idnits 2.17.1 draft-ietf-httpbis-header-compression-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([2], [3], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1229 has weird spacing: '... as hex len...' == Line 1230 has weird spacing: '...aligned in...' -- The document date (February 17, 2015) is 3349 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 19 -- Looks like a reference, but probably isn't: '2' on line 21 -- Looks like a reference, but probably isn't: '3' on line 22 -- Looks like a reference, but probably isn't: '13' on line 1358 -- Looks like a reference, but probably isn't: '23' on line 1471 -- Looks like a reference, but probably isn't: '28' on line 1481 -- Looks like a reference, but probably isn't: '24' on line 1469 -- Looks like a reference, but probably isn't: '30' on line 1488 -- Looks like a reference, but probably isn't: '10' on line 1295 -- Looks like a reference, but probably isn't: '12' on line 1294 -- Looks like a reference, but probably isn't: '11' on line 1356 -- Looks like a reference, but probably isn't: '15' on line 1355 -- Looks like a reference, but probably isn't: '19' on line 1440 -- Looks like a reference, but probably isn't: '14' on line 1357 -- Looks like a reference, but probably isn't: '20' on line 1458 -- Looks like a reference, but probably isn't: '22' on line 1465 -- Looks like a reference, but probably isn't: '21' on line 1462 -- Looks like a reference, but probably isn't: '26' on line 1487 -- Looks like a reference, but probably isn't: '25' on line 1467 -- Looks like a reference, but probably isn't: '27' on line 1486 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) -- Obsolete informational reference (is this intentional?): RFC 5246 (ref. 'TLS12') (Obsoleted by RFC 8446) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 22 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group R. Peon 3 Internet-Draft Google, Inc 4 Intended status: Standards Track H. Ruellan 5 Expires: August 21, 2015 Canon CRF 6 February 17, 2015 8 HPACK - Header Compression for HTTP/2 9 draft-ietf-httpbis-header-compression-12 11 Abstract 13 This specification defines HPACK, a compression format for 14 efficiently representing HTTP header fields, to be used in HTTP/2. 16 Editorial Note (To be removed by RFC Editor) 18 Discussion of this draft takes place on the HTTPBIS working group 19 mailing list (ietf-http-wg@w3.org), which is archived at [1]. 21 Working Group information can be found at [2]; that specific to 22 HTTP/2 are at [3]. 24 The changes in this draft are summarized in Appendix D.2. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 21, 2015. 43 Copyright Notice 45 Copyright (c) 2015 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 61 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 62 1.2. Conventions . . . . . . . . . . . . . . . . . . . . . . . 5 63 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 64 2. Compression Process Overview . . . . . . . . . . . . . . . . 6 65 2.1. Header List Ordering . . . . . . . . . . . . . . . . . . 6 66 2.2. Encoding and Decoding Contexts . . . . . . . . . . . . . 6 67 2.3. Indexing Tables . . . . . . . . . . . . . . . . . . . . . 6 68 2.3.1. Static Table . . . . . . . . . . . . . . . . . . . . 6 69 2.3.2. Dynamic Table . . . . . . . . . . . . . . . . . . . . 6 70 2.3.3. Index Address Space . . . . . . . . . . . . . . . . . 7 71 2.4. Header Field Representation . . . . . . . . . . . . . . . 8 72 3. Header Block Decoding . . . . . . . . . . . . . . . . . . . . 8 73 3.1. Header Block Processing . . . . . . . . . . . . . . . . . 8 74 3.2. Header Field Representation Processing . . . . . . . . . 9 75 4. Dynamic Table Management . . . . . . . . . . . . . . . . . . 9 76 4.1. Calculating Table Size . . . . . . . . . . . . . . . . . 10 77 4.2. Maximum Table Size . . . . . . . . . . . . . . . . . . . 10 78 4.3. Entry Eviction when Dynamic Table Size Changes . . . . . 11 79 4.4. Entry Eviction when Adding New Entries . . . . . . . . . 11 80 5. Primitive Type Representations . . . . . . . . . . . . . . . 11 81 5.1. Integer Representation . . . . . . . . . . . . . . . . . 11 82 5.2. String Literal Representation . . . . . . . . . . . . . . 13 83 6. Binary Format . . . . . . . . . . . . . . . . . . . . . . . . 14 84 6.1. Indexed Header Field Representation . . . . . . . . . . . 14 85 6.2. Literal Header Field Representation . . . . . . . . . . . 15 86 6.2.1. Literal Header Field with Incremental Indexing . . . 15 87 6.2.2. Literal Header Field without Indexing . . . . . . . . 16 88 6.2.3. Literal Header Field never Indexed . . . . . . . . . 17 89 6.3. Dynamic Table Size Update . . . . . . . . . . . . . . . . 18 90 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 91 7.1. Probing Dynamic Table State . . . . . . . . . . . . . . . 19 92 7.1.1. Applicability to HPACK and HTTP . . . . . . . . . . . 20 93 7.1.2. Mitigation . . . . . . . . . . . . . . . . . . . . . 20 94 7.1.3. Never Indexed Literals . . . . . . . . . . . . . . . 21 95 7.2. Static Huffman Encoding . . . . . . . . . . . . . . . . . 22 96 7.3. Memory Consumption . . . . . . . . . . . . . . . . . . . 22 97 7.4. Implementation Limits . . . . . . . . . . . . . . . . . . 23 98 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 99 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 100 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 101 10.1. Normative References . . . . . . . . . . . . . . . . . . 23 102 10.2. Informative References . . . . . . . . . . . . . . . . . 24 103 Appendix A. Static Table Definition . . . . . . . . . . . . . . 25 104 Appendix B. Huffman Code . . . . . . . . . . . . . . . . . . . . 26 105 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 32 106 C.1. Integer Representation Examples . . . . . . . . . . . . . 33 107 C.1.1. Example 1: Encoding 10 Using a 5-bit Prefix . . . . . 33 108 C.1.2. Example 2: Encoding 1337 Using a 5-bit Prefix . . . . 33 109 C.1.3. Example 3: Encoding 42 Starting at an Octet Boundary 34 110 C.2. Header Field Representation Examples . . . . . . . . . . 34 111 C.2.1. Literal Header Field with Indexing . . . . . . . . . 34 112 C.2.2. Literal Header Field without Indexing . . . . . . . . 35 113 C.2.3. Literal Header Field never Indexed . . . . . . . . . 36 114 C.2.4. Indexed Header Field . . . . . . . . . . . . . . . . 36 115 C.3. Request Examples without Huffman Coding . . . . . . . . . 37 116 C.3.1. First Request . . . . . . . . . . . . . . . . . . . . 37 117 C.3.2. Second Request . . . . . . . . . . . . . . . . . . . 38 118 C.3.3. Third Request . . . . . . . . . . . . . . . . . . . . 39 119 C.4. Request Examples with Huffman Coding . . . . . . . . . . 40 120 C.4.1. First Request . . . . . . . . . . . . . . . . . . . . 40 121 C.4.2. Second Request . . . . . . . . . . . . . . . . . . . 41 122 C.4.3. Third Request . . . . . . . . . . . . . . . . . . . . 42 123 C.5. Response Examples without Huffman Coding . . . . . . . . 44 124 C.5.1. First Response . . . . . . . . . . . . . . . . . . . 44 125 C.5.2. Second Response . . . . . . . . . . . . . . . . . . . 46 126 C.5.3. Third Response . . . . . . . . . . . . . . . . . . . 47 127 C.6. Response Examples with Huffman Coding . . . . . . . . . . 49 128 C.6.1. First Response . . . . . . . . . . . . . . . . . . . 49 129 C.6.2. Second Response . . . . . . . . . . . . . . . . . . . 51 130 C.6.3. Third Response . . . . . . . . . . . . . . . . . . . 52 131 Appendix D. Change Log (to be removed by RFC Editor before 132 publication) . . . . . . . . . . . . . . . . . . . . 54 133 D.1. Since draft-ietf-httpbis-header-compression-10 . . . . . 55 134 D.2. Since draft-ietf-httpbis-header-compression-09 . . . . . 55 135 D.3. Since draft-ietf-httpbis-header-compression-08 . . . . . 55 136 D.4. Since draft-ietf-httpbis-header-compression-07 . . . . . 55 137 D.5. Since draft-ietf-httpbis-header-compression-06 . . . . . 56 138 D.6. Since draft-ietf-httpbis-header-compression-05 . . . . . 56 139 D.7. Since draft-ietf-httpbis-header-compression-04 . . . . . 56 140 D.8. Since draft-ietf-httpbis-header-compression-03 . . . . . 57 141 D.9. Since draft-ietf-httpbis-header-compression-02 . . . . . 57 142 D.10. Since draft-ietf-httpbis-header-compression-01 . . . . . 57 143 D.11. Since draft-ietf-httpbis-header-compression-00 . . . . . 57 145 1. Introduction 147 In HTTP/1.1 (see [RFC7230]), header fields are not compressed. As 148 Web pages have grown to require dozens to hundreds of requests, the 149 redundant header fields in these requests unnecessarily consume 150 bandwidth, measurably increasing latency. 152 SPDY [SPDY] initially addressed this redundancy by compressing header 153 fields using the DEFLATE [DEFLATE] format, which proved very 154 effective at efficiently representing the redundant header fields. 155 However, that approach exposed a security risk as demonstrated by the 156 CRIME attack (see [CRIME]). 158 This specification defines HPACK, a new compressor for header fields 159 which eliminates redundant header fields, limits vulnerability to 160 known security attacks, and which has a bounded memory requirement 161 for use in constrained environments. Potential security concerns for 162 HPACK are described in Section 7. 164 The HPACK format is intentionally simple and inflexible. Both 165 characteristics reduce the risk of interoperability or security 166 issues due to implementation error. No extensibility mechanisms are 167 defined; changes to the format are only possible by defining a 168 complete replacement. 170 1.1. Overview 172 The format defined in this specification treats a list of header 173 fields as an ordered collection of name-value pairs that can include 174 duplicate pairs. Names and values are considered to be opaque 175 sequences of octets, and the order of header fields is preserved 176 after being compressed and decompressed. 