idnits 2.17.1
draft-ietf-httpbis-alt-svc-01.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (April 1, 2014) is 3678 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-17) exists of
draft-ietf-httpbis-http2-10
-- Obsolete informational reference (is this intentional?): RFC 5246
(Obsoleted by RFC 8446)
Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 HTTPbis Working Group M. Nottingham
3 Internet-Draft Akamai
4 Intended status: Standards Track P. McManus
5 Expires: October 3, 2014 Mozilla
6 J. Reschke
7 greenbytes
8 April 1, 2014
10 HTTP Alternative Services
11 draft-ietf-httpbis-alt-svc-01
13 Abstract
15 This document specifies "alternative services" for HTTP, which allow
16 an origin's resources to be authoritatively available at a separate
17 network location, possibly accessed with a different protocol
18 configuration.
20 Editorial Note (To be removed by RFC Editor)
22 Discussion of this draft takes place on the HTTPBIS working group
23 mailing list (ietf-http-wg@w3.org), which is archived at
24 .
26 Working Group information can be found at
27 ; that specific to HTTP/2 are at
28 .
30 The changes in this draft are summarized in Appendix A.
32 Status of This Memo
34 This Internet-Draft is submitted in full conformance with the
35 provisions of BCP 78 and BCP 79.
37 Internet-Drafts are working documents of the Internet Engineering
38 Task Force (IETF). Note that other groups may also distribute
39 working documents as Internet-Drafts. The list of current Internet-
40 Drafts is at http://datatracker.ietf.org/drafts/current/.
42 Internet-Drafts are draft documents valid for a maximum of six months
43 and may be updated, replaced, or obsoleted by other documents at any
44 time. It is inappropriate to use Internet-Drafts as reference
45 material or to cite them other than as "work in progress."
47 This Internet-Draft will expire on October 3, 2014.
49 Copyright Notice
51 Copyright (c) 2014 IETF Trust and the persons identified as the
52 document authors. All rights reserved.
54 This document is subject to BCP 78 and the IETF Trust's Legal
55 Provisions Relating to IETF Documents
56 (http://trustee.ietf.org/license-info) in effect on the date of
57 publication of this document. Please review these documents
58 carefully, as they describe your rights and restrictions with respect
59 to this document. Code Components extracted from this document must
60 include Simplified BSD License text as described in Section 4.e of
61 the Trust Legal Provisions and are provided without warranty as
62 described in the Simplified BSD License.
64 Table of Contents
66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
67 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3
68 2. Alternative Services Concepts . . . . . . . . . . . . . . . . 4
69 2.1. Host Authentication . . . . . . . . . . . . . . . . . . . 5
70 2.2. Alternative Service Caching . . . . . . . . . . . . . . . 6
71 2.3. Requiring Server Name Indication . . . . . . . . . . . . . 6
72 2.4. Using Alternative Services . . . . . . . . . . . . . . . . 6
73 3. The Alt-Svc HTTP Header Field . . . . . . . . . . . . . . . . 7
74 3.1. Caching Alt-Svc Header Field Values . . . . . . . . . . . 8
75 4. The Service HTTP Header Field . . . . . . . . . . . . . . . . 9
76 5. The 421 Not Authoritative HTTP Status Code . . . . . . . . . . 10
77 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
78 6.1. The Alt-Svc Message Header Field . . . . . . . . . . . . . 10
79 6.2. The Service Message Header Field . . . . . . . . . . . . . 10
80 6.3. The 421 Not Authoritative HTTP Status Code . . . . . . . . 11
81 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
82 7.1. Changing Ports . . . . . . . . . . . . . . . . . . . . . . 11
83 7.2. Changing Hosts . . . . . . . . . . . . . . . . . . . . . . 12
84 7.3. Changing Protocols . . . . . . . . . . . . . . . . . . . . 12
85 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
86 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
87 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13
88 9.2. Informative References . . . . . . . . . . . . . . . . . . 14
89 Appendix A. Change Log (to be removed by RFC Editor before
90 publication) . . . . . . . . . . . . . . . . . . . . 14
91 A.1. Since draft-nottingham-httpbis-alt-svc-05 . . . . . . . . 14
92 A.2. Since draft-ietf-httpbis-alt-svc-00 . . . . . . . . . . . 14
94 1. Introduction
96 HTTP [HTTP-p1] conflates the identification of resources with their
97 location. In other words, "http://" (and "https://") URLs are used
98 to both name and find things to interact with.
