| < draft-ietf-httpbis-h2-websockets-05.txt | draft-ietf-httpbis-h2-websockets-06.txt > | |||
|---|---|---|---|---|
| HTTP P. McManus | HTTP P. McManus | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Updates: 6455 (if approved) May 6, 2018 | Updates: 6455 (if approved) May 31, 2018 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: November 7, 2018 | Expires: December 2, 2018 | |||
| Bootstrapping WebSockets with HTTP/2 | Bootstrapping WebSockets with HTTP/2 | |||
| draft-ietf-httpbis-h2-websockets-05 | draft-ietf-httpbis-h2-websockets-06 | |||
| Abstract | Abstract | |||
| This document defines a mechanism for running the WebSocket Protocol | This document defines a mechanism for running the WebSocket Protocol | |||
| (RFC 6455) over a single stream of an HTTP/2 connection. | (RFC 6455) over a single stream of an HTTP/2 connection. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 7, 2018. | This Internet-Draft will expire on December 2, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. The SETTINGS_ENABLE_CONNECT_PROTOCOL SETTINGS Parameter . . . 3 | 3. The SETTINGS_ENABLE_CONNECT_PROTOCOL SETTINGS Parameter . . . 3 | |||
| 4. The Extended CONNECT Method . . . . . . . . . . . . . . . . . 3 | 4. The Extended CONNECT Method . . . . . . . . . . . . . . . . . 4 | |||
| 5. Using Extended CONNECT To Bootstrap The WebSocket Protocol . 4 | 5. Using Extended CONNECT To Bootstrap the WebSocket Protocol . 4 | |||
| 5.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 5.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. Design Considerations . . . . . . . . . . . . . . . . . . . . 5 | 6. Design Considerations . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. About Intermediaries . . . . . . . . . . . . . . . . . . . . 6 | 7. About Intermediaries . . . . . . . . . . . . . . . . . . . . 6 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 | 10.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 8 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 | ||||
| 1. Introduction | 1. Introduction | |||
| The Hypertext Transfer Protocol (HTTP) provides compatible resource- | The Hypertext Transfer Protocol (HTTP) [RFC7230] provides compatible | |||
| level semantics across different versions but it does not offer | resource-level semantics across different versions but it does not | |||
| compatibility at the connection management level. Other protocols, | offer compatibility at the connection management level. Other | |||
| such as WebSockets, that rely on connection management details of | protocols, such as WebSockets, that rely on connection management | |||
| HTTP must be updated for new versions of HTTP. | details of HTTP must be updated for new versions of HTTP. | |||
| The WebSocket Protocol [RFC6455] uses the HTTP/1.1 [RFC7230] Upgrade | The WebSocket Protocol [RFC6455] uses the HTTP/1.1 Upgrade mechanism | |||
| mechanism to transition a TCP connection from HTTP into a WebSocket | (Section 6.7 of [RFC7230]) to transition a TCP connection from HTTP | |||
| connection. A different approach must be taken with HTTP/2 | into a WebSocket connection. A different approach must be taken with | |||
| [RFC7540]. HTTP/2 does not allow connection-wide headers and status | HTTP/2 [RFC7540]. HTTP/2 does not allow connection-wide headers and | |||
| codes such as the Upgrade and Connection request headers or the 101 | status codes such as the Upgrade and Connection request headers or | |||
| response code due to its multiplexing nature. These are all required | the 101 response code due to its multiplexing nature. These are all | |||
| by the [RFC6455] opening handshake. | required by the [RFC6455] opening handshake. | |||
| Being able to bootstrap WebSockets from HTTP/2 allows one TCP | Being able to bootstrap WebSockets from HTTP/2 allows one TCP | |||
| connection to be shared by both protocols and extends HTTP/2's more | connection to be shared by both protocols and extends HTTP/2's more | |||
| efficient use of the network to WebSockets. | efficient use of the network to WebSockets. | |||
| This document extends the HTTP/2 CONNECT method. The extension | This document extends the HTTP CONNECT method (as specified for | |||
| allows the substitution of a new protocol name to connect to rather | HTTP/2 in Section 8.3 of [RFC7540]). The extension allows the | |||
| than the external host normally used by CONNECT. The result is a | substitution of a new protocol name to connect to rather than the | |||
| tunnel on a single HTTP/2 stream that can carry data for WebSockets | external host normally used by CONNECT. The result is a tunnel on a | |||
