idnits 2.17.1 

draft-ietf-httpbis-early-hints-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (May 16, 2017) is 2536 days in the past.  Is this
     intentional?


  Checking references for intended status: Experimental
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112)

  ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110)

  ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113)


     Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	HTTP Working Group                                                K. Oku
3	Internet-Draft                                            DeNA Co., Ltd.
4	Intended status: Experimental                               May 16, 2017
5	Expires: November 17, 2017

7	                An HTTP Status Code for Indicating Hints
8	                   draft-ietf-httpbis-early-hints-02

10	Abstract

12	   This memo introduces an informational HTTP status code that can be
13	   used to convey hints that help a client make preparations for
14	   processing the final response.

16	Note to Readers

18	   Discussion of this draft takes place on the HTTP working group
19	   mailing list (ietf-http-wg@w3.org), which is archived at
20	   https://lists.w3.org/Archives/Public/ietf-http-wg/ .

22	   Working Group information can be found at https://httpwg.github.io/ ;
23	   source code and issues list for this draft can be found at
24	   https://github.com/httpwg/http-extensions/labels/early-hints .

26	Status of This Memo

28	   This Internet-Draft is submitted in full conformance with the
29	   provisions of BCP 78 and BCP 79.

31	   Internet-Drafts are working documents of the Internet Engineering
32	   Task Force (IETF).  Note that other groups may also distribute
33	   working documents as Internet-Drafts.  The list of current Internet-
34	   Drafts is at http://datatracker.ietf.org/drafts/current/.

36	   Internet-Drafts are draft documents valid for a maximum of six months
37	   and may be updated, replaced, or obsoleted by other documents at any
38	   time.  It is inappropriate to use Internet-Drafts as reference
39	   material or to cite them other than as "work in progress."

41	   This Internet-Draft will expire on November 17, 2017.

43	Copyright Notice

45	   Copyright (c) 2017 IETF Trust and the persons identified as the
46	   document authors.  All rights reserved.

48	   This document is subject to BCP 78 and the IETF Trust's Legal
49	   Provisions Relating to IETF Documents
50	   (http://trustee.ietf.org/license-info) in effect on the date of
51	   publication of this document.  Please review these documents
52	   carefully, as they describe your rights and restrictions with respect
53	   to this document.  Code Components extracted from this document must
54	   include Simplified BSD License text as described in Section 4.e of
55	   the Trust Legal Provisions and are provided without warranty as
56	   described in the Simplified BSD License.

58	Table of Contents

60	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
61	     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   3
62	   2.  103 Early Hints . . . . . . . . . . . . . . . . . . . . . . .   3
63	   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
64	   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
65	   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
66	   6.  Changes . . . . . . . . . . . . . . . . . . . . . . . . . . .   4
67	     6.1.  Since draft-ietf-httpbis-early-hints-01 . . . . . . . . .   4
68	     6.2.  Since draft-ietf-httpbis-early-hints-00 . . . . . . . . .   4
69	   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
70	     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
71	     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
72	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

74	1.  Introduction

76	   It is common for HTTP responses to contain links to external
77	   resources that need to be fetched prior to their use; for example,
78	   rendering HTML by a Web browser.  Having such links available to the
79	   client as early as possible helps to minimize perceived latency.

81	   The "preload" ([Preload]) link relation can be used to convey such
82	   links in the Link header field of an HTTP response.  However, it is
83	   not always possible for an origin server to generate a response
84	   header block immediately after receiving a request.  For example, the
85	   origin server might need to query a database before generating a
86	   response, or it might delegate a request to an upstream HTTP server
87	   running at a distant location.

89	   The dilemma here is that even though it is preferable for an origin
90	   server to send some headers as soon as it receives a request, it
91	   cannot do so until the status code and the full headers of the final
92	   HTTP response are determined.

94	   HTTP/2 ([RFC7540]) server push can be used as a solution to this
95	   issue, but has its own limitations.  The responses that can be pushed
96	   using HTTP/2 are limited to those belonging to the same origin.
97	   Also, it is impossible to send only the links using server push.
98	   Finally, sending HTTP responses for every resource is an inefficient
99	   way of using bandwidth, especially when a caching server exists as an
100	   intermediary.