100 In some cases, it is desirable to separate these aspects; to be able
101 to keep the same identifier for a resource, but interact with it
102 using a different location on the network.
104 For example:
106 o An origin server might wish to redirect a client to an alternative
107 when it needs to go down for maintenance, or it has found an
108 alternative in a location that is more local to the client.
110 o An origin server might wish to offer access to its resources using
111 a new protocol (such as HTTP/2, see [HTTP2]) or one using improved
112 security (such as Transport Layer Security (TLS), see [RFC5246]).
114 o An origin server might wish to segment its clients into groups of
115 capabilities, such as those supporting Server Name Indication
116 (SNI, see Section 3 of [RFC6066]) and those not supporting it, for
117 operational purposes.
119 This specification defines a new concept in HTTP, "Alternative
120 Services", that allows a resource to nominate additional means of
121 interacting with it on the network. It defines a general framework
122 for this in Section 2, along with a specific mechanism for
123 discovering them using HTTP header fields in Section 3.
125 It also introduces a new status code in Section 5, so that origin
126 servers (or their nominated alternatives) can indicate that they are
127 not authoritative for a given origin, in cases where the wrong
128 location is used.
130 1.1. Notational Conventions
132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
134 document are to be interpreted as described in [RFC2119].
136 This document uses the Augmented BNF defined in [RFC5234] along with
137 the "OWS", "delta-seconds", "parameter", "port", "token", and "uri-
138 host" rules from [HTTP-p1], and uses the "#rule" extension defined in
139 Section 7 of that document.
141 2. Alternative Services Concepts
143 This specification defines a new concept in HTTP, the "alternative
144 service". When an origin (see [RFC6454]) has resources that are
145 accessible through a different protocol / host / port combination, it
146 is said to have an alternative service.
148 An alternative service can be used to interact with the resources on
149 an origin server at a separate location on the network, possibly
150 using a different protocol configuration. Alternative services are
151 considered authoritative for an origin's resources, in the sense of
152 [HTTP-p1], Section 9.1.
154 For example, an origin:
156 ("http", "www.example.com", "80")
158 might declare that its resources are also accessible at the
159 alternative service:
161 ("h2", "new.example.com", "81")
163 By their nature, alternative services are explicitly at the
164 granularity of an origin; i.e., they cannot be selectively applied to
165 resources within an origin.
167 Alternative services do not replace or change the origin for any
168 given resource; in general, they are not visible to the software
169 "above" the access mechanism. The alternative service is essentially
170 alternative routing information that can also be used to reach the
171 origin in the same way that DNS CNAME or SRV records define routing
172 information at the name resolution level. Each origin maps to a set
173 of these routes -- the default route is derived from origin itself
174 and the other routes are introduced based on alternative-protocol
175 information.
177 Furthermore, it is important to note that the first member of an
178 alternative service tuple is different from the "scheme" component of
179 an origin; it is more specific, identifying not only the major
180 version of the protocol being used, but potentially communication
181 options for that protocol.
183 This means that clients using an alternative service will change the
184 host, port and protocol that they are using to fetch resources, but
185 these changes MUST NOT be propagated to the application that is using
186 HTTP; from that standpoint, the URI being accessed and all
187 information derived from it (scheme, host, port) are the same as
188 before.
190 Importantly, this includes its security context; in particular, when
191 TLS [RFC5246] is in use, the alternative server will need to present
192 a certificate for the origin's host name, not that of the
193 alternative. Likewise, the Host header field is still derived from
194 the origin, not the alternative service (just as it would if a CNAME
195 were being used).
197 The changes MAY, however, be made visible in debugging tools,
198 consoles, etc.
