| < draft-vvv-httpbis-alps-00.txt | draft-vvv-httpbis-alps-01.txt > | |||
|---|---|---|---|---|
| HTTP Working Group V. Vasiliev | HTTP Working Group V. Vasiliev | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Intended status: Standards Track 6 July 2020 | Intended status: Standards Track 21 January 2021 | |||
| Expires: 7 January 2021 | Expires: 25 July 2021 | |||
| Using TLS Application-Layer Protocol Settings (ALPS) in HTTP | Using TLS Application-Layer Protocol Settings (ALPS) in HTTP | |||
| draft-vvv-httpbis-alps-00 | draft-vvv-httpbis-alps-01 | |||
| Abstract | Abstract | |||
| This document describes the use of TLS Application-Level Protocol | This document describes the use of TLS Application-Level Protocol | |||
| Settings (ALPS) in HTTP/2 and HTTP/3. Additionally, it defines a set | Settings (ALPS) in HTTP/2 and HTTP/3. Additionally, it defines a set | |||
| of additional HTTP SETTINGS parameters that would normally be | of additional HTTP SETTINGS parameters that would normally be | |||
| impractical without ALPS. | impractical without ALPS. | |||
| Discussion Venues | Discussion Venues | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 7 January 2021. | This Internet-Draft will expire on 25 July 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Simplified BSD License text | |||
| as described in Section 4.e of the Trust Legal Provisions and are | as described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 | 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 | |||
| 3. Use of ALPS in HTTP . . . . . . . . . . . . . . . . . . . . . 3 | 3. Use of ALPS in HTTP . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. New Settings . . . . . . . . . . . . . . . . . . . . . . . . 3 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | 6. Normative References . . . . . . . . . . . . . . . . . . . . 4 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . 4 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 5 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 | ||||
| 1. Introduction | 1. Introduction | |||
| HTTP/2 defines a mechanism for exchanging the protocol settings using | HTTP/2 defines a mechanism for exchanging the protocol settings using | |||
| a SETTINGS frame ([RFC7540], Section 6.5). HTTP/3 uses a similar | a SETTINGS frame ([RFC7540], Section 6.5). HTTP/3 uses a similar | |||
| mechanism ([HTTP3], Section 7.2.4). One of the properties of the | mechanism ([HTTP3], Section 7.2.4). One of the properties of the | |||
| mechanism as defined by both of those protocols is that the parties | mechanism as defined by both of those protocols is that the parties | |||
| start out without having access to the entirety of the peer's | start out without having access to the entirety of the peer's | |||
| settings. This means that they have to initially operate using the | settings. This means that they have to initially operate using the | |||
| default settings, and after receiving the SETTINGS frame, they have | default settings, and after receiving the SETTINGS frame, they have | |||
| skipping to change at page 3, line 41 ¶ | skipping to change at page 3, line 41 ¶ | |||
| explicitly allowed to be there; this document only allows the | explicitly allowed to be there; this document only allows the | |||
| SETTINGS frame ([HTTP3], Section 7.2.4). Sending a SETTINGS frame in | SETTINGS frame ([HTTP3], Section 7.2.4). Sending a SETTINGS frame in | |||
| ALPS supersedes the requirement to send a SETTINGS frame at the | ALPS supersedes the requirement to send a SETTINGS frame at the | |||
| beginning of the control stream. | beginning of the control stream. | |||
| Since settings exchanged through ALPS are always available at the | Since settings exchanged through ALPS are always available at the | |||
| beginning of the connection, some HTTP extensions may opt to require | beginning of the connection, some HTTP extensions may opt to require | |||
| those to be sent through ALPS. Such extensions are exempt from the | those to be sent through ALPS. Such extensions are exempt from the | |||
| initialization requirements of the Section 7.2.4.2 of [HTTP3]. | initialization requirements of the Section 7.2.4.2 of [HTTP3]. | |||
| 4. New Settings | 4. Security Considerations | |||
| In addition to specifying the use of ALPS, this document introduces a | ||||
| way for an endpoint to use HTTP/2 and HTTP/3 without any form of | ||||
| header compression. Previously, using SETTINGS to opt into the use | ||||
| of header compression would result in the first flight of requests | ||||
| being sent fully uncompressed; ALPS provides settings before any of | ||||