178 Encoding is informed by header field tables that map header fields to 179 indexed values. These header field tables can be incrementally 180 updated as new header fields are encoded or decoded. 182 In the encoded form, a header field is represented either literally 183 or as a reference to a header field in one of the header field 184 tables. Therefore, a list of header fields can be encoded using a 185 mixture of references and literal values. 187 Literal values are either encoded directly or using a static Huffman 188 code. 190 The encoder is responsible for deciding which header fields to insert 191 as new entries in the header field tables. The decoder executes the 192 modifications to the header field tables prescribed by the encoder, 193 reconstructing the list of header fields in the process. This 194 enables decoders to remain simple and interoperate with a wide 195 variety of encoders. 197 Examples illustrating the use of these different mechanisms to 198 represent header fields are available in Appendix C. 200 1.2. Conventions 202 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 203 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 204 document are to be interpreted as described in RFC 2119 [RFC2119]. 206 All numeric values are in network byte order. Values are unsigned 207 unless otherwise indicated. Literal values are provided in decimal 208 or hexadecimal as appropriate. 210 1.3. Terminology 212 This specification uses the following terms: 214 Header Field: A name-value pair. Both the name and value are 215 treated as opaque sequences of octets. 217 Dynamic Table: The dynamic table (see Section 2.3.2) is a table that 218 associates stored header fields with index values. This table is 219 dynamic and specific to an encoding or decoding context. 221 Static Table: The static table (see Section 2.3.1) is a table that 222 statically associates header fields that occur frequently with 223 index values. This table is ordered, read-only, always 224 accessible, and may be shared amongst all encoding or decoding 225 contexts. 227 Header List: A header list is an ordered collection of header fields 228 that are encoded jointly, and can contain duplicate header fields. 229 A complete list of header fields contained in an HTTP/2 header 230 block is a header list. 232 Header Field Representation: A header field can be represented in 233 encoded form either as a literal or as an index (see Section 2.4). 235 Header Block: An ordered list of header field representations which, 236 when decoded, yields a complete header list. 238 2. Compression Process Overview 240 This specification does not describe a specific algorithm for an 241 encoder. Instead, it defines precisely how a decoder is expected to 242 operate, allowing encoders to produce any encoding that this 243 definition permits. 245 2.1. Header List Ordering 247 HPACK preserves the ordering of header fields inside the header list. 248 An encoder MUST order header field representations in the header 249 block according to their ordering in the original header list. A 250 decoder MUST order header fields in the decoded header list according 251 to their ordering in the header block. 253 2.2. Encoding and Decoding Contexts 255 To decompress header blocks, a decoder only needs to maintain a 256 dynamic table (see Section 2.3.2) as a decoding context. No other 257 dynamic state is needed. 259 When used for bidirectional communication, such as in HTTP, the 260 encoding and decoding dynamic tables maintained by an endpoint are 261 completely independent. I.e., the request and response dynamic 262 tables are separate. 264 2.3. Indexing Tables 266 HPACK uses two tables for associating header fields to indexes. The 267 static table (see Section 2.3.1) is predefined and contains common 268 header fields (most of them with an empty value). The dynamic table 269 (see Section 2.3.2) is dynamic and can be used by the encoder to 270 index header fields repeated in the encoded header lists. 272 These two tables are combined into a single address space for 273 defining index values (see Section 2.3.3). 275 2.3.1. Static Table 277 The static table consists of a predefined static list of header 278 fields. Its entries are defined in Appendix A. 280 2.3.2. Dynamic Table 282 The dynamic table consists of a list of header fields maintained in 283 first-in, first-out order. The first and newest entry in a dynamic 284 table is at the lowest index, and the oldest entry of a dynamic table 285 is at the highest index. 287 The dynamic table is initially empty. Entries are added as each 288 header block is decompressed. 290 The dynamic table can contain duplicate entries (i.e., entries with 291 the same name and same value). Therefore, duplicate entries MUST NOT 292 be treated as an error by a decoder. 294 The encoder decides how to update the dynamic table and as such can 295 control how much memory is used by the dynamic table. To limit the 296 memory requirements of the decoder, the dynamic table size is 297 strictly bounded (see Section 4.2). 299 The decoder updates the dynamic table during the processing of a list 300 of header field representations (see Section 3.2). 302 2.3.3. Index Address Space 304 The static table and the dynamic table are combined into a single 305 index address space. 307 Indices between 1 and the length of the static table (inclusive) 308 refer to elements in the static table (see Section 2.3.1). 310 Indices strictly greater than the length of the static table refer to 311 elements in the dynamic table (see Section 2.3.2). The length of the 312 static table is subtracted to find the index into the dynamic table. 314 Indices strictly greater than the sum of the lengths of both tables 315 MUST be treated as a decoding error. 317 For a static table size of s and a dynamic table size of k, the 318 following diagram shows the entire valid index address space. 320 <---------- Index Address Space ----------> 321 <-- Static Table --> <-- Dynamic Table --> 322 +---+-----------+---+ +---+-----------+---+ 323 | 1 | ... | s | |s+1| ... |s+k| 324 +---+-----------+---+ +---+-----------+---+ 325 ^ | 326 | V 327 Insertion Point Dropping Point 329 Figure 1: Index Address Space 331 2.4. Header Field Representation 333 An encoded header field can be represented either as an index or as a 334 literal. 336 An indexed representation defines a header field as a reference to an 337 entry in either the static table or the dynamic table (see 338 Section 6.1). 340 A literal representation defines a header field by specifying its 341 name and value. The header field name can be represented literally 342 or as a reference to an entry in either the static table or the 343 dynamic table. The header field value is represented literally. 345 Three different literal representations are defined: 347 o A literal representation that adds the header field as a new entry 348 at the beginning of the dynamic table (see Section 6.2.1). 350 o A literal representation that does not add the header field to the 351 dynamic table (see Section 6.2.2). 353 o A literal representation that does not add the header field to the 354 dynamic table, with the additional stipulation that this header 355 field always use a literal representation, in particular when re- 356 encoded by an intermediary (see Section 6.2.3). This 357 representation is intended for protecting header field values that 358 are not to be put at risk by compressing them (see Section 7.1.3 359 for more details). 361 The selection of one of these literal representations can be guided 362 by security considerations, in order to protect sensitive header 363 field values (see Section 7.1). 365 The literal representation of a header field name or of a header 366 field value can encode the sequence of octets either directly or 367 using a static Huffman code (see Section 5.2). 369 3. Header Block Decoding 371 3.1. Header Block Processing 373 A decoder processes a header block sequentially to reconstruct the 374 original header list. 376 A header block is the concatenation of header field representations. 377 The different possible header field representations are described in 378 Section 6. 380 Once a header field is decoded and added to the reconstructed header 381 list, the header field cannot be removed. A header field added to 382 the header list can be safely passed to the application. 384 By passing the resulting header fields to the application, a decoder 385 can be implemented with minimal transitory memory commitment in 386 addition to the dynamic table. 388 3.2. Header Field Representation Processing 390 The processing of a header block to obtain a header list is defined 391 in this section. To ensure that the decoding will successfully 392 produce a header list, a decoder MUST obey the following rules. 394 All the header field representations contained in a header block are 395 processed in the order in which they appear, as specified below. 396 Details on the formatting of the various header field 397 representations, and some additional processing instructions are 398 found in Section 6. 400 An _indexed representation_ entails the following actions: 402 o The header field corresponding to the referenced entry in either 403 the static table or dynamic table is appended to the decoded 404 header list. 406 A _literal representation_ that is _not added_ to the dynamic table 407 entails the following action: 409 o The header field is appended to the decoded header list. 411 A _literal representation_ that is _added_ to the dynamic table 412 entails the following actions: 414 o The header field is appended to the decoded header list. 416 o The header field is inserted at the beginning of the dynamic 417 table. This insertion could result in the eviction of previous 418 entries in the dynamic table (see Section 4.4). 