| (or any other protocol). The other streams on the connection may | single HTTP/2 stream that can carry data for WebSockets (or any other | |||
| carry more extended CONNECT tunnels, traditional HTTP/2 data, or a | protocol). The other streams on the connection may carry more | |||
| mixture of both. | extended CONNECT tunnels, traditional HTTP/2 data, or a mixture of | |||
| both. | ||||
| This tunneled stream will be multiplexed with other regular streams | This tunneled stream will be multiplexed with other regular streams | |||
| on the connection and enjoys the normal priority, cancellation, and | on the connection and enjoys the normal priority, cancellation, and | |||
| flow control features of HTTP/2. | flow control features of HTTP/2. | |||
| Streams that successfully establish a WebSocket connection using a | Streams that successfully establish a WebSocket connection using a | |||
| tunneled stream and the modifications to the opening handshake | tunneled stream and the modifications to the opening handshake | |||
| defined in this document then use the traditional WebSocket Protocol, | defined in this document then use the traditional WebSocket Protocol, | |||
| treating the stream as if were the TCP connection in that | treating the stream as if were the TCP connection in that | |||
| specification. | specification. | |||
| skipping to change at page 3, line 37 ¶ | skipping to change at page 3, line 41 ¶ | |||
| Upon receipt of SETTINGS_ENABLE_CONNECT_PROTOCOL with a value of 1, a | Upon receipt of SETTINGS_ENABLE_CONNECT_PROTOCOL with a value of 1, a | |||
| client MAY use the Extended CONNECT definition of this document when | client MAY use the Extended CONNECT definition of this document when | |||
| creating new streams. Receipt of this parameter by a server does not | creating new streams. Receipt of this parameter by a server does not | |||
| have any impact. | have any impact. | |||
| A sender MUST NOT send a SETTINGS_ENABLE_CONNECT_PROTOCOL parameter | A sender MUST NOT send a SETTINGS_ENABLE_CONNECT_PROTOCOL parameter | |||
| with the value of 0 after previously sending a value of 1. | with the value of 0 after previously sending a value of 1. | |||
| The use of a SETTINGS Parameter to opt-in to an otherwise | The use of a SETTINGS Parameter to opt-in to an otherwise | |||
| incompatible protocol change is a use of "Extending HTTP/2" defined | incompatible protocol change is a use of "Extending HTTP/2" defined | |||
| by Section 5.5 of [RFC7540]. If a client were to use the provisions | by Section 5.5 of [RFC7540]. Specifically, the addition a new | |||
| of the extended CONNECT method defined in this document without first | pseudo-header ":protocol" and the change in meaning of the | |||
| receiving a SETTINGS_ENABLE_CONNECT_PROTOCOL parameter, a non- | ":authority" pseudo-header in Section 4 require opt-in negotiation. | |||
| supporting peer would detect a malformed request and generate a | If a client were to use the provisions of the extended CONNECT method | |||
| stream error (Section 8.1.2.6 of [RFC7540]). | defined in this document without first receiving a | |||
| SETTINGS_ENABLE_CONNECT_PROTOCOL parameter, a non-supporting peer | ||||
| would detect a malformed request and generate a stream error | ||||
| (Section 8.1.2.6 of [RFC7540]). | ||||
| 4. The Extended CONNECT Method | 4. The Extended CONNECT Method | |||
| Usage of the CONNECT method in HTTP/2 is defined by Section 8.3 of | Usage of the CONNECT method in HTTP/2 is defined by Section 8.3 of | |||
| [RFC7540]. This extension modifies the method in the following ways: | [RFC7540]. This extension modifies the method in the following ways: | |||
| o A new pseudo-header :protocol MAY be included on request HEADERS | o A new pseudo-header :protocol MAY be included on request HEADERS | |||
| indicating the desired protocol to be spoken on the tunnel created | indicating the desired protocol to be spoken on the tunnel created | |||
| by CONNECT. The pseudo-header is single valued and contains a | by CONNECT. The pseudo-header is single valued and contains a | |||
| value from the HTTP Upgrade Token Registry defined by [RFC7230]. | value from the HTTP Upgrade Token Registry located at | |||
| https://www.iana.org/assignments/http-upgrade-tokens/http-upgrade- | ||||
| tokens.xhtml [1]. | ||||
| o On requests bearing the :protocol pseudo-header, the :scheme and | o On requests bearing the :protocol pseudo-header, the :scheme and | |||
| :path pseudo-header fields MUST be included. | :path pseudo-header fields MUST be included. | |||
