| < draft-ietf-httpbis-immutable-00.txt | draft-ietf-httpbis-immutable-01.txt > | |||
|---|---|---|---|---|
| Network Working Group P. McManus | HTTP Working Group P. McManus | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Intended status: Standards Track January 12, 2017 | Intended status: Standards Track March 13, 2017 | |||
| Expires: July 16, 2017 | Expires: September 14, 2017 | |||
| HTTP Immutable Responses | HTTP Immutable Responses | |||
| draft-ietf-httpbis-immutable-00 | draft-ietf-httpbis-immutable-01 | |||
| Abstract | Abstract | |||
| The immutable HTTP response Cache-Control extension allows servers to | The immutable HTTP response Cache-Control extension allows servers to | |||
| identify resources that will not be updated during their freshness | identify resources that will not be updated during their freshness | |||
| lifetime. This assures that a client never needs to revalidate a | lifetime. This assures that a client never needs to revalidate a | |||
| cached fresh resource to be certain it has not been modified. | cached fresh resource to be certain it has not been modified. | |||
| Note to Readers | ||||
| Discussion of this draft takes place on the HTTP working group | ||||
| mailing list (ietf-http-wg@w3.org), which is archived at | ||||
| https://lists.w3.org/Archives/Public/ietf-http-wg/ . | ||||
| Working Group information can be found at http://httpwg.github.io/ ; | ||||
| source code and issues list for this draft can be found at | ||||
| https://github.com/httpwg/http-extensions/labels/immutable . | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 16, 2017. | This Internet-Draft will expire on September 14, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| 1. Introduction | 1. Introduction | |||
| The HTTP freshness lifetime [RFC7234] caching attribute specifies | HTTP's freshness lifetime mechanism [RFC7234] allows a client to | |||
| that a client may safely reuse a response to satisfy future requests | safely reuse a stored response to satisfy future requests for a | |||
| over a specific period of time. It does not specify that the | specified period of time. However, it is still possible that the | |||
| resource will be not be modified during that period. | resource will be modified during that period. | |||
| For instance, a front page newspaper photo with a freshness lifetime | For instance, a front page newspaper photo with a freshness lifetime | |||
| of one hour would mean that no user should see a photo more than one | of one hour would mean that no user would see a cached photo more | |||
| hour old. However, the photo could be updated at any time resulting | than one hour old. However, the photo could be updated at any time | |||
| in different users seeing different photos depending on the contents | resulting in different users seeing different photos depending on the | |||
| of their caches for up to one hour. This is compliant with the | contents of their caches for up to one hour. This is compliant with | |||
| caching mechanism defined in [RFC7234]. | the caching mechanism defined in [RFC7234]. | |||
| Users that need to confirm there have been no updates to their | Users that need to confirm there have been no updates to their cached | |||
| current cached resources typically invoke the reload (or refresh) | responses typically use the reload (or refresh) mechanism in their | |||
| mechanism in the user agent. This in turn generates a conditional | user agents. This in turn generates a conditional request [RFC7232] | |||
| request [RFC7232] and either a new representation or, if unmodified, | and either a new representation or, if unmodified, a 304 (Not | |||
| a 304 response [RFC7231] is returned. A user agent that manages HTML | Modified) response [RFC7232] is returned. A user agent that | |||
| and its dependent sub-resources may issue hundreds of conditional | understands HTML and fetches its dependent sub-resources might issue | |||
| requests to refresh all portions of a common HTML page [REQPERPAGE]. | hundreds of conditional requests to refresh all portions of a common | |||
| page [REQPERPAGE]. | ||||
| Through the use of the versioned URL design pattern some content | However some content providers never create more than one variant of | |||
| providers never create more than one variant of a sub-resource. When | a sub-resource, because they use "versioned" URLs. When these | |||
| these resources need an update they are simply published under a new | resources need an update they are simply published under a new URL, | |||
| URL, typically embedding a variant identifier in the path, and | typically embedding an identifier unique to that version of the | |||
| references to the sub-resource are updated with the new path | resource in the path, and references to the sub-resource are updated | |||
| information. | with the new path information. | |||
| For example, https://www.example.com/101016/main.css might be updated | For example, "https://www.example.com/101016/main.css" might be | |||
| and republished as https://www.example.com/102026/main.css and the | updated and republished as "https://www.example.com/102026/main.css", | |||
| html that references it is changed at the same time. This design | with any links that references it being changed at the same time. | |||
| pattern allows a very large freshness lifetime to be applied to the | This design pattern allows a very large freshness lifetime to be used | |||
| sub-resource without guessing when it will be updated in the future. | for the sub-resource without guessing when it will be updated in the | |||
| future. | ||||
| Unfortunately, the user-agent is not aware of the versioned URL | Unfortunately, the user agent does not know when this versioned URL | |||
| design pattern. User driven refresh events still translate into | design pattern is used. As a result, user-driven refreshes still | |||
| wasted conditional requests for each sub-resource as each will return | translate into wasted conditional requests for each sub-resource as | |||
| 304 responses. | each will return 304 responses. | |||
| The immutable HTTP response Cache-Control extension allows servers to | The "immutable" HTTP response Cache-Control extension allows servers | |||
| identify resources that will not be updated during their freshness | to identify responses that will not be updated during their freshness | |||
| lifetime. This effectively instructs the client that any conditional | lifetimes. | |||
| request for a previously served variant of that resource may be | ||||
| safely skipped without worrying that it has been updated. | This effectively informs clients that any conditional request for | |||