200 Formally, an alternative service is identified by the combination of:
202 o An Application Layer Protocol Negotiation (ALPN) protocol, as per
203 [I-D.ietf-tls-applayerprotoneg]
205 o A host, as per [RFC3986], Section 3.2.2
207 o A port, as per [RFC3986], Section 3.2.3
209 Additionally, each alternative service MUST have:
211 o A freshness lifetime, expressed in seconds; see Section 2.2
213 There are many ways that a client could discover the alternative
214 service(s) associated with an origin.
216 2.1. Host Authentication
218 Clients MUST NOT use alternative services with a host other than the
219 origin's without strong server authentication; this mitigates the
220 attack described in Section 7.2. One way to achieve this is for the
221 alternative to use TLS with a certificate that is valid for that
222 origin.
224 For example, if the origin's host is "www.example.com" and an
225 alternative is offered on "other.example.com" with the "h2" protocol,
226 and the certificate offered is valid for "www.example.com", the
227 client can use the alternative. However, if "other.example.com" is
228 offered with the "h2c" protocol, the client cannot use it, because
229 there is no mechanism in that protocol to establish strong server
230 authentication.
232 Furthermore, this means that the HTTP Host header field and the SNI
233 information provided in TLS by the client will be that of the origin,
234 not the alternative.
236 2.2. Alternative Service Caching
238 Mechanisms for discovering alternative services can associate a
239 freshness lifetime with them; for example, the Alt-Svc header field
240 uses the "ma" parameter.
242 Clients MAY choose to use an alternative service instead of the
243 origin at any time when it is considered fresh; see Section 2.4 for
244 specific recommendations.
246 Clients with existing connections to alternative services are not
247 required to fall back to the origin when its freshness lifetime ends;
248 i.e., the caching mechanism is intended for limiting how long an
249 alternative service can be used for establishing new requests, not
250 limiting the use of existing ones.
252 To mitigate risks associated with caching compromised values (see
253 Section 7.2 for details), user agents SHOULD examine cached
254 alternative services when they detect a change in network
255 configuration, and remove any that could be compromised (for example,
256 those whose association with the trust root is questionable). UAs
257 that do not have a means of detecting network changes SHOULD place an
258 upper bound on their lifetime.
260 2.3. Requiring Server Name Indication
262 A client MUST only use a TLS-based alternative service if the client
263 also supports TLS Server Name Indication (SNI) ([RFC6066], Section
264 3). This supports the conservation of IP addresses on the
265 alternative service host.
267 2.4. Using Alternative Services
269 By their nature, alternative services are optional; clients are not
270 required to use them. However, it is advantageous for clients to
271 behave in a predictable way when they are used by servers (e.g., for
272 load balancing).
274 Therefore, if a client becomes aware of an alternative service, the
275 client SHOULD use that alternative service for all requests to the
276 associated origin as soon as it is available, provided that the
277 security properties of the alternative service protocol are
278 desirable, as compared to the existing connection.
280 When a client uses an alternate service, it MUST emit the Service
281 header field (Section 4) on every request using that alternate
282 service.
284 The client is not required to block requests; the origin's connection
285 can be used until the alternative connection is established.
286 However, if the security properties of the existing connection are
287 weak (e.g. cleartext HTTP/1.1) then it might make sense to block
288 until the new connection is fully available in order to avoid
289 information leakage.
291 Furthermore, if the connection to the alternative service fails or is
292 unresponsive, the client MAY fall back to using the origin. Note,
293 however, that this could be the basis of a downgrade attack, thus
294 losing any enhanced security properties of the alternative service.
296 3. The Alt-Svc HTTP Header Field
298 An HTTP(S) origin server can advertise the availability of
299 alternative services to clients by adding an Alt-Svc header field to
300 responses.
302 Alt-Svc = 1#( alternative *( OWS ";" OWS parameter ) )
303 alternative = protocol-id "=" port
304 protocol-id = token ; percent-encoded ALPN protocol identifier
306 ALPN protocol names are octet sequences with no additional
307 constraints on format. Octets not allowed in tokens ([HTTP-p1],
308 Section 3.2.6) MUST be percent-encoded as per Section 2.1 of
309 [RFC3986]. Consequently, the octet representing the percent
310 character "%" (hex 25) MUST be percent-encoded as well.