| o On requests bearing the :protocol pseudo-header, the :authority | o On requests bearing the :protocol pseudo-header, the :authority | |||
| pseudo-header field is interpreted according to Section 8.1.2.3 of | pseudo-header field is interpreted according to Section 8.1.2.3 of | |||
| [RFC7540] instead of Section 8.3 of [RFC7540]. In particular the | [RFC7540] instead of Section 8.3 of [RFC7540]. In particular the | |||
| server MUST NOT make a new TCP connection to the host and port | server MUST NOT make a new TCP connection to the host and port | |||
| indicated by the :authority. | indicated by the :authority. | |||
| Upon receiving a CONNECT request bearing the :protocol pseudo-header | Upon receiving a CONNECT request bearing the :protocol pseudo-header | |||
| the server establishes a tunnel to another service of the protocol | the server establishes a tunnel to another service of the protocol | |||
| type indicated by the pseudo-header. This service may or may not be | type indicated by the pseudo-header. This service may or may not be | |||
| co-located with the server. | co-located with the server. | |||
| 5. Using Extended CONNECT To Bootstrap The WebSocket Protocol | 5. Using Extended CONNECT To Bootstrap the WebSocket Protocol | |||
| The pseudo-header :protocol MUST be included in the CONNECT request | The pseudo-header :protocol MUST be included in the CONNECT request | |||
| and it MUST have a value of "websocket" to initiate a WebSocket | and it MUST have a value of "websocket" to initiate a WebSocket | |||
| connection on an HTTP/2 stream. Other HTTP request and response | connection on an HTTP/2 stream. Other HTTP request and response | |||
| headers, such as those for manipulating cookies, may be included in | headers, such as those for manipulating cookies, may be included in | |||
| the HEADERS with the CONNECT method as usual. This request replaces | the HEADERS with the CONNECT method as usual. This request replaces | |||
| the GET-based request in [RFC6455] and is used to process the | the GET-based request in [RFC6455] and is used to process the | |||
| WebSockets opening handshake. | WebSockets opening handshake. | |||
| The scheme of the Target URI [RFC7230] MUST be "https" for "wss" | The scheme of the Target URI (Section 5.1 of [RFC7230]) MUST be | |||
| schemed WebSockets and "http" for "ws" schemed WebSockets. The | "https" for "wss" schemed WebSockets and "http" for "ws" schemed | |||
| websocket URI is still used for proxy autoconfiguration. | WebSockets. The websocket URI is still used for proxy | |||
| autoconfiguration. | ||||
| [RFC6455] requires the use of Connection and Upgrade headers that are | [RFC6455] requires the use of Connection and Upgrade headers that are | |||
| not part of HTTP/2. They MUST NOT be included in the CONNECT request | not part of HTTP/2. They MUST NOT be included in the CONNECT request | |||
| defined here. | defined here. | |||
| [RFC6455] requires the use of a Host header which is also not part of | [RFC6455] requires the use of a Host header which is also not part of | |||
| HTTP/2. The Host information is conveyed as part of the :authority | HTTP/2. The Host information is conveyed as part of the :authority | |||
| pseudo-header which is required on every HTTP/2 transaction. | pseudo-header which is required on every HTTP/2 transaction. | |||
| Implementations using this extended CONNECT to bootstrap WebSockets | Implementations using this extended CONNECT to bootstrap WebSockets | |||
| do not do the processing of the [RFC6455] Sec-WebSocket-Key and Sec- | do not do the processing of the [RFC6455] Sec-WebSocket-Key and Sec- | |||
| WebSocket-Accept headers as that functionality has been superseded by | WebSocket-Accept headers as that functionality has been superseded by | |||
| the :protocol pseudo-header. | the :protocol pseudo-header. | |||
| The Sec-WebSocket-Version, Origin [RFC6454], Sec-WebSocket-Protocol, | The Origin [RFC6454], Sec-WebSocket-Version, Sec-WebSocket-Protocol, | |||
| and Sec-WebSocket-Extensions headers are used on the CONNECT request | and Sec-WebSocket-Extensions headers are used on the CONNECT request | |||
| and response headers in the same way as defined in [RFC6455]. Note | and response headers in the same way as defined in [RFC6455]. Note | |||
| that HTTP/1 header names were case-insensitive and HTTP/2 requires | that HTTP/1 header names were case-insensitive and HTTP/2 requires | |||
| they be encoded as lower case. | they be encoded as lower case. | |||
| After successfully processing the opening handshake, the peers should | After successfully processing the opening handshake, the peers should | |||