420 4. Dynamic Table Management 422 To limit the memory requirements on the decoder side, the dynamic 423 table is constrained in size. 425 4.1. Calculating Table Size 427 The size of the dynamic table is the sum of the size of its entries. 429 The size of an entry is the sum of its name's length in octets (as 430 defined in Section 5.2), its value's length in octets, plus 32. 432 The size of an entry is calculated using the length of its name and 433 value without any Huffman encoding applied. 435 Note: The additional 32 octets account for an estimated overhead 436 associated with an entry. For example, an entry structure using 437 two 64-bit pointers to reference the name and the value of the 438 entry, and two 64-bit integers for counting the number of 439 references to the name and value would have 32 octets of overhead. 441 4.2. Maximum Table Size 443 Protocols that use HPACK determine the maximum size that the encoder 444 is permitted to use for the dynamic table. In HTTP/2, this value is 445 determined by the SETTINGS_HEADER_TABLE_SIZE setting (see 446 Section 6.5.2 of [HTTP2]). 448 An encoder can choose to use less capacity than this maximum size 449 (see Section 6.3), but the chosen size MUST stay lower than or equal 450 to the maximum set by the protocol. 452 A change in the maximum size of the dynamic table is signaled via an 453 encoding context update (see Section 6.3). This encoding context 454 update MUST occur at the beginning of the first header block 455 following the change to the dynamic table size. In HTTP/2, this 456 follows a settings acknowledgment (see Section 6.5.3 of [HTTP2]). 458 Multiple updates to the maximum table size can occur between the 459 transmission of two header blocks. In the case that this size is 460 changed more than once in this interval, the smallest maximum table 461 size that occurs in that interval MUST be signaled in an encoding 462 context update. The final maximum size is always signaled, resulting 463 in at most two encoding context updates. This ensures that the 464 decoder is able to perform eviction based on reductions in dynamic 465 table size (see Section 4.3). 467 This mechanism can be used to completely clear entries from the 468 dynamic table by setting a maximum size of 0, which can subsequently 469 be restored. 471 4.3. Entry Eviction when Dynamic Table Size Changes 473 Whenever the maximum size for the dynamic table is reduced, entries 474 are evicted from the end of the dynamic table until the size of the 475 dynamic table is less than or equal to the maximum size. 477 4.4. Entry Eviction when Adding New Entries 479 Before a new entry is added to the dynamic table, entries are evicted 480 from the end of the dynamic table until the size of the dynamic table 481 is less than or equal to (maximum size - new entry size), or until 482 the table is empty. 484 If the size of the new entry is less than or equal to the maximum 485 size, that entry is added to the table. It is not an error to 486 attempt to add an entry that is larger than the maximum size; an 487 attempt to add an entry larger than the maximum size causes the table 488 to be emptied of all existing entries, and results in an empty table. 490 A new entry can reference the name of an entry in the dynamic table 491 that will be evicted when adding this new entry into the dynamic 492 table. Implementations are cautioned to avoid deleting the 493 referenced name if the referenced entry is evicted from the dynamic 494 table prior to inserting the new entry. 496 5. Primitive Type Representations 498 HPACK encoding uses two primitive types: unsigned variable length 499 integers, and strings of octets. 501 5.1. Integer Representation 503 Integers are used to represent name indexes, header field indexes or 504 string lengths. An integer representation can start anywhere within 505 an octet. To allow for optimized processing, an integer 506 representation always finishes at the end of an octet. 508 An integer is represented in two parts: a prefix that fills the 509 current octet and an optional list of octets that are used if the 510 integer value does not fit within the prefix. The number of bits of 511 the prefix (called N) is a parameter of the integer representation. 513 If the integer value is small enough, i.e., strictly less than 2^N-1, 514 it is encoded within the N-bit prefix. 516 0 1 2 3 4 5 6 7 517 +---+---+---+---+---+---+---+---+ 518 | ? | ? | ? | Value | 519 +---+---+---+-------------------+ 521 Figure 2: Integer Value Encoded within the Prefix (shown for N = 5) 523 Otherwise, all the bits of the prefix are set to 1 and the value, 524 decreased by 2^N-1, is encoded using a list of one or more octets. 525 The most significant bit of each octet is used as a continuation 526 flag: its value is set to 1 except for the last octet in the list. 527 The remaining bits of the octets are used to encode the decreased 528 value. 530 0 1 2 3 4 5 6 7 531 +---+---+---+---+---+---+---+---+ 532 | ? | ? | ? | 1 1 1 1 1 | 533 +---+---+---+-------------------+ 534 | 1 | Value-(2^N-1) LSB | 535 +---+---------------------------+ 536 ... 537 +---+---------------------------+ 538 | 0 | Value-(2^N-1) MSB | 539 +---+---------------------------+ 541 Figure 3: Integer Value Encoded after the Prefix (shown for N = 5) 543 Decoding the integer value from the list of octets starts by 544 reversing the order of the octets in the list. Then, for each octet, 545 its most significant bit is removed. The remaining bits of the 546 octets are concatenated and the resulting value is increased by 2^N-1 547 to obtain the integer value. 549 The prefix size, N, is always between 1 and 8 bits. An integer 550 starting at an octet-boundary will have an 8-bit prefix. 552 Pseudo-code to represent an integer I is as follows: 554 if I < 2^N - 1, encode I on N bits 555 else 556 encode (2^N - 1) on N bits 557 I = I - (2^N - 1) 558 while I >= 128 559 encode (I % 128 + 128) on 8 bits 560 I = I / 128 561 encode I on 8 bits 563 Pseudo-code to decode an integer I is as follows: 565 decode I from the next N bits 566 if I < 2^N - 1, return I 567 else 568 M = 0 569 repeat 570 B = next octet 571 I = I + (B & 127) * 2^M 572 M = M + 7 573 while B & 128 == 128 574 return I 576 Examples illustrating the encoding of integers are available in 577 Appendix C.1. 579 This integer representation allows for values of indefinite size. It 580 is also possible for an encoder to send a large number of zero 581 values, which can waste octets and could be used to overflow integer 582 values. Integer encodings that exceed an implementation limits - in 583 value or octet length - MUST be treated as a decoding error. 584 Different limits can be set for each of the different uses of 585 integers, based on implementation constraints. 587 5.2. String Literal Representation 589 Header field names and header field values can be represented as 590 literal strings. A literal string is encoded as a sequence of 591 octets, either by directly encoding the literal string's octets, or 592 by using a Huffman code (see [HUFFMAN]). 594 0 1 2 3 4 5 6 7 595 +---+---+---+---+---+---+---+---+ 596 | H | String Length (7+) | 597 +---+---------------------------+ 598 | String Data (Length octets) | 599 +-------------------------------+ 601 Figure 4: String Literal Representation 603 A literal string representation contains the following fields: 605 H: A one bit flag, H, indicating whether or not the octets of the 606 string are Huffman encoded. 608 String Length: The number of octets used to encode the string 609 literal, encoded as an integer with 7-bit prefix (see 610 Section 5.1). 612 String Data: The encoded data of the string literal. If H is '0', 613 then the encoded data is the raw octets of the string literal. If 614 H is '1', then the encoded data is the Huffman encoding of the 615 string literal. 617 String literals which use Huffman encoding are encoded with the 618 Huffman code defined in Appendix B (see examples for requests in 619 Appendix C.4 and for responses in Appendix C.6). The encoded data is 620 the bitwise concatenation of the codes corresponding to each octet of 621 the string literal. 623 As the Huffman encoded data doesn't always end at an octet boundary, 624 some padding is inserted after it, up to the next octet boundary. To 625 prevent this padding to be misinterpreted as part of the string 626 literal, the most significant bits of the code corresponding to the 627 EOS (end-of-string) symbol are used. 629 Upon decoding, an incomplete code at the end of the encoded data is 630 to be considered as padding and discarded. A padding strictly longer 631 than 7 bits MUST be treated as a decoding error. A padding not 632 corresponding to the most significant bits of the code for the EOS 633 symbol MUST be treated as a decoding error. A Huffman encoded string 634 literal containing the EOS symbol MUST be treated as a decoding 635 error. 637 6. Binary Format 639 This section describes the detailed format of each of the different 640 header field representations, plus the encoding context update 641 instruction. 643 6.1. Indexed Header Field Representation 645 An indexed header field representation identifies an entry in either 646 the static table or the dynamic table (see Section 2.3). 648 An indexed header field representation causes a header field to be 649 added to the decoded header list, as described in Section 3.2. 