| that response can be safely skipped without worrying that it has been | ||||
| updated. | ||||
| 2. The immutable Cache-Control extension | 2. The immutable Cache-Control extension | |||
| When present in an HTTP response, the immutable Cache-Control | When present in an HTTP response, the "immutable" Cache-Control | |||
| extension indicates that the origin server MUST NOT update the | extension indicates that the origin server will not update the | |||
| representation of that resource during the freshness lifetime of the | representation of that resource during the freshness lifetime of the | |||
| response. | response. | |||
| Clients SHOULD NOT issue a conditional request during the response's | ||||
| freshness lifetime (e.g. upon a reload) unless explicitly overridden | ||||
| by the user (e.g. a force reload). | ||||
| The immutable extension only applies during the freshness lifetime of | The immutable extension only applies during the freshness lifetime of | |||
| the response. Stale responses SHOULD be revalidated as they normally | the stored response. Stale responses SHOULD be revalidated as they | |||
| would be in the absence of immutable. | normally would be in the absence of immutable. | |||
| The immutable extension takes no arguments and if any arguments are | The immutable extension takes no arguments. If any arguments are | |||
| present they have no meaning. Multiple instances of the immutable | present, they have no meaning, and MUST be ignored. Multiple | |||
| extension are equivalent to one instance. The presence of an | instances of the immutable extension are equivalent to one instance. | |||
| immutable Cache-Control extension in a request has no effect. | The presence of an immutable Cache-Control extension in a request has | |||
| no effect. | ||||
| 2.1. About Intermediaries | 2.1. About Intermediaries | |||
| An immutable response has the same semantic meaning for proxy clients | An immutable response has the same semantic meaning whe received by | |||
| as it does for User-Agent based clients and they therefore MAY also | proxy clients as it does when received by User-Agent based clients. | |||
| presume a conditional revalidation for a response marked immutable | Therefore proxies SHOULD skip conditionally revalidating fresh | |||
| would return 304. A proxy client who uses immutable to anticipate a | responses containing the immutable extension unless there is a signal | |||
| 304 response may choose whether to reply with a 304 or 200 to its | from the client that a validation is necessary (e.g. a no-cache | |||
| requesting client. | Cache-Control request directive). | |||
| A proxy that uses immutable to bypass a conditional revalidation may | ||||
| choose whether to reply with a 304 or 200 to its requesting client | ||||
| based on the request headers the proxy received. | ||||
| 2.2. Example | 2.2. Example | |||
| Cache-Control: max-age=31536000, immutable | Cache-Control: max-age=31536000, immutable | |||
| 3. Security Considerations | 3. Security Considerations | |||
| The immutable mechanism acts as form of soft pinning and, as with all | The immutable mechanism acts as form of soft pinning and, as with all | |||
| pinning mechanisms, creates a vector for amplification of cache | pinning mechanisms, creates a vector for amplification of cache | |||
| corruption incidents. These incidents include cache poisoning | corruption incidents. These incidents include cache poisoning | |||
| attacks. Three mechanisms are suggested for mitigation of this risk: | attacks. Three mechanisms are suggested for mitigation of this risk: | |||
| o Clients should ignore immutable for resources that are not part of | o Clients SHOULD ignore immutable from resources that are not part | |||
| an authenticated context such as HTTPS. Authenticated resources | of an authenticated context such as HTTPS. Authenticated | |||
| are less vulnerable to cache poisoning. | resources are less vulnerable to cache poisoning. | |||
| o User-Agents often provide two different refresh mechanismss: | o User-Agents often provide two different refresh mechanisms: reload | |||
| reload and some form of force-reload. The latter is used to | and some form of force-reload. The latter is used to rectify | |||
| rectify interrupted loads and other corruption. These reloads, | interrupted loads and other corruption. These reloads, typically | |||
| typically indicated through no-cache request attributes, should | indicated through no-cache request attributes, SHOULD ignore | |||
| ignore immutable as well. | immutable as well. | |||
| o Clients should ignore immutable for resources that do not provide | o Clients SHOULD ignore immutable for resources that do not provide | |||
| a strong indication that the stored response size is the correct | a strong indication that the stored response size is the correct | |||
| response size such as responses delimited by connection close. | response size such as responses delimited by connection close. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| [RFC7234] sections 7.1 and 7.1.2 require registration of the | [RFC7234] sections 7.1 and 7.1.2 require registration of the | |||
| immutable extension in the "Hypertext Transfer Protocol (HTTP) Cache | immutable extension in the "Hypertext Transfer Protocol (HTTP) Cache | |||
| Directive Registry" with IETF Review. | Directive Registry" with IETF Review. | |||
| o Cache-Directive: immutable | o Cache-Directive: immutable | |||
| o Pointer to specification text: [this document] | o Pointer to specification text: [this document] | |||
| 5. Acknowledgments | 5. Acknowledgments | |||
| Thank you to Ben Maurer for partnership in developing and testing | Thank you to Ben Maurer for partnership in developing and testing | |||
| this idea. Thank you to Amos Jeffries for help with proxy | this idea. Thank you to Amos Jeffries for help with proxy | |||
| interactions. | interactions and to Mark Nottingham for help with the documentation. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | |||
| DOI 10.17487/RFC7231, June 2014, | DOI 10.17487/RFC7231, June 2014, | |||
| <http://www.rfc-editor.org/info/rfc7231>. | <http://www.rfc-editor.org/info/rfc7231>. | |||
| [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Conditional Requests", RFC 7232, | Protocol (HTTP/1.1): Conditional Requests", RFC 7232, | |||
| DOI 10.17487/RFC7232, June 2014, | DOI 10.17487/RFC7232, June 2014, | |||
| End of changes. 22 change blocks. | ||||
| 66 lines changed or deleted | 88 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||