312 In order to have precisely one way to represent any ALPN protocol
313 name, the following additional constraints apply:
315 1. Octets in the ALPN protocol MUST NOT be percent-encoded if they
316 are valid token characters except "%", and
318 2. When using percent-encoding, uppercase hex digits MUST be used.
320 With these constraints, recipients can apply simple string comparison
321 to match protocol identifiers.
323 For example:
325 Alt-Svc: http2=8000
327 This indicates that the "http2" protocol on the same host using the
328 indicated port (in this case, 8000).
330 Examples for protocol name escaping:
332 +--------------------+-------------+---------------------+
333 | ALPN protocol name | protocol-id | Note |
334 +--------------------+-------------+---------------------+
335 | http2 | http2 | No escaping needed |
336 +--------------------+-------------+---------------------+
337 | w=x:y#z | w%3Dx%3Ay#z | "=" and ":" escaped |
338 +--------------------+-------------+---------------------+
339 | x%y | x%25y | "%" needs escaping |
340 +--------------------+-------------+---------------------+
342 Alt-Svc MAY occur in any HTTP response message, regardless of the
343 status code.
345 Alt-Svc does not allow advertisement of alternative services on other
346 hosts, to protect against various header-based attacks.
348 It can, however, have multiple values:
350 Alt-Svc: h2c=8000, h2=443
352 The value(s) advertised by Alt-Svc can be used by clients to open a
353 new connection to one or more alternative services immediately, or
354 simultaneously with subsequent requests on the same connection.
356 Intermediaries MUST NOT change or append Alt-Svc field values.
358 3.1. Caching Alt-Svc Header Field Values
360 When an alternative service is advertised using Alt-Svc, it is
361 considered fresh for 24 hours from generation of the message. This
362 can be modified with the 'ma' (max-age) parameter;
364 Alt-Svc: h2=443;ma=3600
366 which indicates the number of seconds since the response was
367 generated the alternative service is considered fresh for.
369 ma = delta-seconds
371 See Section 4.2.3 of [HTTP-p6] for details of determining response
372 age.
374 For example, a response:
376 HTTP/1.1 200 OK
377 Content-Type: text/html
378 Cache-Control: 600
379 Age: 30
380 Alt-Svc: h2c=8000; ma=60
382 indicates that an alternative service is available and usable for the
383 next 60 seconds. However, the response has already been cached for
384 30 seconds (as per the Age header field value), so therefore the
385 alternative service is only fresh for the 30 seconds from when this
386 response was received, minus estimated transit time.
388 When an Alt-Svc response header field is received from an origin, its
389 value invalidates and replaces all cached alternative services for
390 that origin.
392 See Section 2.2 for general requirements on caching alternative
393 services.
395 Note that the freshness lifetime for HTTP caching (here, 600 seconds)
396 does not affect caching of Alt-Svc values.
398 4. The Service HTTP Header Field
400 The Service HTTP header field is used in requests to indicate the
401 identity of the alternate service in use, just as the Host header
402 field identifies the host and port of the origin.
404 Service = uri-host [ ":" port ]
406 Service is intended to allow alternate services to detect loops,
407 differentiate traffic for purposes of load balancing, and generally
408 to ensure that it is possible to identify the intended destination of
409 traffic, since introducing this information after a protocol is in
410 use has proven to be problematic.
412 When using an Alternate Service, clients MUST include a Service
413 header in all requests.
415 For example:
417 GET /thing
418 Host: origin.example.com
419 Service: alternate.example.net
420 User-Agent: Example/1.0
422 5. The 421 Not Authoritative HTTP Status Code
424 The 421 (Not Authoritative) status code indicates that the current
425 origin server (usually, but not always an alternative service; see
426 Section 2) is not authoritative for the requested resource, in the
427 sense of [HTTP-p1], Section 9.1.
429 Clients receiving 421 (Not Authoritative) from an alternative service
430 MUST remove the corresponding entry from its alternative service
431 cache (see Section 2.2) for that origin. Regardless of the
432 idempotency of the request method, they MAY retry the request, either
433 at another alternative server, or at the origin.