102	   This memo defines a status code for sending an informational response
103	   ([RFC7231], section 6.2) that contains headers that are likely to be
104	   included in the final response.  A server can send the informational
105	   response containing some of the headers to help the client start
106	   making preparations for processing the final response, and then run
107	   time-consuming operations to generate the final response.  The
108	   informational response can also be used by an origin server to
109	   trigger HTTP/2 server push at a caching intermediary.

111	1.1.  Notational Conventions

113	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
114	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
115	   document are to be interpreted as described in [RFC2119].

117	2.  103 Early Hints

119	   The 103 (Early Hints) informational status code indicates the client
120	   that the server is likely to send a final response with the headers
121	   included in the informational response.

123	   A server MUST NOT include Content-Length, Transfer-Encoding, or any
124	   hop-by-hop header fields ([RFC7230], section 6.1) in a 103 (Early
125	   Hints) response.

127	   A client MAY speculatively evaluate the headers included in a 103
128	   (Early Hints) response while waiting for the final response.  For
129	   example, a client might recognize a Link header field value
130	   containing the relation type "preload" and start fetching the target
131	   resource.

133	   However, this MUST NOT affect how the final response is processed;
134	   when handling it, the client MUST behave as if it had not seen the
135	   informational response.  In particular, a client MUST NOT process the
136	   headers included in the final response as if they belonged to the
137	   informational response, or vice versa.

139	   An intermediary MAY drop the informational response.  It MAY send
140	   HTTP/2 ([RFC7540]) server pushes using the information found in the
141	   103 (Early Hints) response.

143	3.  Security Considerations

145	   Some clients may have issues handling 103 (Early Hints), since
146	   informational responses are rarely used in reply to requests not
147	   including an Expect header ([RFC7231], section 5.1.1).

149	   In particular, an HTTP/1.1 client that mishandles an informational
150	   response as a final response is likely to consider all responses to
151	   the succeeding requests sent over the same connection to be part of
152	   the final response.  Such behavior may constitute a cross-origin
153	   information disclosure vulnerability in case the client multiplexes
154	   requests to different origins onto a single persistent connection.

156	   Therefore, a server might refrain from sending Early Hints over
157	   HTTP/1.1 unless when the client is known to handle informational
158	   responses correctly.

160	   HTTP/2 clients are less likely to suffer from incorrect framing since
161	   handling of the response headers does not affect how the end of the
162	   response body is determined.

164	4.  IANA Considerations

166	   The HTTP Status Codes Registry will be updated with the following
167	   entry:

169	   o  Code: 103

171	   o  Description: Early Hints

173	   o  Specification: [this document]

175	5.  Acknowledgements

177	   Thanks to Tatsuhiro Tsujikawa for coming up with the idea of sending
178	   the link headers using an informational response.

180	6.  Changes

182	6.1.  Since draft-ietf-httpbis-early-hints-01

184	   o  Editorial changes.

186	6.2.  Since draft-ietf-httpbis-early-hints-00

188	   o  Forbid processing the headers of a 103 response as part of the
189	      informational response.

191	7.  References

193	7.1.  Normative References

195	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
196	              Requirement Levels", BCP 14, RFC 2119,
197	              DOI 10.17487/RFC2119, March 1997,
198	              <http://www.rfc-editor.org/info/rfc2119>.

200	   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
201	              Protocol (HTTP/1.1): Message Syntax and Routing",
202	              RFC 7230, DOI 10.17487/RFC7230, June 2014,
203	              <http://www.rfc-editor.org/info/rfc7230>.

205	   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
206	              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
207	              DOI 10.17487/RFC7231, June 2014,
208	              <http://www.rfc-editor.org/info/rfc7231>.

210	   [RFC7540]  Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
211	              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
212	              DOI 10.17487/RFC7540, May 2015,
213	              <http://www.rfc-editor.org/info/rfc7540>.

215	7.2.  Informative References

217	   [Preload]  Grigorik, I., "Preload", September 2016,
218	              <https://w3c.github.io/preload/>.

220	Author's Address

222	   Kazuho Oku
223	   DeNA Co., Ltd.

225	   Email: kazuhooku@gmail.com