idnits 2.17.1 draft-ietf-httpbis-h2-websockets-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC6455]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: o On requests bearing the :protocol pseudo-header, the :authority pseudo-header field is interpreted according to [RFC7540] Section 8.1.2.3 instead of [RFC7540] Section 8.3. In particular the server MUST not make a new TCP connection to the host and port indicated by the :authority. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: [RFC6455] requires the use of Connection and Upgrade headers that are not part of HTTP/2. They MUST not be included in the CONNECT request defined here. -- The document date (December 19, 2017) is 2320 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. McManus 3 Internet-Draft Mozilla 4 Intended status: Standards Track December 19, 2017 5 Expires: June 22, 2018 7 Bootstrapping WebSockets with HTTP/2 8 draft-ietf-httpbis-h2-websockets-00 10 Abstract 12 This document defines a mechanism for running the WebSocket Protocol 13 [RFC6455] over a single stream of an HTTP/2 connection. 15 Status of This Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at https://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on June 22, 2018. 32 Copyright Notice 34 Copyright (c) 2017 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (https://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 3. The ENABLE_CONNECT_PROTOCOL SETTINGS Parameter . . . . . . . 3 52 4. The Extended CONNECT Method . . . . . . . . . . . . . . . . . 3 53 5. Using Extended CONNECT To Bootstrap The WebSocket Protocol . 4 54 5.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 5 55 6. Design Considerations . . . . . . . . . . . . . . . . . . . . 5 56 7. About Intermediaries . . . . . . . . . . . . . . . . . . . . 5 57 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 58 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 59 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 60 11. Normative References . . . . . . . . . . . . . . . . . . . . 6 61 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 63 1. Introduction 65 The Hypertext Transfer Protocol (HTTP) provides compatible resource 66 level semantics across different versions but it does not offer 67 compatibility at the connection management level. Other protocols, 68 such as WebSockets, that rely on connection management details of 69 HTTP must be updated for new versions of HTTP. 71 The WebSocket Protocol [RFC6455] uses the HTTP/1.1 [RFC7230] Upgrade 72 mechanism to transition a TCP connection from HTTP into a WebSocket 73 connection. A different approach must be taken with HTTP/2 74 [RFC7540]. HTTP/2 does not allow connection wide header and status 75 codes such as the Upgrade and Connection request headers or the 101 76 response code due to its multiplexing nature. These are all required 77 by the [RFC6455] opening handshake. 79 Being able to bootstrap WebSockets from HTTP/2 allows one TCP 80 connection to be shared by both protocols and extends HTTP/2's more 81 efficient use of the network to WebSockets. 83 This document extends the HTTP/2 CONNECT method. The extension 84 allows the substitution of a new protocol name to connect to rather 85 than the external host normally used by CONNECT. The result is a 86 tunnel on a single HTTP/2 stream that can carry data for WebSockets 87 (or any other protocol). The other streams on the connection may 88 carry more extended CONNECT tunnels, traditional HTTP/2 data, or a 89 mixture of both. 91 This tunneled stream will be multiplexed with other regular streams 92 on the connection and enjoys the normal priority, cancellation, and 93 flow control features of HTTP/2. 95 Streams that successfully establish a WebSocket connection using a 96 tunneled stream and the modifications to the opening handshake 97 defined in this document then use the traditional WebSocket Protocol 98 treating the stream as if were the TCP connection in that 99 specification. 101 2. Terminology 103 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 104 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 105 and "OPTIONAL" are to be interpreted as described in BCP 14, 106 [RFC2119]. 108 3. The ENABLE_CONNECT_PROTOCOL SETTINGS Parameter 110 This document adds a new SETTINGS Parameter to those defined by 111 [RFC7540] Section 6.5.2. 113 The new parameter is ENABLE_CONNECT_PROTOCOL (type = 0x8). The value 114 of the parameter MUST be 0 or 1. 116 Upon receipt of ENABLE_CONNECT_PROTOCOL with a value of 1 a client 117 MAY use the Extended CONNECT definition of this document when 118 creating new streams. Receipt of this parameter by a server does not 119 have any impact. 121 A sender MUST NOT send a ENABLE_CONNECT_PROTOCOL parameter with the 122 value of 0 after previously sending a value of 1. 124 The use of a SETTINGS Parameter to opt-in to an otherwise 125 incompatible protocol change is a use of "Extending HTTP/2" defined 126 by section 5.5 of [RFC7540]. If a client were to use the provisions 127 of the extended CONNECT method defined in this document without first 128 receiving a ENABLE_CONNECT_PROTOCOL parameter with the value of 1 it 129 would be a protocol violation. 131 4. The Extended CONNECT Method 133 The CONNECT Method of [RFC7540] Section 8.3 is modified in the 134 following ways: 136 o A new pseudo-header :protocol MAY be included on request HEADERS 137 indicating the desired protocol to be spoken on the tunnel created 138 by CONNECT. The pseudo-header is single valued and contains a 139 value from the HTTP Upgrade Token Registry defined by [RFC7230]. 141 o On requests bearing the :protocol pseudo-header, the :scheme and 142 :path pseudo-header fields MUST be included. 