| the requests are sent, thus removing that concern. | ||||
| The following new HTTP/2 setting is introduced: | ||||
| SETTINGS_HPACK_ENABLE_STATIC_TABLES (0x??): May be "0" or "1". If | ||||
| set to "0", the only allowed HPACK instructions are "Literal | ||||
| Header Field without Indexing" and "Literal Header Field Never | ||||
| Indexed" (Sections 6.2.2 and 6.2.3 of [RFC7541]), with index set | ||||
| to "0", and the "H" bit set to zero for both string literals. The | ||||
| default value is "1". | ||||
| The following new HTTP/3 setting is introduced: | ||||
| SETTINGS_QPACK_ENABLE_STATIC_TABLES (0x??): May be "0" or "1". If | ||||
| set to "0", the only allowed QPACK instruction is "Literal Field | ||||
| Line Without Name Reference", with the "H" bit set to zero for | ||||
| both string literals. The default value is "1". | ||||
| Those settings MUST be supported by any endpoint that uses ALPS in | ||||
| conjunction with HTTP/2 or HTTP/3. Both of those settings MUST NOT | ||||
| be sent outside of the ALPS. | ||||
| 5. Security Considerations | ||||
| In ALPS, both client and server settings are sent encrypted. | In ALPS, both client and server settings are sent encrypted. | |||
| Settings communicated through ALPS are presented to all clients | Settings communicated through ALPS are presented to all clients | |||
| before they are authenticated; thus, if a server relies on TLS client | before they are authenticated; thus, if a server relies on TLS client | |||
| authentication and considers its settings private, it MUST NOT use | authentication and considers its settings private, it MUST NOT use | |||
| the mechanism defined in this document. | the mechanism defined in this document. | |||
| 6. IANA Considerations | 5. IANA Considerations | |||
| IANA will add an "Allowed in ALPS" column to the "HTTP/2 Frames" | IANA will add an "Allowed in ALPS" column to the "HTTP/2 Frames" | |||
| section of the "Hypertext Transfer Protocol version 2 (HTTP/2) | section of the "Hypertext Transfer Protocol version 2 (HTTP/2) | |||
| Parameters" registry, with a value set to "Yes" for SETTINGS (0x4), | Parameters" registry, with a value set to "Yes" for SETTINGS (0x4), | |||
| and to "No" for all other previously defined settings. | and to "No" for all other previously defined settings. | |||
| IANA will add the following entry into the "HTTP/2 Settings" table: | ||||
| Code 0x?? | ||||
| Name HPACK_ENABLE_STATIC_TABLES | ||||
| Initial Value 1 | ||||
| ALPS Only Yes | ||||
| Reference This document | ||||
| TODO: Add HTTP/3 once IANA has an HTTP/3 registry. | TODO: Add HTTP/3 once IANA has an HTTP/3 registry. | |||
| 7. Normative References | 6. Normative References | |||
| [ALPS] Vasiliev, V., "TLS Application-Layer Protocol Settings | [ALPS] Vasiliev, V., "TLS Application-Layer Protocol Settings | |||
| Extension", Work in Progress, Internet-Draft, draft-vvv- | Extension", Work in Progress, Internet-Draft, draft-vvv- | |||
| tls-alps-latest, | tls-alps-latest, | |||
| <https://tools.ietf.org/html/draft-vvv-tls-alps-latest>. | <https://tools.ietf.org/html/draft-vvv-tls-alps-latest>. | |||
| [HTTP3] Bishop, M., Ed., "Hypertext Transfer Protocol Version 3 | [HTTP3] Bishop, M., Ed., "Hypertext Transfer Protocol Version 3 | |||
| (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- | (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- | |||
| quic-http-latest, | quic-http-latest, | |||
| <https://tools.ietf.org/html/draft-ietf-quic-http-latest>. | <https://tools.ietf.org/html/draft-ietf-quic-http-latest>. | |||
| skipping to change at page 5, line 25 ¶ | skipping to change at page 4, line 36 ¶ | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | |||
| Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | |||
| DOI 10.17487/RFC7540, May 2015, | DOI 10.17487/RFC7540, May 2015, | |||
| <https://www.rfc-editor.org/info/rfc7540>. | <https://www.rfc-editor.org/info/rfc7540>. | |||
| [RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for | ||||
| HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7541>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| Acknowledgments | Acknowledgments | |||
| This document has benefited from contributions and suggestions from | This document has benefited from contributions and suggestions from | |||
| David Benjamin, Nick Harper, David Schinazi, and many others. | David Benjamin, Nick Harper, David Schinazi, and many others. | |||
| Author's Address | Author's Address | |||
| End of changes. 10 change blocks. | ||||
| 59 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||