idnits 2.17.1 

draft-bishop-httpbis-grease-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 88: '...o semantic meaning, and SHOULD be send...'
     RFC 2119 keyword, line 90: '...   They MAY also be sent on connection...'
     RFC 2119 keyword, line 91: '...rred.  Endpoints MUST NOT consider the...'
     RFC 2119 keyword, line 94: '...and the length of the frames SHOULD be...'
     RFC 2119 keyword, line 102: '...   SHOULD NOT be sent on streams in th...'
     (6 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (24 June 2020) is 1402 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 7540 (ref. 'HTTP2') (Obsoleted by RFC
     9113)


     Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	HTTPbis                                                        M. Bishop
3	Internet-Draft                                                    Akamai
4	Intended status: Standards Track                            24 June 2020
5	Expires: 26 December 2020

7	                           GREASE for HTTP/2
8	                     draft-bishop-httpbis-grease-01

10	Abstract

12	   Reserves several values in the HTTP/2 registries to exercise the
13	   requirement that clients and servers ignore unknown values.

15	Status of This Memo

17	   This Internet-Draft is submitted in full conformance with the
18	   provisions of BCP 78 and BCP 79.

20	   Internet-Drafts are working documents of the Internet Engineering
21	   Task Force (IETF).  Note that other groups may also distribute
22	   working documents as Internet-Drafts.  The list of current Internet-
23	   Drafts is at https://datatracker.ietf.org/drafts/current/.

25	   Internet-Drafts are draft documents valid for a maximum of six months
26	   and may be updated, replaced, or obsoleted by other documents at any
27	   time.  It is inappropriate to use Internet-Drafts as reference
28	   material or to cite them other than as "work in progress."

30	   This Internet-Draft will expire on 26 December 2020.

32	Copyright Notice

34	   Copyright (c) 2020 IETF Trust and the persons identified as the
35	   document authors.  All rights reserved.

37	   This document is subject to BCP 78 and the IETF Trust's Legal
38	   Provisions Relating to IETF Documents (https://trustee.ietf.org/
39	   license-info) in effect on the date of publication of this document.
40	   Please review these documents carefully, as they describe your rights
41	   and restrictions with respect to this document.  Code Components
42	   extracted from this document must include Simplified BSD License text
43	   as described in Section 4.e of the Trust Legal Provisions and are
44	   provided without warranty as described in the Simplified BSD License.

46	Table of Contents

48	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
49	   2.  Using GREASE in HTTP/2  . . . . . . . . . . . . . . . . . . .   2
50	     2.1.  GREASE for Frame Types  . . . . . . . . . . . . . . . . .   2
51	     2.2.  GREASE for SETTINGS . . . . . . . . . . . . . . . . . . .   3
52	   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
53	   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
54	     4.1.  Frame Types . . . . . . . . . . . . . . . . . . . . . . .   3
55	     4.2.  Settings  . . . . . . . . . . . . . . . . . . . . . . . .   3
56	   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   3
57	     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
58	     5.2.  Informative References  . . . . . . . . . . . . . . . . .   4
59	   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   4
60	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   4

62	1.  Introduction

64	   [UseIt] observes that extension and negotiation mechanisms which
65	   aren't exercised regularly can be found not to work when they are
66	   later employed by an extension to the protocol.  [GREASE] is one
67	   mitigation which originated in TLS, registering multiple values in
68	   various TLS registries which can be sent prospectively by clients.

70	   The common requirement of the different spaces described by these
71	   documents is the requirement that recipients ignore unrecognized
72	   values.  By reserving a scattered set of codepoints to have no
73	   defined meaning, clients and servers can inject values from these
74	   ranges into connections on a regular basis and exercise this
75	   requirement.

77	   HTTP/2 [HTTP2] frame types and settings employ a similar mechanism of
78	   ignoring unknown values.  This makes HTTP/2 a good candidate to
79	   employ grease on connections.  The need for such a technique was
80	   demonstrated recently by an HTTP/2 implementation which closed the
81	   connection upon receipt of an unknown setting.

83	2.  Using GREASE in HTTP/2

85	2.1.  GREASE for Frame Types

87	   Frame types of the format "0xb + (0x1f * N)" are reserved for use as
88	   grease.  These frames have no semantic meaning, and SHOULD be send
89	   instead of using padding on DATA or HEADERS frames where possible.
90	   They MAY also be sent on connections where there is no application
91	   data currently being transferred.  Endpoints MUST NOT consider these
92	   frames to have any meaning upon receipt.

94	   The flags, the payload, and the length of the frames SHOULD be
95	   selected randomly, subject to implementation-defined limits on the
96	   length.

98	   [HTTP2] is ambiguous about whether unknown frame types are permitted
99	   on streams in the "idle", "reserved", "closed", or "half-closed
100	   (local)" states.  As a result, some implementations could
101	   legitimately consider this to be an error.  Therefore, these frames
102	   SHOULD NOT be sent on streams in those states.

104	2.2.  GREASE for SETTINGS

106	   Settings identifiers of the format "0x?a?a" are reserved for use as
107	   grease.  Such settings have no defined meaning.  Endpoints SHOULD
108	   include at least one such setting in their initial SETTINGS frame,
109	   and MAY send new SETTINGS frames during the connection containing
110	   additional grease values.  Endpoints MUST NOT consider such settings
111	   to have any meaning upon receipt.

113	   Because the setting has no defined meaning, the value of the setting
114	   SHOULD be selected randomly.

116	3.  Security Considerations

118	   The ability to design, implement, and deploy new protocol mechanisms
119	   can be critical to security.

121	4.  IANA Considerations

123	4.1.  Frame Types

125	   This document reserves a range of entries in the "HTTP/2 Frame Type"
126	   registry defined in [HTTP2].  Each code of the format "0xb + (0x1f *
127	   N)" for values of N in the range (0..7) (that is, "0xb", "0x2a",
128	   etc., through "0xe4") MUST NOT be assigned by IANA for any purpose.

130	4.2.  Settings

132	   This document reserves a range of entries in the "HTTP/2 Settings"
133	   registry defined in [HTTP2].  Each code of the format "0x?a?a" where
134	   each "?" is any octet (that is, "0x0a0a", "0x0a1a", etc. through
135	   "0xfafa") MUST NOT be assigned by IANA for any purpose.

137	5.  References

139	5.1.  Normative References

141	   [HTTP2]    Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
142	              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
143	              DOI 10.17487/RFC7540, May 2015,
144	              <https://www.rfc-editor.org/info/rfc7540>.

146	5.2.  Informative References

148	   [GREASE]   Benjamin, D., "Applying GREASE to TLS Extensibility", Work
149	              in Progress, Internet-Draft, draft-ietf-tls-grease-04, 22
150	              August 2019, <http://www.ietf.org/internet-drafts/draft-
151	              ietf-tls-grease-04.txt>.

153	   [UseIt]    Thomson, M., "Long-term Viability of Protocol Extension
154	              Mechanisms", Work in Progress, Internet-Draft, draft-
155	              thomson-use-it-or-lose-it-04, 7 July 2019,
156	              <http://www.ietf.org/internet-drafts/draft-thomson-use-it-
157	              or-lose-it-04.txt>.

159	Appendix A.  Acknowledgements

161	   This draft arose from a discussion in the QUIC WG with Lucas Pardue,
162	   Ryan Hamilton, and Martin Thomson.

164	Author's Address

166	   Mike Bishop
167	   Akamai

169	   Email: mbishop@evequefou.be