144 o On requests bearing the :protocol pseudo-header, the :authority 145 pseudo-header field is interpreted according to [RFC7540] 146 Section 8.1.2.3 instead of [RFC7540] Section 8.3. In particular 147 the server MUST not make a new TCP connection to the host and port 148 indicated by the :authority. 150 Upon receiving a CONNECT request bearing the :protocol pseudo-header 151 the server establishes a tunnel to another service of the protocol 152 type indicated by the pseudo-header. This service may or may not be 153 co-located with the server. 155 5. Using Extended CONNECT To Bootstrap The WebSocket Protocol 157 The pseudo-header :protocol MUST be included in the CONNECT request 158 and it MUST have a value of websocket to initiate a WebSocket 159 connection on an HTTP/2 stream. Other HTTP request and response 160 headers, such as those for manipulating cookies, may be included in 161 the HEADERS with the CONNECT :method as usual. This request replaces 162 the GET based request in [RFC6455] and is used to process the 163 WebSockets opening handshake. 165 The scheme of the Target URI [RFC7230] MUST be https for wss schemed 166 WebSockets and http for ws schemed WebSockets. The websocket URI is 167 still used for proxy autoconfiguration. 169 [RFC6455] requires the use of Connection and Upgrade headers that are 170 not part of HTTP/2. They MUST not be included in the CONNECT request 171 defined here. 173 [RFC6455] requires the use of a Host header which is also not part of 174 HTTP/2. The Host information is conveyed as part of the :authority 175 pseudo-header which is required on every HTTP/2 transaction. 177 Implementations using this extended CONNECT to bootstrap WebSockets 178 do not do the processing of the [RFC6455] Sec-WebSocket-Key and Sec- 179 WebSocket-Accept headers as that functionality has been superceded by 180 the :protocol pseudo-header. 182 The Sec-WebSocket-Version, Origin [RFC6454], Sec-WebSocket-Protocol, 183 and Sec-WebSocket-Extensions headers are used on the CONNECT request 184 and response headers in the same way as defined in [RFC6455]. Note 185 that HTTP/1 header names were case insensitive and HTTP/2 requires 186 they be encoded as lower case. 188 After successfully processing the opening handshake the peers should 189 proceed with The WebSocket Protocol [RFC6455] using the HTTP/2 stream 190 from the CONNECT transaction as if it were the TCP connection 191 referred to in [RFC6455]. The state of the WebSocket connection at 192 this point is OPEN as defined by [RFC6455] Section 4.1. 194 5.1. Example 196 [[ From Client ]] [[ From Server ]] 198 SETTINGS 199 ENABLE_CONNECT_PROTOCOL = 1 201 HEADERS + END_HEADERS 202 :method = CONNECT 203 :protocol = websocket 204 :scheme = https 205 :path = /chat 206 :authority = server.example.com:443 207 sec-websocket-protocol = chat, superchat 208 sec-websocket-extensions = permessage-deflate 209 sec-websocket-version = 13 210 origin = http://www.example.com 212 HEADERS + END_HEADERS 213 :status = 200 214 sec-websocket-protocol = chat 216 DATA 217 WebSocket Data 219 DATA + END_STREAM 220 WebSocket Data 222 DATA + END_STREAM 223 WebSocket Data 225 6. Design Considerations 227 A more native integration with HTTP/2 is certainly possible with 228 larger additions to HTTP/2. This design was selected to minimize the 229 solution complexity while still addressing the primary concern of 230 running HTTP/2 and WebSockets concurrently. 232 7. About Intermediaries 234 This document does not change how WebSockets interacts with HTTP 235 proxies. If a client wishing to speak WebSockets connects via HTTP/2 236 to a HTTP proxy it should continue to use a traditional (i.e. not 237 with a :protocol pseudo-header) CONNECT to tunnel through that proxy 238 to the WebSocket server via HTTP. 240 The resulting version of HTTP on that tunnel determines whether 241 WebSockets is initiated directly or via a modified CONNECT request 242 described in this document. 244 8. Security Considerations 246 [RFC6455] ensures that non WebSockets clients, especially 247 XMLHttpRequest based clients, cannot make a WebSocket connection. 248 Its primary mechanism for doing that is the use of Sec- prefixed 249 request headers that cannot be created by XMLHttpRequest based 250 clients. This specification addresses that concern in two ways: 252 o The CONNECT method is prohibited from being used by XMLHttpRequest 254 o The use of a pseudo-header is something that is connection 255 specific and HTTP/2 does not ever allow to be created outside of 256 the protocol stack. 258 9. IANA Considerations 260 This document establishes a entry for the HTTP/2 Settings Registry 261 that was established by [RFC7540] Section 11.3 263 Name: ENABLE_CONNECT_PROTOCOL 265 Code: 0x8 267 Initial Value: 0 269 Specification: This document 271 10. Acknowledgments 273 The 2017 HTTP Workshop had a very productive discussion that helped 274 determine the key problem and acceptable level of solution 275 complexity. 277 11. Normative References 279 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 280 Requirement Levels", BCP 14, RFC 2119, 281 DOI 10.17487/RFC2119, March 1997, 282 . 284 [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, 285 DOI 10.17487/RFC6454, December 2011, 286 . 288 [RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol", 289 RFC 6455, DOI 10.17487/RFC6455, December 2011, 290 . 292 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 293 Protocol (HTTP/1.1): Message Syntax and Routing", 294 RFC 7230, DOI 10.17487/RFC7230, June 2014, 295 . 297 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 298 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 299 DOI 10.17487/RFC7540, May 2015, 300 . 302 Author's Address 304 Patrick McManus 305 Mozilla 307 Email: mcmanus@ducksong.com