651 0 1 2 3 4 5 6 7 652 +---+---+---+---+---+---+---+---+ 653 | 1 | Index (7+) | 654 +---+---------------------------+ 656 Figure 5: Indexed Header Field 658 An indexed header field starts with the '1' 1-bit pattern, followed 659 by the index of the matching header field, represented as an integer 660 with a 7-bit prefix (see Section 5.1). 662 The index value of 0 is not used. It MUST be treated as a decoding 663 error if found in an indexed header field representation. 665 6.2. Literal Header Field Representation 667 A literal header field representation contains a literal header field 668 value. Header field names are either provided as a literal or by 669 reference to an existing table entry, either from the static table or 670 the dynamic table (see Section 2.3). 672 This specification defines three forms of literal header field 673 representations; with indexing, without indexing, and never indexed. 675 6.2.1. Literal Header Field with Incremental Indexing 677 A literal header field with incremental indexing representation 678 results in appending a header field to the decoded header list and 679 inserting it as a new entry into the dynamic table. 681 0 1 2 3 4 5 6 7 682 +---+---+---+---+---+---+---+---+ 683 | 0 | 1 | Index (6+) | 684 +---+---+-----------------------+ 685 | H | Value Length (7+) | 686 +---+---------------------------+ 687 | Value String (Length octets) | 688 +-------------------------------+ 690 Figure 6: Literal Header Field with Incremental Indexing - Indexed 691 Name 693 0 1 2 3 4 5 6 7 694 +---+---+---+---+---+---+---+---+ 695 | 0 | 1 | 0 | 696 +---+---+-----------------------+ 697 | H | Name Length (7+) | 698 +---+---------------------------+ 699 | Name String (Length octets) | 700 +---+---------------------------+ 701 | H | Value Length (7+) | 702 +---+---------------------------+ 703 | Value String (Length octets) | 704 +-------------------------------+ 706 Figure 7: Literal Header Field with Incremental Indexing - New Name 708 A literal header field with incremental indexing representation 709 starts with the '01' 2-bit pattern. 711 If the header field name matches the header field name of an entry 712 stored in the static table or the dynamic table, the header field 713 name can be represented using the index of that entry. In this case, 714 the index of the entry is represented as an integer with a 6-bit 715 prefix (see Section 5.1). This value is always non-zero. 717 Otherwise, the header field name is represented as a literal string 718 (see Section 5.2). A value 0 is used in place of the 6-bit index, 719 followed by the header field name. 721 Either form of header field name representation is followed by the 722 header field value represented as a literal string (see Section 5.2). 724 6.2.2. Literal Header Field without Indexing 726 A literal header field without indexing representation results in 727 appending a header field to the decoded header list without altering 728 the dynamic table. 730 0 1 2 3 4 5 6 7 731 +---+---+---+---+---+---+---+---+ 732 | 0 | 0 | 0 | 0 | Index (4+) | 733 +---+---+-----------------------+ 734 | H | Value Length (7+) | 735 +---+---------------------------+ 736 | Value String (Length octets) | 737 +-------------------------------+ 739 Figure 8: Literal Header Field without Indexing - Indexed Name 741 0 1 2 3 4 5 6 7 742 +---+---+---+---+---+---+---+---+ 743 | 0 | 0 | 0 | 0 | 0 | 744 +---+---+-----------------------+ 745 | H | Name Length (7+) | 746 +---+---------------------------+ 747 | Name String (Length octets) | 748 +---+---------------------------+ 749 | H | Value Length (7+) | 750 +---+---------------------------+ 751 | Value String (Length octets) | 752 +-------------------------------+ 754 Figure 9: Literal Header Field without Indexing - New Name 756 A literal header field without indexing representation starts with 757 the '0000' 4-bit pattern. 759 If the header field name matches the header field name of an entry 760 stored in the static table or the dynamic table, the header field 761 name can be represented using the index of that entry. In this case, 762 the index of the entry is represented as an integer with a 4-bit 763 prefix (see Section 5.1). This value is always non-zero. 765 Otherwise, the header field name is represented as a literal string 766 (see Section 5.2). A value 0 is used in place of the 4-bit index, 767 followed by the header field name. 769 Either form of header field name representation is followed by the 770 header field value represented as a literal string (see Section 5.2). 772 6.2.3. Literal Header Field never Indexed 774 A literal header field never indexed representation results in 775 appending a header field to the decoded header list without altering 776 the dynamic table. Intermediaries MUST use the same representation 777 for encoding this header field. 779 0 1 2 3 4 5 6 7 780 +---+---+---+---+---+---+---+---+ 781 | 0 | 0 | 0 | 1 | Index (4+) | 782 +---+---+-----------------------+ 783 | H | Value Length (7+) | 784 +---+---------------------------+ 785 | Value String (Length octets) | 786 +-------------------------------+ 788 Figure 10: Literal Header Field never Indexed - Indexed Name 790 0 1 2 3 4 5 6 7 791 +---+---+---+---+---+---+---+---+ 792 | 0 | 0 | 0 | 1 | 0 | 793 +---+---+-----------------------+ 794 | H | Name Length (7+) | 795 +---+---------------------------+ 796 | Name String (Length octets) | 797 +---+---------------------------+ 798 | H | Value Length (7+) | 799 +---+---------------------------+ 800 | Value String (Length octets) | 801 +-------------------------------+ 803 Figure 11: Literal Header Field never Indexed - New Name 805 A literal header field never indexed representation starts with the 806 '0001' 4-bit pattern. 808 When a header field is represented as a literal header field never 809 indexed, it MUST always be encoded with this specific literal 810 representation. In particular, when a peer sends a header field that 811 it received represented as a literal header field never indexed, it 812 MUST use the same representation to forward this header field. 814 This representation is intended for protecting header field values 815 that are not to be put at risk by compressing them (see Section 7.1 816 for more details). 818 The encoding of the representation is identical to the literal header 819 field without indexing (see Section 6.2.2). 821 6.3. Dynamic Table Size Update 823 A dynamic table size update signals a change to the size of the 824 dynamic table. 826 0 1 2 3 4 5 6 7 827 +---+---+---+---+---+---+---+---+ 828 | 0 | 0 | 1 | Max size (5+) | 829 +---+---------------------------+ 831 Figure 12: Maximum Dynamic Table Size Change 833 A dynamic table size update starts with the '001' 3-bit pattern, 834 followed by the new maximum size, represented as an integer with a 835 5-bit prefix (see Section 5.1). 837 The new maximum size MUST be lower than or equal to the last value of 838 the maximum size of the dynamic table. A value that exceeds this 839 limit MUST be treated as a decoding error. In HTTP/2, this limit is 840 the last value of the SETTINGS_HEADER_TABLE_SIZE parameter (see 841 Section 6.5.2 of [HTTP2]) received from the decoder and acknowledged 842 by the encoder (see Section 6.5.3 of [HTTP2]). 844 Reducing the maximum size of the dynamic table can cause entries to 845 be evicted (see Section 4.3). 847 7. Security Considerations 849 This section describes potential areas of security concern with 850 HPACK: 852 o Use of compression as a length-based oracle for verifying guesses 853 about secrets that are compressed into a shared compression 854 context. 856 o Denial of service resulting from exhausting processing or memory 857 capacity at a decoder. 859 7.1. Probing Dynamic Table State 861 HPACK reduces the length of header field encodings by exploiting the 862 redundancy inherent in protocols like HTTP. The ultimate goal of 863 this is to reduce the amount of data that is required to send HTTP 864 requests or responses. 866 The compression context used to encode header fields can be probed by 867 an attacker who can both define header fields to be encoded and 868 transmitted and observe the length of those fields once they are 869 encoded. When an attacker can do both, they can adaptively modify 870 requests in order to confirm guesses about the dynamic table state. 871 If a guess is compressed into a shorter length, the attacker can 872 observe the encoded length and infer that the guess was correct. 874 This is possible even over the Transport Layer Security Protocol 875 (TLS, see [TLS12]), because while TLS provides confidentiality 876 protection for content, it only provides a limited amount of 877 protection for the length of that content. 879 Note: Padding schemes only provide limited protection against an 880 attacker with these capabilities, potentially only forcing an 881 increased number of guesses to learn the length associated with a 882 given guess. Padding schemes also work directly against 883 compression by increasing the number of bits that are transmitted. 885 Attacks like CRIME [CRIME] demonstrated the existence of these 886 general attacker capabilities. The specific attack exploited the 887 fact that DEFLATE [DEFLATE] removes redundancy based on prefix 888 matching. This permitted the attacker to confirm guesses a character 889 at a time, reducing an exponential-time attack into a linear-time 890 attack. 892 7.1.1. Applicability to HPACK and HTTP 894 HPACK mitigates but does not completely prevent attacks modeled on 895 CRIME [CRIME] by forcing a guess to match an entire header field 896 value, rather than individual characters. An attacker can only learn 897 whether a guess is correct or not, so is reduced to a brute force 898 guess for the header field values. 