| proceed with The WebSocket Protocol [RFC6455] using the HTTP/2 stream | proceed with the WebSocket Protocol [RFC6455] using the HTTP/2 stream | |||
| from the CONNECT transaction as if it were the TCP connection | from the CONNECT transaction as if it were the TCP connection | |||
| referred to in [RFC6455]. The state of the WebSocket connection at | referred to in [RFC6455]. The state of the WebSocket connection at | |||
| this point is OPEN as defined by [RFC6455], Section 4.1. | this point is OPEN as defined by [RFC6455], Section 4.1. | |||
| The HTTP/2 stream closure is also analogous to the TCP connection of | The HTTP/2 stream closure is also analogous to the TCP connection of | |||
| [RFC6455]. Orderly TCP level closures are represented as END_STREAM | [RFC6455]. Orderly TCP level closures are represented as END_STREAM | |||
| ([RFC7540], Section 6.1) flags and RST exceptions are represented | ([RFC7540], Section 6.1) flags and RST exceptions are represented | |||
| with the RST_STREAM ([RFC7540], Section 6.4) frame with the CANCEL | with the RST_STREAM ([RFC7540], Section 6.4) frame with the CANCEL | |||
| ([RFC7540], Section 7) error code. | ([RFC7540], Section 7) error code. | |||
| skipping to change at page 6, line 27 ¶ | skipping to change at page 7, line 13 ¶ | |||
| described in this document. | described in this document. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| [RFC6455] ensures that non-WebSockets clients, especially | [RFC6455] ensures that non-WebSockets clients, especially | |||
| XMLHttpRequest based clients, cannot make a WebSocket connection. | XMLHttpRequest based clients, cannot make a WebSocket connection. | |||
| Its primary mechanism for doing that is the use of Sec- prefixed | Its primary mechanism for doing that is the use of Sec- prefixed | |||
| request headers that cannot be created by XMLHttpRequest-based | request headers that cannot be created by XMLHttpRequest-based | |||
| clients. This specification addresses that concern in two ways: | clients. This specification addresses that concern in two ways: | |||
| o The CONNECT method is prohibited from being used by XMLHttpRequest | o XMLHttpRequest also prohibits use of the CONNECT method in | |||
| addition to Sec- prefixed request headers. | ||||
| o The use of a pseudo-header is something that is connection | o The use of a pseudo-header is something that is connection | |||
| specific and HTTP/2 does not ever allow to be created outside of | specific and HTTP/2 does not ever allow to be created outside of | |||
| the protocol stack. | the protocol stack. | |||
| 9. IANA Considerations | 9. IANA Considerations | |||
| This document establishes an entry for the HTTP/2 Settings Registry | This document establishes an entry for the HTTP/2 Settings Registry | |||
| that was established by Section 11.3 of [RFC7540]. | that was established by Section 11.3 of [RFC7540]. | |||
| Name: SETTINGS_ENABLE_CONNECT_PROTOCOL | Name: SETTINGS_ENABLE_CONNECT_PROTOCOL | |||
| Code: 0x8 | Code: 0x8 | |||
| Initial Value: 0 | Initial Value: 0 | |||
| Specification: This document | Specification: This document | |||
| 10. Normative References | 10. References | |||
| 10.1. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, | [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, | |||
| DOI 10.17487/RFC6454, December 2011, | DOI 10.17487/RFC6454, December 2011, | |||
| <https://www.rfc-editor.org/info/rfc6454>. | <https://www.rfc-editor.org/info/rfc6454>. | |||
| skipping to change at page 7, line 27 ¶ | skipping to change at page 8, line 19 ¶ | |||
| [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | |||
| Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | |||
| DOI 10.17487/RFC7540, May 2015, | DOI 10.17487/RFC7540, May 2015, | |||
| <https://www.rfc-editor.org/info/rfc7540>. | <https://www.rfc-editor.org/info/rfc7540>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 10.2. URIs | ||||
| [1] https://www.iana.org/assignments/http-upgrade-tokens/http- | ||||
| upgrade-tokens.xhtml | ||||
| Acknowledgments | Acknowledgments | |||
| The 2017 HTTP Workshop had a very productive discussion that helped | The 2017 HTTP Workshop had a very productive discussion that helped | |||
| determine the key problem and acceptable level of solution | determine the key problem and acceptable level of solution | |||
| complexity. | complexity. | |||
| Author's Address | Author's Address | |||
| Patrick McManus | Patrick McManus | |||
| Mozilla | Mozilla | |||
| End of changes. 19 change blocks. | ||||
| 45 lines changed or deleted | 62 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||