435 421 (Not Authoritative) MAY carry an Alt-Svc header field.
437 This status code MUST NOT be generated by proxies.
439 A 421 response is cacheable by default; i.e., unless otherwise
440 indicated by the method definition or explicit cache controls (see
441 Section 4.2.2 of [HTTP-p6]).
443 [[apr: This really ought to be 420.]]
445 6. IANA Considerations
447 6.1. The Alt-Svc Message Header Field
449 This document registers Alt-Svc in the Permanent Message Header
450 Registry [RFC3864].
452 o Header Field Name: Alt-Svc
454 o Application Protocol: http
456 o Status: standard
458 o Author/Change Controller: IETF
460 o Specification Document: [this document]
462 o Related Information:
464 6.2. The Service Message Header Field
466 This document registers Alt-Svc in the Permanent Message Header
467 Registry [RFC3864].
469 o Header Field Name: Service
471 o Application Protocol: http
473 o Status: standard
475 o Author/Change Controller: IETF
477 o Specification Document: [this document]
479 o Related Information:
481 6.3. The 421 Not Authoritative HTTP Status Code
483 This document registers the 421 (Not Authoritative) HTTP Status code
484 in the Hypertext Transfer Protocol (HTTP) Status Code Registry
485 ([HTTP-p2], Section 8.2).
487 Status Code: 421
489 Short Description: Not Authoritative
491 Specification: Section 5 of this document
493 7. Security Considerations
495 [[anchor1: Identified security considerations should be enumerated in
496 the appropriate documents depending on which proposals are accepted.
497 Those listed below are generic to all uses of alternative services;
498 more specific ones might be necessary.]]
500 7.1. Changing Ports
502 Using an alternative service implies accessing an origin's resources
503 on an alternative port, at a minimum. An attacker that can inject
504 alternative services and listen at the advertised port is therefore
505 able to hijack an origin.
507 For example, an attacker that can add HTTP response header fields can
508 redirect traffic to a different port on the same host using the Alt-
509 Svc header field; if that port is under the attacker's control, they
510 can thus masquerade as the HTTP server.
512 This risk can be mitigated by restricting the ability to advertise
513 alternative services, and restricting who can open a port for
514 listening on that host.
516 7.2. Changing Hosts
518 When the host is changed due to the use of an alternative service, it
519 presents an opportunity for attackers to hijack communication to an
520 origin.
522 For example, if an attacker can convince a user agent to send all
523 traffic for "innocent.example.org" to "evil.example.com" by
524 successfully associating it as an alternative service, they can
525 masquerade as that origin. This can be done locally (see mitigations
526 above) or remotely (e.g., by an intermediary as a man-in-the-middle
527 attack).
529 This is the reason for the requirement in Section 2.1 that any
530 alternative service with a host different to the origin's be strongly
531 authenticated with the origin's identity; i.e., presenting a
532 certificate for the origin proves that the alternative service is
533 authorized to serve traffic for the origin.
535 However, this authorization is only as strong as the method used to
536 authenticate the alternative service. In particular, there are well-
537 known exploits to make an attacker's certificate appear as
538 legitimate.
540 Alternative services could be used to persist such an attack; for
541 example, an intermediary could man-in-the-middle TLS-protected
542 communication to a target, and then direct all traffic to an
543 alternative service with a large freshness lifetime, so that the user
544 agent still directs traffic to the attacker even when not using the
545 intermediary.
547 As a result, there is a requirement in Section 2.2 to examine cached
548 alternative services when a network change is detected.
550 7.3. Changing Protocols
552 When the ALPN protocol is changed due to the use of an alternative
553 service, the security properties of the new connection to the origin
554 can be different from that of the "normal" connection to the origin,
555 because the protocol identifier itself implies this.
557 For example, if a "https://" URI had a protocol advertised that does
558 not use some form of end-to-end encryption (most likely, TLS), it
559 violates the expectations for security that the URI scheme implies.
561 Therefore, clients cannot blindly use alternative services, but
562 instead evaluate the option(s) presented to assure that security
563 requirements and expectations (of specifications, implementations and
564 end users) are met.