900 The viability of recovering specific header field values therefore 901 depends on the entropy of values. As a result, values with high 902 entropy are unlikely to be recovered successfully. However, values 903 with low entropy remain vulnerable. 905 Attacks of this nature are possible any time that two mutually 906 distrustful entities control requests or responses that are placed 907 onto a single HTTP/2 connection. If the shared HPACK compressor 908 permits one entity to add entries to the dynamic table, and the other 909 to access those entries, then the state of the table can be learned. 911 Having requests or responses from mutually distrustful entities 912 occurs when an intermediary either: 914 o sends requests from multiple clients on a single connection toward 915 an origin server, or 917 o takes responses from multiple origin servers and places them on a 918 shared connection toward a client. 920 Web browsers also need to assume that requests made on the same 921 connection by different web origins [ORIGIN] are made by mutually 922 distrustful entities. 924 7.1.2. Mitigation 926 Users of HTTP that require confidentiality for header fields can use 927 values with entropy sufficient to make guessing infeasible. However, 928 this is impractical as a general solution because it forces all users 929 of HTTP to take steps to mitigate attacks. It would impose new 930 constraints on how HTTP is used. 932 Rather than impose constraints on users of HTTP, an implementation of 933 HPACK can instead constrain how compression is applied in order to 934 limit the potential for dynamic table probing. 936 An ideal solution segregates access to the dynamic table based on the 937 entity that is constructing header fields. Header field values that 938 are added to the table are attributed to an entity, and only the 939 entity that created a particular value can extract that value. 941 To improve compression performance of this option, certain entries 942 might be tagged as being public. For example, a web browser might 943 make the values of the Accept-Encoding header field available in all 944 requests. 946 An encoder without good knowledge of the provenance of header fields 947 might instead introduce a penalty for a header field with many 948 different values, such that a large number of attempts to guess a 949 header field value results in the header field no more being compared 950 to the dynamic table entries in future messages, effectively 951 preventing further guesses. 953 Note: Simply removing entries corresponding to the header field from 954 the dynamic table can be ineffectual if the attacker has a 955 reliable way of causing values to be reinstalled. For example, a 956 request to load an image in a web browser typically includes the 957 Cookie header field (a potentially highly valued target for this 958 sort of attack), and web sites can easily force an image to be 959 loaded, thereby refreshing the entry in the dynamic table. 961 This response might be made inversely proportional to the length of 962 the header field value. Marking a header field as not using the 963 dynamic table any more might occur for shorter values more quickly or 964 with higher probability than for longer values. 966 7.1.3. Never Indexed Literals 968 Implementations can also choose to protect sensitive header fields by 969 not compressing them and instead encoding their value as literals. 971 Refusing to generate an indexed representation for a header field is 972 only effective if compression is avoided on all hops. The never 973 indexed literal (see Section 6.2.3) can be used to signal to 974 intermediaries that a particular value was intentionally sent as a 975 literal. 977 An intermediary MUST NOT re-encode a value that uses the never 978 indexed literal representation with another representation that would 979 index it. If HPACK is used for re-encoding, the never indexed 980 literal representation MUST be used. 982 The choice to use a never indexed literal representation for a header 983 field depends on several factors. Since HPACK doesn't protect 984 against guessing an entire header field value, short or low-entropy 985 values are more readily recovered by an adversary. Therefore, an 986 encoder might choose not to index values with low entropy. 988 An encoder might also choose not to index values for header fields 989 that are considered to be highly valuable or sensitive to recovery, 990 such as the Cookie or Authorization header fields. 992 On the contrary, an encoder might prefer indexing values for header 993 fields that have little or no value if they were exposed. For 994 instance, a User-Agent header field does not commonly vary between 995 requests and is sent to any server. In that case, confirmation that 996 a particular User-Agent value has been used provides little value. 998 Note that these criteria for deciding to use a never indexed literal 999 representation will evolve over time as new attacks are discovered. 1001 7.2. Static Huffman Encoding 1003 There is no currently known attack against a static Huffman encoding. 1004 A study has shown that using a static Huffman encoding table created 1005 an information leakage, however this same study concluded that an 1006 attacker could not take advantage of this information leakage to 1007 recover any meaningful amount of information (see [PETAL]). 1009 7.3. Memory Consumption 1011 An attacker can try to cause an endpoint to exhaust its memory. 1012 HPACK is designed to limit both the peak and state amounts of memory 1013 allocated by an endpoint. 1015 The amount of memory used by the compressor is limited by the 1016 protocol using HPACK through the definition of the maximum size of 1017 the dynamic table. In HTTP/2, this value is controlled by the 1018 decoder through the setting parameter SETTINGS_HEADER_TABLE_SIZE (see 1019 Section 6.5.2 of [HTTP2]). This limit takes into account both the 1020 size of the data stored in the dynamic table, plus a small allowance 1021 for overhead. 1023 A decoder can limit the amount of state memory used by setting an 1024 appropriate value for the maximum size of the dynamic table. In 1025 HTTP/2, this is realized by setting an appropriate value for the 1026 SETTINGS_HEADER_TABLE_SIZE parameter. An encoder can limit the 1027 amount of state memory it uses by signaling lower dynamic table size 1028 than the decoder allows (see Section 6.3). 1030 The amount of temporary memory consumed by an encoder or decoder can 1031 be limited by processing header fields sequentially. An 1032 implementation does not need to retain a complete list of header 1033 fields. Note however that it might be necessary for an application 1034 to retain a complete header list for other reasons; even though HPACK 1035 does not force this to occur, application constraints might make this 1036 necessary. 1038 7.4. Implementation Limits 1040 An implementation of HPACK needs to ensure that large values for 1041 integers, long encoding for integers, or long string literals do not 1042 create security weaknesses. 1044 An implementation has to set a limit for the values it accepts for 1045 integers, as well as for the encoded length (see Section 5.1). In 1046 the same way, it has to set a limit to the length it accepts for 1047 string literals (see Section 5.2). 1049 8. IANA Considerations 1051 This document has no IANA actions. 1053 9. Acknowledgments 1055 This specification includes substantial input from the following 1056 individuals: 1058 o Mike Bishop, Jeff Pinner, Julian Reschke, Martin Thomson 1059 (substantial editorial contributions). 1061 o Johnny Graettinger (Huffman code statistics). 1063 10. References 1065 10.1. Normative References 1067 [HTTP2] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 1068 Transfer Protocol version 2", draft-ietf-httpbis-http2-17 1069 (work in progress), February 2015. 1071 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1072 Requirement Levels", BCP 14, RFC 2119, March 1997. 1074 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1075 Protocol (HTTP/1.1): Message Syntax and Routing", RFC 1076 7230, June 2014. 1078 10.2. Informative References 1080 [CANONICAL] 1081 Schwartz, E. and B. Kallick, "Generating a canonical 1082 prefix encoding", Communications of the ACM Volume 7 Issue 1083 3, pp. 166-169, March 1964, . 1086 [CRIME] Rizzo, J. and T. Duong, "The CRIME Attack", September 1087 2012, . 1090 [DEFLATE] Deutsch, P., "DEFLATE Compressed Data Format Specification 1091 version 1.3", RFC 1951, May 1996. 1093 [HUFFMAN] Huffman, D., "A Method for the Construction of Minimum 1094 Redundancy Codes", Proceedings of the Institute of Radio 1095 Engineers Volume 40, Number 9, pp. 1098-1101, September 1096 1952, . 1099 [ORIGIN] Barth, A., "The Web Origin Concept", RFC 6454, December 1100 2011. 1102 [PETAL] Tan, J. and J. Nahata, "PETAL: Preset Encoding 1103 Table Information Leakage", April 2013, 1104 . 1107 [SPDY] Belshe, M. and R. Peon, "SPDY Protocol", draft-mbelshe- 1108 httpbis-spdy-00 (work in progress), February 2012. 1110 [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security 1111 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1113 Appendix A. Static Table Definition 1115 The static table (see Section 2.3.1) consists in a predefined and 1116 unchangeable list of header fields. 1118 The static table was created from the most frequent header fields 1119 used by popular web sites, with the addition of HTTP/2-specific 1120 pseudo-header fields (see Section 8.1.2.1 of [HTTP2]). For header 1121 fields with a few frequent values, an entry was added for each of 1122 these frequent values. For other header fields, an entry was added 1123 with an empty value. 