIs
[1] http://www.iana.org/assignments/tls-extensiontype-values/#alpn-
protocol-ids
[2] https://www.iana.org/assignments/message-headers
Authors' Addresses Authors' Addresses
Andrew Hutton Andrew Hutton
Unify Unify
Technology Drive Technology Drive
Nottingham NG9 1LA Nottingham NG9 1LA
UK United Kingdom
EMail: andrew.hutton@unify.com Email: andrew.hutton@unify.com
Justin Uberti Justin Uberti
Google Google
747 6th Ave S 747 6th Street South
Kirkland, WA 98033 Kirkland, WA 98033
US United States
EMail: justin@uberti.name Email: justin@uberti.name
Martin Thomson Martin Thomson
Mozilla Mozilla
331 E Evelyn Street 331 East Evelyn Avenue
Mountain View, CA 94041 Mountain View, CA 94041
US United States
EMail: martin.thomson@gmail.com Email: martin.thomson@gmail.com
 End of changes. 40 change blocks. 
74 lines changed or deleted 69 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/