566 8. Acknowledgements
568 Thanks to Eliot Lear, Stephen Farrell, Guy Podjarny, Stephen Ludin,
569 Erik Nygren, Paul Hoffman, Adam Langley, Will Chan and Richard Barnes
570 for their feedback and suggestions.
572 The Alt-Svc header field was influenced by the design of the
573 Alternative-Protocol header field in SPDY.
575 9. References
577 9.1. Normative References
579 [HTTP-p1] Fielding, R., Ed. and J. Reschke,
580 Ed., "Hypertext Transfer Protocol
581 (HTTP/1.1): Message Syntax and
582 Routing",
583 draft-ietf-httpbis-p1-messaging-26
584 (work in progress), February 2014.
586 [HTTP-p6] Fielding, R., Ed., Nottingham, M.,
587 Ed., and J. Reschke, Ed., "Hypertext
588 Transfer Protocol (HTTP/1.1):
589 Caching",
590 draft-ietf-httpbis-p6-cache-26 (work
591 in progress), February 2014.
593 [I-D.ietf-tls-applayerprotoneg] Friedl, S., Popov, A., Langley, A.,
594 and S. Emile, "Transport Layer
595 Security (TLS) Application Layer
596 Protocol Negotiation Extension",
597 draft-ietf-tls-applayerprotoneg-05
598 (work in progress), March 2014.
600 [RFC2119] Bradner, S., "Key words for use in
601 RFCs to Indicate Requirement
602 Levels", BCP 14, RFC 2119,
603 March 1997.
605 [RFC3986] Berners-Lee, T., Fielding, R., and
606 L. Masinter, "Uniform Resource
607 Identifier (URI): Generic Syntax",
608 STD 66, RFC 3986, January 2005.
610 [RFC5234] Crocker, D. and P. Overell,
611 "Augmented BNF for Syntax
612 Specifications: ABNF", STD 68,
613 RFC 5234, January 2008.
615 [RFC6066] Eastlake, D., "Transport Layer
616 Security (TLS) Extensions: Extension
617 Definitions", RFC 6066,
618 January 2011.
620 [RFC6454] Barth, A., "The Web Origin Concept",
621 RFC 6454, December 2011.
623 9.2. Informative References
625 [HTTP-p2] Fielding, R., Ed. and J. Reschke,
626 Ed., "Hypertext Transfer Protocol
627 (HTTP/1.1): Semantics and Content",
628 draft-ietf-httpbis-p2-semantics-26
629 (work in progress), February 2014.
631 [HTTP2] Belshe, M., Peon, R., and M.
632 Thomson, Ed., "Hypertext Transfer
633 Protocol version 2",
634 draft-ietf-httpbis-http2-10 (work in
635 progress), February 2014.
637 [RFC3864] Klyne, G., Nottingham, M., and J.
638 Mogul, "Registration Procedures for
639 Message Header Fields", BCP 90,
640 RFC 3864, September 2004.
642 [RFC5246] Dierks, T. and E. Rescorla, "The
643 Transport Layer Security (TLS)
644 Protocol Version 1.2", RFC 5246,
645 August 2008.
647 Appendix A. Change Log (to be removed by RFC Editor before publication)
649 A.1. Since draft-nottingham-httpbis-alt-svc-05
651 This is the first version after adoption of
652 draft-nottingham-httpbis-alt-svc-05 as Working Group work item. It
653 only contains editorial changes.
655 A.2. Since draft-ietf-httpbis-alt-svc-00
657 Selected 421 as proposed status code for "Not Authoritative".
659 Changed header field syntax to use percent-encoding of ALPN protocol
660 names ().
662 Authors' Addresses
664 Mark Nottingham
665 Akamai
667 EMail: mnot@mnot.net
668 URI: http://www.mnot.net/
670 Patrick McManus
671 Mozilla
673 EMail: mcmanus@ducksong.com
674 URI: https://mozillians.org/u/pmcmanus/
676 Julian F. Reschke
677 greenbytes GmbH
679 EMail: julian.reschke@greenbytes.de
680 URI: http://greenbytes.de/tech/webdav/