1125 The following table lists the predefined header fields that make-up 1126 the static table. 1128 +-------+-----------------------------+---------------+ 1129 | Index | Header Name | Header Value | 1130 +-------+-----------------------------+---------------+ 1131 | 1 | :authority | | 1132 | 2 | :method | GET | 1133 | 3 | :method | POST | 1134 | 4 | :path | / | 1135 | 5 | :path | /index.html | 1136 | 6 | :scheme | http | 1137 | 7 | :scheme | https | 1138 | 8 | :status | 200 | 1139 | 9 | :status | 204 | 1140 | 10 | :status | 206 | 1141 | 11 | :status | 304 | 1142 | 12 | :status | 400 | 1143 | 13 | :status | 404 | 1144 | 14 | :status | 500 | 1145 | 15 | accept-charset | | 1146 | 16 | accept-encoding | gzip, deflate | 1147 | 17 | accept-language | | 1148 | 18 | accept-ranges | | 1149 | 19 | accept | | 1150 | 20 | access-control-allow-origin | | 1151 | 21 | age | | 1152 | 22 | allow | | 1153 | 23 | authorization | | 1154 | 24 | cache-control | | 1155 | 25 | content-disposition | | 1156 | 26 | content-encoding | | 1157 | 27 | content-language | | 1158 | 28 | content-length | | 1159 | 29 | content-location | | 1160 | 30 | content-range | | 1161 | 31 | content-type | | 1162 | 32 | cookie | | 1163 | 33 | date | | 1164 | 34 | etag | | 1165 | 35 | expect | | 1166 | 36 | expires | | 1167 | 37 | from | | 1168 | 38 | host | | 1169 | 39 | if-match | | 1170 | 40 | if-modified-since | | 1171 | 41 | if-none-match | | 1172 | 42 | if-range | | 1173 | 43 | if-unmodified-since | | 1174 | 44 | last-modified | | 1175 | 45 | link | | 1176 | 46 | location | | 1177 | 47 | max-forwards | | 1178 | 48 | proxy-authenticate | | 1179 | 49 | proxy-authorization | | 1180 | 50 | range | | 1181 | 51 | referer | | 1182 | 52 | refresh | | 1183 | 53 | retry-after | | 1184 | 54 | server | | 1185 | 55 | set-cookie | | 1186 | 56 | strict-transport-security | | 1187 | 57 | transfer-encoding | | 1188 | 58 | user-agent | | 1189 | 59 | vary | | 1190 | 60 | via | | 1191 | 61 | www-authenticate | | 1192 +-------+-----------------------------+---------------+ 1194 Table 1: Static Table Entries 1196 Table 1 gives the index of each entry in the static table. 1198 Appendix B. Huffman Code 1200 The following Huffman code is used when encoding string literals with 1201 a Huffman coding (see Section 5.2). 1203 This Huffman code was generated from statistics obtained on a large 1204 sample of HTTP headers. It is a canonical Huffman code (see 1205 [CANONICAL]) with some tweaking to ensure that no symbol has a unique 1206 code length. 1208 Each row in the table defines the code used to represent a symbol: 1210 sym: The symbol to be represented. It is the decimal value of an 1211 octet, possibly prepended with its ASCII representation. A 1212 specific symbol, "EOS", is used to indicate the end of a string 1213 literal. 1215 code as bits: The Huffman code for the symbol represented as a 1216 base-2 integer, aligned on the most significant bit (MSB). 1218 code as hex: The Huffman code for the symbol, represented as a 1219 hexadecimal integer, aligned on the least significant bit (LSB). 1221 len: The number of bits for the code representing the symbol. 1223 As an example, the code for the symbol 47 (corresponding to the ASCII 1224 character "/") consists in the 6 bits "0", "1", "1", "0", "0", "0". 1225 This corresponds to the value 0x18 (in hexadecimal) encoded in 6 1226 bits. 1228 code 1229 code as bits as hex len 1230 sym aligned to MSB aligned in 1231 to LSB bits 1232 ( 0) |11111111|11000 1ff8 [13] 1233 ( 1) |11111111|11111111|1011000 7fffd8 [23] 1234 ( 2) |11111111|11111111|11111110|0010 fffffe2 [28] 1235 ( 3) |11111111|11111111|11111110|0011 fffffe3 [28] 1236 ( 4) |11111111|11111111|11111110|0100 fffffe4 [28] 1237 ( 5) |11111111|11111111|11111110|0101 fffffe5 [28] 1238 ( 6) |11111111|11111111|11111110|0110 fffffe6 [28] 1239 ( 7) |11111111|11111111|11111110|0111 fffffe7 [28] 1240 ( 8) |11111111|11111111|11111110|1000 fffffe8 [28] 1241 ( 9) |11111111|11111111|11101010 ffffea [24] 1242 ( 10) |11111111|11111111|11111111|111100 3ffffffc [30] 1243 ( 11) |11111111|11111111|11111110|1001 fffffe9 [28] 1244 ( 12) |11111111|11111111|11111110|1010 fffffea [28] 1245 ( 13) |11111111|11111111|11111111|111101 3ffffffd [30] 1246 ( 14) |11111111|11111111|11111110|1011 fffffeb [28] 1247 ( 15) |11111111|11111111|11111110|1100 fffffec [28] 1248 ( 16) |11111111|11111111|11111110|1101 fffffed [28] 1249 ( 17) |11111111|11111111|11111110|1110 fffffee [28] 1250 ( 18) |11111111|11111111|11111110|1111 fffffef [28] 1251 ( 19) |11111111|11111111|11111111|0000 ffffff0 [28] 1252 ( 20) |11111111|11111111|11111111|0001 ffffff1 [28] 1253 ( 21) |11111111|11111111|11111111|0010 ffffff2 [28] 1254 ( 22) |11111111|11111111|11111111|111110 3ffffffe [30] 1255 ( 23) |11111111|11111111|11111111|0011 ffffff3 [28] 1256 ( 24) |11111111|11111111|11111111|0100 ffffff4 [28] 1257 ( 25) |11111111|11111111|11111111|0101 ffffff5 [28] 1258 ( 26) |11111111|11111111|11111111|0110 ffffff6 [28] 1259 ( 27) |11111111|11111111|11111111|0111 ffffff7 [28] 1260 ( 28) |11111111|11111111|11111111|1000 ffffff8 [28] 1261 ( 29) |11111111|11111111|11111111|1001 ffffff9 [28] 1262 ( 30) |11111111|11111111|11111111|1010 ffffffa [28] 1263 ( 31) |11111111|11111111|11111111|1011 ffffffb [28] 1264 ' ' ( 32) |010100 14 [ 6] 1265 '!' ( 33) |11111110|00 3f8 [10] 1266 '"' ( 34) |11111110|01 3f9 [10] 1267 '#' ( 35) |11111111|1010 ffa [12] 1268 '$' ( 36) |11111111|11001 1ff9 [13] 1269 '%' ( 37) |010101 15 [ 6] 1270 '&' ( 38) |11111000 f8 [ 8] 1271 ''' ( 39) |11111111|010 7fa [11] 1272 '(' ( 40) |11111110|10 3fa [10] 1273 ')' ( 41) |11111110|11 3fb [10] 1274 '*' ( 42) |11111001 f9 [ 8] 1275 '+' ( 43) |11111111|011 7fb [11] 1276 ',' ( 44) |11111010 fa [ 8] 1277 '-' ( 45) |010110 16 [ 6] 1278 '.' ( 46) |010111 17 [ 6] 1279 '/' ( 47) |011000 18 [ 6] 1280 '0' ( 48) |00000 0 [ 5] 1281 '1' ( 49) |00001 1 [ 5] 1282 '2' ( 50) |00010 2 [ 5] 1283 '3' ( 51) |011001 19 [ 6] 1284 '4' ( 52) |011010 1a [ 6] 1285 '5' ( 53) |011011 1b [ 6] 1286 '6' ( 54) |011100 1c [ 6] 1287 '7' ( 55) |011101 1d [ 6] 1288 '8' ( 56) |011110 1e [ 6] 1289 '9' ( 57) |011111 1f [ 6] 1290 ':' ( 58) |1011100 5c [ 7] 1291 ';' ( 59) |11111011 fb [ 8] 1292 '<' ( 60) |11111111|1111100 7ffc [15] 1293 '=' ( 61) |100000 20 [ 6] 1294 '>' ( 62) |11111111|1011 ffb [12] 1295 '?' ( 63) |11111111|00 3fc [10] 1296 '@' ( 64) |11111111|11010 1ffa [13] 1297 'A' ( 65) |100001 21 [ 6] 1298 'B' ( 66) |1011101 5d [ 7] 1299 'C' ( 67) |1011110 5e [ 7] 1300 'D' ( 68) |1011111 5f [ 7] 1301 'E' ( 69) |1100000 60 [ 7] 1302 'F' ( 70) |1100001 61 [ 7] 1303 'G' ( 71) |1100010 62 [ 7] 1304 'H' ( 72) |1100011 63 [ 7] 1305 'I' ( 73) |1100100 64 [ 7] 1306 'J' ( 74) |1100101 65 [ 7] 1307 'K' ( 75) |1100110 66 [ 7] 1308 'L' ( 76) |1100111 67 [ 7] 1309 'M' ( 77) |1101000 68 [ 7] 1310 'N' ( 78) |1101001 69 [ 7] 1311 'O' ( 79) |1101010 6a [ 7] 1312 'P' ( 80) |1101011 6b [ 7] 1313 'Q' ( 81) |1101100 6c [ 7] 1314 'R' ( 82) |1101101 6d [ 7] 1315 'S' ( 83) |1101110 6e [ 7] 1316 'T' ( 84) |1101111 6f [ 7] 1317 'U' ( 85) |1110000 70 [ 7] 1318 'V' ( 86) |1110001 71 [ 7] 1319 'W' ( 87) |1110010 72 [ 7] 1320 'X' ( 88) |11111100 fc [ 8] 1321 'Y' ( 89) |1110011 73 [ 7] 1322 'Z' ( 90) |11111101 fd [ 8] 1323 '[' ( 91) |11111111|11011 1ffb [13] 1324 '\' ( 92) |11111111|11111110|000 7fff0 [19] 1325 ']' ( 93) |11111111|11100 1ffc [13] 1326 '^' ( 94) |11111111|111100 3ffc [14] 1327 '_' ( 95) |100010 22 [ 6] 1328 '`' ( 96) |11111111|1111101 7ffd [15] 1329 'a' ( 97) |00011 3 [ 5] 1330 'b' ( 98) |100011 23 [ 6] 1331 'c' ( 99) |00100 4 [ 5] 1332 'd' (100) |100100 24 [ 6] 1333 'e' (101) |00101 5 [ 5] 1334 'f' (102) |100101 25 [ 6] 1335 'g' (103) |100110 26 [ 6] 1336 'h' (104) |100111 27 [ 6] 1337 'i' (105) |00110 6 [ 5] 1338 'j' (106) |1110100 74 [ 7] 1339 'k' (107) |1110101 75 [ 7] 1340 'l' (108) |101000 28 [ 6] 1341 'm' (109) |101001 29 [ 6] 1342 'n' (110) |101010 2a [ 6] 1343 'o' (111) |00111 7 [ 5] 1344 'p' (112) |101011 2b [ 6] 1345 'q' (113) |1110110 76 [ 7] 1346 'r' (114) |101100 2c [ 6] 1347 's' (115) |01000 8 [ 5] 1348 't' (116) |01001 9 [ 5] 1349 'u' (117) |101101 2d [ 6] 1350 'v' (118) |1110111 77 [ 7] 1351 'w' (119) |1111000 78 [ 7] 1352 'x' (120) |1111001 79 [ 7] 1353 'y' (121) |1111010 7a [ 7] 1354 'z' (122) |1111011 7b [ 7] 1355 '{' (123) |11111111|1111110 7ffe [15] 1356 '|' (124) |11111111|100 7fc [11] 1357 '}' (125) |11111111|111101 3ffd [14] 1358 '~' (126) |11111111|11101 1ffd [13] 1359 (127) |11111111|11111111|11111111|1100 ffffffc [28] 1360 (128) |11111111|11111110|0110 fffe6 [20] 1361 (129) |11111111|11111111|010010 3fffd2 [22] 1362 (130) |11111111|11111110|0111 fffe7 [20] 1363 (131) |11111111|11111110|1000 fffe8 [20] 1364 (132) |11111111|11111111|010011 3fffd3 [22] 1365 (133) |11111111|11111111|010100 3fffd4 [22] 1366 (134) |11111111|11111111|010101 3fffd5 [22] 1367 (135) |11111111|11111111|1011001 7fffd9 [23] 1368 (136) |11111111|11111111|010110 3fffd6 [22] 1369 (137) |11111111|11111111|1011010 7fffda [23] 1370 (138) |11111111|11111111|1011011 7fffdb [23] 1371 (139) |11111111|11111111|1011100 7fffdc [23] 1372 (140) |11111111|11111111|1011101 7fffdd [23] 1373 (141) |11111111|11111111|1011110 7fffde [23] 1374 (142) |11111111|11111111|11101011 ffffeb [24] 1375 (143) |11111111|11111111|1011111 7fffdf [23] 1376 (144) |11111111|11111111|11101100 ffffec [24] 1377 (145) |11111111|11111111|11101101 ffffed [24] 1378 (146) |11111111|11111111|010111 3fffd7 [22] 1379 (147) |11111111|11111111|1100000 7fffe0 [23] 1380 (148) |11111111|11111111|11101110 ffffee [24] 1381 (149) |11111111|11111111|1100001 7fffe1 [23] 1382 (150) |11111111|11111111|1100010 7fffe2 [23] 1383 (151) |11111111|11111111|1100011 7fffe3 [23] 1384 (152) |11111111|11111111|1100100 7fffe4 [23] 1385 (153) |11111111|11111110|11100 1fffdc [21] 1386 (154) |11111111|11111111|011000 3fffd8 [22] 1387 (155) |11111111|11111111|1100101 7fffe5 [23] 1388 (156) |11111111|11111111|011001 3fffd9 [22] 1389 (157) |11111111|11111111|1100110 7fffe6 [23] 1390 (158) |11111111|11111111|1100111 7fffe7 [23] 1391 (159) |11111111|11111111|11101111 ffffef [24] 1392 (160) |11111111|11111111|011010 3fffda [22] 1393 (161) |11111111|11111110|11101 1fffdd [21] 1394 (162) |11111111|11111110|1001 fffe9 [20] 1395 (163) |11111111|11111111|011011 3fffdb [22] 1396 (164) |11111111|11111111|011100 3fffdc [22] 1397 (165) |11111111|11111111|1101000 7fffe8 [23] 1398 (166) |11111111|11111111|1101001 7fffe9 [23] 1399 (167) |11111111|11111110|11110 1fffde [21] 1400 (168) |11111111|11111111|1101010 7fffea [23] 1401 (169) |11111111|11111111|011101 3fffdd [22] 1402 (170) |11111111|11111111|011110 3fffde [22] 1403 (171) |11111111|11111111|11110000 fffff0 [24] 1404 (172) |11111111|11111110|11111 1fffdf [21] 1405 (173) |11111111|11111111|011111 3fffdf [22] 1406 (174) |11111111|11111111|1101011 7fffeb [23] 1407 (175) |11111111|11111111|1101100 7fffec [23] 1408 (176) |11111111|11111111|00000 1fffe0 [21] 1409 (177) |11111111|11111111|00001 1fffe1 [21] 1410 (178) |11111111|11111111|100000 3fffe0 [22] 1411 (179) |11111111|11111111|00010 1fffe2 [21] 1412 (180) |11111111|11111111|1101101 7fffed [23] 1413 (181) |11111111|11111111|100001 3fffe1 [22] 1414 (182) |11111111|11111111|1101110 7fffee [23] 1415 (183) |11111111|11111111|1101111 7fffef [23] 1416 (184) |11111111|11111110|1010 fffea [20] 1417 (185) |11111111|11111111|100010 3fffe2 [22] 1418 (186) |11111111|11111111|100011 3fffe3 [22] 1419 (187) |11111111|11111111|100100 3fffe4 [22] 1420 (188) |11111111|11111111|1110000 7ffff0 [23] 1421 (189) |11111111|11111111|100101 3fffe5 [22] 1422 (190) |11111111|11111111|100110 3fffe6 [22] 1423 (191) |11111111|11111111|1110001 7ffff1 [23] 1424 (192) |11111111|11111111|11111000|00 3ffffe0 [26] 1425 (193) |11111111|11111111|11111000|01 3ffffe1 [26] 1426 (194) |11111111|11111110|1011 fffeb [20] 1427 (195) |11111111|11111110|001 7fff1 [19] 1428 (196) |11111111|11111111|100111 3fffe7 [22] 1429 (197) |11111111|11111111|1110010 7ffff2 [23] 1430 (198) |11111111|11111111|101000 3fffe8 [22] 1431 (199) |11111111|11111111|11110110|0 1ffffec [25] 1432 (200) |11111111|11111111|11111000|10 3ffffe2 [26] 1433 (201) |11111111|11111111|11111000|11 3ffffe3 [26] 1434 (202) |11111111|11111111|11111001|00 3ffffe4 [26] 1435 (203) |11111111|11111111|11111011|110 7ffffde [27] 1436 (204) |11111111|11111111|11111011|111 7ffffdf [27] 1437 (205) |11111111|11111111|11111001|01 3ffffe5 [26] 1438 (206) |11111111|11111111|11110001 fffff1 [24] 1439 (207) |11111111|11111111|11110110|1 1ffffed [25] 1440 (208) |11111111|11111110|010 7fff2 [19] 1441 (209) |11111111|11111111|00011 1fffe3 [21] 1442 (210) |11111111|11111111|11111001|10 3ffffe6 [26] 1443 (211) |11111111|11111111|11111100|000 7ffffe0 [27] 1444 (212) |11111111|11111111|11111100|001 7ffffe1 [27] 1445 (213) |11111111|11111111|11111001|11 3ffffe7 [26] 1446 (214) |11111111|11111111|11111100|010 7ffffe2 [27] 1447 (215) |11111111|11111111|11110010 fffff2 [24] 1448 (216) |11111111|11111111|00100 1fffe4 [21] 1449 (217) |11111111|11111111|00101 1fffe5 [21] 1450 (218) |11111111|11111111|11111010|00 3ffffe8 [26] 1451 (219) |11111111|11111111|11111010|01 3ffffe9 [26] 1452 (220) |11111111|11111111|11111111|1101 ffffffd [28] 1453 (221) |11111111|11111111|11111100|011 7ffffe3 [27] 1454 (222) |11111111|11111111|11111100|100 7ffffe4 [27] 1455 (223) |11111111|11111111|11111100|101 7ffffe5 [27] 1456 (224) |11111111|11111110|1100 fffec [20] 1457 (225) |11111111|11111111|11110011 fffff3 [24] 1458 (226) |11111111|11111110|1101 fffed [20] 1459 (227) |11111111|11111111|00110 1fffe6 [21] 1460 (228) |11111111|11111111|101001 3fffe9 [22] 1461 (229) |11111111|11111111|00111 1fffe7 [21] 1462 (230) |11111111|11111111|01000 1fffe8 [21] 1463 (231) |11111111|11111111|1110011 7ffff3 [23] 1464 (232) |11111111|11111111|101010 3fffea [22] 1465 (233) |11111111|11111111|101011 3fffeb [22] 1466 (234) |11111111|11111111|11110111|0 1ffffee [25] 1467 (235) |11111111|11111111|11110111|1 1ffffef [25] 1468 (236) |11111111|11111111|11110100 fffff4 [24] 1469 (237) |11111111|11111111|11110101 fffff5 [24] 1470 (238) |11111111|11111111|11111010|10 3ffffea [26] 1471 (239) |11111111|11111111|1110100 7ffff4 [23] 1472 (240) |11111111|11111111|11111010|11 3ffffeb [26] 1473 (241) |11111111|11111111|11111100|110 7ffffe6 [27] 1474 (242) |11111111|11111111|11111011|00 3ffffec [26] 1475 (243) |11111111|11111111|11111011|01 3ffffed [26] 1476 (244) |11111111|11111111|11111100|111 7ffffe7 [27] 1477 (245) |11111111|11111111|11111101|000 7ffffe8 [27] 1478 (246) |11111111|11111111|11111101|001 7ffffe9 [27] 1479 (247) |11111111|11111111|11111101|010 7ffffea [27] 1480 (248) |11111111|11111111|11111101|011 7ffffeb [27] 1481 (249) |11111111|11111111|11111111|1110 ffffffe [28] 1482 (250) |11111111|11111111|11111101|100 7ffffec [27] 1483 (251) |11111111|11111111|11111101|101 7ffffed [27] 1484 (252) |11111111|11111111|11111101|110 7ffffee [27] 1485 (253) |11111111|11111111|11111101|111 7ffffef [27] 1486 (254) |11111111|11111111|11111110|000 7fffff0 [27] 1487 (255) |11111111|11111111|11111011|10 3ffffee [26] 1488 EOS (256) |11111111|11111111|11111111|111111 3fffffff [30] 1490 Appendix C. Examples 1492 A number of examples are worked through here, covering integer 1493 encoding, header field representation, and the encoding of whole 1494 lists of header fields, for both requests and responses, and with and 1495 without Huffman coding. 1497 C.1. Integer Representation Examples 1499 This section shows the representation of integer values in details 1500 (see Section 5.1). 1502 C.1.1. Example 1: Encoding 10 Using a 5-bit Prefix 1504 The value 10 is to be encoded with a 5-bit prefix. 1506 o 10 is less than 31 (2^5 - 1) and is represented using the 5-bit 1507 prefix. 1509 0 1 2 3 4 5 6 7 1510 +---+---+---+---+---+---+---+---+ 1511 | X | X | X | 0 | 1 | 0 | 1 | 0 | 10 stored on 5 bits 1512 +---+---+---+---+---+---+---+---+ 1514 C.1.2. Example 2: Encoding 1337 Using a 5-bit Prefix 1516 The value I=1337 is to be encoded with a 5-bit prefix. 1518 1337 is greater than 31 (2^5 - 1). 1520 The 5-bit prefix is filled with its max value (31). 1522 I = 1337 - (2^5 - 1) = 1306. 1524 I (1306) is greater than or equal to 128, the while loop body 1525 executes: 1527 I % 128 == 26 1529 26 + 128 == 154 1531 154 is encoded in 8 bits as: 10011010 1533 I is set to 10 (1306 / 128 == 10) 1535 I is no longer greater than or equal to 128, the while loop 1536 terminates. 1538 I, now 10, is encoded in 8 bits as: 00001010. 1540 The process ends. 1542 0 1 2 3 4 5 6 7 1543 +---+---+---+---+---+---+---+---+ 1544 | X | X | X | 1 | 1 | 1 | 1 | 1 | Prefix = 31, I = 1306 1545 | 1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1306>=128, encode(154), I=1306/128 1546 | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 10<128, encode(10), done 1547 +---+---+---+---+---+---+---+---+ 1549 C.1.3. Example 3: Encoding 42 Starting at an Octet Boundary 1551 The value 42 is to be encoded starting at an octet-boundary. This 1552 implies that a 8-bit prefix is used. 1554 o 42 is less than 255 (2^8 - 1) and is represented using the 8-bit 1555 prefix. 1557 0 1 2 3 4 5 6 7 1558 +---+---+---+---+---+---+---+---+ 1559 | 0 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 42 stored on 8 bits 1560 +---+---+---+---+---+---+---+---+ 1562 C.2. Header Field Representation Examples 1564 This section shows several independent representation examples. 1566 C.2.1. Literal Header Field with Indexing 1568 The header field representation uses a literal name and a literal 1569 value. The header field is added to the dynamic table. 1571 Header list to encode: 1573 custom-key: custom-header 1575 Hex dump of encoded data: 1577 400a 6375 7374 6f6d 2d6b 6579 0d63 7573 | @.custom-key.cus 1578 746f 6d2d 6865 6164 6572 | tom-header 1579 Decoding process: 1581 40 | == Literal indexed == 1582 0a | Literal name (len = 10) 1583 6375 7374 6f6d 2d6b 6579 | custom-key 1584 0d | Literal value (len = 13) 1585 6375 7374 6f6d 2d68 6561 6465 72 | custom-header 1586 | -> custom-key: custom-head\ 1587 | er 1589 Dynamic Table (after decoding): 1591 [ 1] (s = 55) custom-key: custom-header 1592 Table size: 55 1594 Decoded header list: 1596 custom-key: custom-header 1598 C.2.2. Literal Header Field without Indexing 1600 The header field representation uses an indexed name and a literal 1601 value. The header field is not added to the dynamic table. 1603 Header list to encode: 1605 :path: /sample/path 1607 Hex dump of encoded data: 1609 040c 2f73 616d 706c 652f 7061 7468 | ../sample/path 1611 Decoding process: 1613 04 | == Literal not indexed == 1614 | Indexed name (idx = 4) 1615 | :path 1616 0c | Literal value (len = 12) 1617 2f73 616d 706c 652f 7061 7468 | /sample/path 1618 | -> :path: /sample/path 1620 Dynamic table (after decoding): empty. 1622 Decoded header list: 1624 :path: /sample/path 1626 C.2.3. Literal Header Field never Indexed 1628 The header field representation uses a literal name and a literal 1629 value. The header field is not added to the dynamic table, and must 1630 use the same representation if re-encoded by an intermediary. 1632 Header list to encode: 1634 password: secret 1636 Hex dump of encoded data: 1638 1008 7061 7373 776f 7264 0673 6563 7265 | ..password.secre 1639 74 | t 1641 Decoding process: 1643 10 | == Literal never indexed == 1644 08 | Literal name (len = 8) 1645 7061 7373 776f 7264 | password 1646 06 | Literal value (len = 6) 1647 7365 6372 6574 | secret 1648 | -> password: secret 1650 Dynamic table (after decoding): empty. 1652 Decoded header list: 1654 password: secret 1656 C.2.4. Indexed Header Field 1658 The header field representation uses an indexed header field, from 1659 the static table. 1661 Header list to encode: 1663 :method: GET 1665 Hex dump of encoded data: 1667 82 | . 1669 Decoding process: 1671 82 | == Indexed - Add == 1672 | idx = 2 1673 | -> :method: GET 1675 Dynamic table (after decoding): empty. 1677 Decoded header list: 1679 :method: GET 1681 C.3. Request Examples without Huffman Coding 1683 This section shows several consecutive header lists, corresponding to 1684 HTTP requests, on the same connection. 1686 C.3.1. First Request 1688 Header list to encode: 1690 :method: GET 1691 :scheme: http 1692 :path: / 1693 :authority: www.example.com 1695 Hex dump of encoded data: 1697 8286 8441 0f77 7777 2e65 7861 6d70 6c65 | ...A.www.example 1698 2e63 6f6d | .com 1700 Decoding process: 1702 82 | == Indexed - Add == 1703 | idx = 2 1704 | -> :method: GET 1705 86 | == Indexed - Add == 1706 | idx = 6 1707 | -> :scheme: http 1708 84 | == Indexed - Add == 1709 | idx = 4 1710 | -> :path: / 1711 41 | == Literal indexed == 1712 | Indexed name (idx = 1) 1713 | :authority 1714 0f | Literal value (len = 15) 1715 7777 772e 6578 616d 706c 652e 636f 6d | www.example.com 1716 | -> :authority: www.example\ 1717 | .com 1719 Dynamic Table (after decoding): 1721 [ 1] (s = 57) :authority: www.example.com 1722 Table size: 57 1724 Decoded header list: 1726 :method: GET 1727 :scheme: http 1728 :path: / 1729 :authority: www.example.com 1731 C.3.2. Second Request 1733 Header list to encode: 1735 :method: GET 1736 :scheme: http 1737 :path: / 1738 :authority: www.example.com 1739 cache-control: no-cache 1741 Hex dump of encoded data: 1743 8286 84be 5808 6e6f 2d63 6163 6865 | ....X.no-cache 1745 Decoding process: 1747 82 | == Indexed - Add == 1748 | idx = 2 1749 | -> :method: GET 1750 86 | == Indexed - Add == 1751 | idx = 6 1752 | -> :scheme: http 1753 84 | == Indexed - Add == 1754 | idx = 4 1755 | -> :path: / 1756 be | == Indexed - Add == 1757 | idx = 62 1758 | -> :authority: www.example\ 1759 | .com 1760 58 | == Literal indexed == 1761 | Indexed name (idx = 24) 1762 | cache-control 1763 08 | Literal value (len = 8) 1764 6e6f 2d63 6163 6865 | no-cache 1765 | -> cache-control: no-cache 1767 Dynamic Table (after decoding): 1769 [ 1] (s = 53) cache-control: no-cache 1770 [ 2] (s = 57) :authority: www.example.com 1771 Table size: 110 1773 Decoded header list: 1775 :method: GET 1776 :scheme: http 1777 :path: / 1778 :authority: www.example.com 1779 cache-control: no-cache 1781 C.3.3. Third Request 1783 Header list to encode: 1785 :method: GET 1786 :scheme: https 1787 :path: /index.html 1788 :authority: www.example.com 1789 custom-key: custom-value 1791 Hex dump of encoded data: 1793 8287 85bf 400a 6375 7374 6f6d 2d6b 6579 | ....@.custom-key 1794 0c63 7573 746f 6d2d 7661 6c75 65 | .custom-value 1796 Decoding process: 1798 82 | == Indexed - Add == 1799 | idx = 2 1800 | -> :method: GET 1801 87 | == Indexed - Add == 1802 | idx = 7 1803 | -> :scheme: https 1804 85 | == Indexed - Add == 1805 | idx = 5 1806 | -> :path: /index.html 1807 bf | == Indexed - Add == 1808 | idx = 63 1809 | -> :authority: www.example\ 1810 | .com 1811 40 | == Literal indexed == 1812 0a | Literal name (len = 10) 1813 6375 7374 6f6d 2d6b 6579 | custom-key 1814 0c | Literal value (len = 12) 1815 6375 7374 6f6d 2d76 616c 7565 | custom-value 1816 | -> custom-key: custom-valu\ 1817 | e 1819 Dynamic Table (after decoding): 1821 [ 1] (s = 54) custom-key: custom-value 1822 [ 2] (s = 53) cache-control: no-cache 1823 [ 3] (s = 57) :authority: www.example.com 1824 Table size: 164 1826 Decoded header list: 1828 :method: GET 1829 :scheme: https 1830 :path: /index.html 1831 :authority: www.example.com 1832 custom-key: custom-value 1834 C.4. Request Examples with Huffman Coding 1836 This section shows the same examples as the previous section, but 1837 using Huffman encoding for the literal values. 1839 C.4.1. First Request 1841 Header list to encode: 1843 :method: GET 1844 :scheme: http 1845 :path: / 1846 :authority: www.example.com 1848 Hex dump of encoded data: 1850 8286 8441 8cf1 e3c2 e5f2 3a6b a0ab 90f4 | ...A......:k.... 1851 ff | . 1853 Decoding process: 1855 82 | == Indexed - Add == 1856 | idx = 2 1857 | -> :method: GET 1858 86 | == Indexed - Add == 1859 | idx = 6 1860 | -> :scheme: http 1861 84 | == Indexed - Add == 1862 | idx = 4 1863 | -> :path: / 1864 41 | == Literal indexed == 1865 | Indexed name (idx = 1) 1866 | :authority 1867 8c | Literal value (len = 12) 1868 | Huffman encoded: 1869 f1e3 c2e5 f23a 6ba0 ab90 f4ff | .....:k..... 1870 | Decoded: 1871 | www.example.com 1872 | -> :authority: www.example\ 1873 | .com 1875 Dynamic Table (after decoding): 1877 [ 1] (s = 57) :authority: www.example.com 1878 Table size: 57 1880 Decoded header list: 1882 :method: GET 1883 :scheme: http 1884 :path: / 1885 :authority: www.example.com 1887 C.4.2. Second Request 1889 Header list to encode: 1891 :method: GET 1892 :scheme: http 1893 :path: / 1894 :authority: www.example.com 1895 cache-control: no-cache 1897 Hex dump of encoded data: 1899 8286 84be 5886 a8eb 1064 9cbf | ....X....d.. 1901 Decoding process: 1903 82 | == Indexed - Add == 1904 | idx = 2 1905 | -> :method: GET 1906 86 | == Indexed - Add == 1907 | idx = 6 1908 | -> :scheme: http 1909 84 | == Indexed - Add == 1910 | idx = 4 1911 | -> :path: / 1912 be | == Indexed - Add == 1913 | idx = 62 1914 | -> :authority: www.example\ 1915 | .com 1916 58 | == Literal indexed == 1917 | Indexed name (idx = 24) 1918 | cache-control 1919 86 | Literal value (len = 6) 1920 | Huffman encoded: 1921 a8eb 1064 9cbf | ...d.. 1922 | Decoded: 1923 | no-cache 1924 | -> cache-control: no-cache 1926 Dynamic Table (after decoding): 1928 [ 1] (s = 53) cache-control: no-cache 1929 [ 2] (s = 57) :authority: www.example.com 1930 Table size: 110 1932 Decoded header list: 1934 :method: GET 1935 :scheme: http 1936 :path: / 1937 :authority: www.example.com 1938 cache-control: no-cache 1940 C.4.3. Third Request 1942 Header list to encode: 1944 :method: GET 1945 :scheme: https 1946 :path: /index.html 1947 :authority: www.example.com 1948 custom-key: custom-value 1949 Hex dump of encoded data: 1951 8287 85bf 4088 25a8 49e9 5ba9 7d7f 8925 | ....@.%.I.[.}..% 1952 a849 e95b b8e8 b4bf | .I.[.... 1954 Decoding process: 1956 82 | == Indexed - Add == 1957 | idx = 2 1958 | -> :method: GET 1959 87 | == Indexed - Add == 1960 | idx = 7 1961 | -> :scheme: https 1962 85 | == Indexed - Add == 1963 | idx = 5 1964 | -> :path: /index.html 1965 bf | == Indexed - Add == 1966 | idx = 63 1967 | -> :authority: www.example\ 1968 | .com 1969 40 | == Literal indexed == 1970 88 | Literal name (len = 8) 1971 | Huffman encoded: 1972 25a8 49e9 5ba9 7d7f | %.I.[.}. 1973 | Decoded: 1974 | custom-key 1975 89 | Literal value (len = 9) 1976 | Huffman encoded: 1977 25a8 49e9 5bb8 e8b4 bf | %.I.[.... 1978 | Decoded: 1979 | custom-value 1980 | -> custom-key: custom-valu\ 1981 | e 1983 Dynamic Table (after decoding): 1985 [ 1] (s = 54) custom-key: custom-value 1986 [ 2] (s = 53) cache-control: no-cache 1987 [ 3] (s = 57) :authority: www.example.com 1988 Table size: 164 1990 Decoded header list: 1992 :method: GET 1993 :scheme: https 1994 :path: /index.html 1995 :authority: www.example.com 1996 custom-key: custom-value 1998 C.5. Response Examples without Huffman Coding 2000 This section shows several consecutive header lists, corresponding to 2001 HTTP responses, on the same connection. The HTTP/2 setting parameter 2002 SETTINGS_HEADER_TABLE_SIZE is set to the value of 256 octets, causing 2003 some evictions to occur. 2005 C.5.1. First Response 2007 Header list to encode: 2009 :status: 302 2010 cache-control: private 2011 date: Mon, 21 Oct 2013 20:13:21 GMT 2012 location: https://www.example.com 2014 Hex dump of encoded data: 2016 4803 3330 3258 0770 7269 7661 7465 611d | H.302X.privatea. 2017 4d6f 6e2c 2032 3120 4f63 7420 3230 3133 | Mon, 21 Oct 2013 2018 2032 303a 3133 3a32 3120 474d 546e 1768 | 20:13:21 GMTn.h 2019 7474 7073 3a2f 2f77 7777 2e65 7861 6d70 | ttps://www.examp 2020 6c65 2e63 6f6d | le.com 2021 Decoding process: 2023 48 | == Literal indexed == 2024 | Indexed name (idx = 8) 2025 | :status 2026 03 | Literal value (len = 3) 2027 3330 32 | 302 2028 | -> :status: 302 2029 58 | == Literal indexed == 2030 | Indexed name (idx = 24) 2031 | cache-control 2032 07 | Literal value (len = 7) 2033 7072 6976 6174 65 | private 2034 | -> cache-control: private 2035 61 | == Literal indexed == 2036 | Indexed name (idx = 33) 2037 | date 2038 1d | Literal value (len = 29) 2039 4d6f 6e2c 2032 3120 4f63 7420 3230 3133 | Mon, 21 Oct 2013 2040 2032 303a 3133 3a32 3120 474d 54 | 20:13:21 GMT 2041 | -> date: Mon, 21 Oct 2013 \ 2042 | 20:13:21 GMT 2043 6e | == Literal indexed == 2044 | Indexed name (idx = 46) 2045 | location 2046 17 | Literal value (len = 23) 2047 6874 7470 733a 2f2f 7777 772e 6578 616d | https://www.exam 2048 706c 652e 636f 6d | ple.com 2049 | -> location: https://www.e\ 2050 | xample.com 2052 Dynamic Table (after decoding): 2054 [ 1] (s = 63) location: https://www.example.com 2055 [ 2] (s = 65) date: Mon, 21 Oct 2013 20:13:21 GMT 2056 [ 3] (s = 52) cache-control: private 2057 [ 4] (s = 42) :status: 302 2058 Table size: 222 2060 Decoded header list: 2062 :status: 302 2063 cache-control: private 2064 date: Mon, 21 Oct 2013 20:13:21 GMT 2065 location: https://www.example.com 2067 C.5.2. Second Response 2069 The (":status", "302") header field is evicted from the dynamic table 2070 to free space to allow adding the (":status", "307") header field. 2072 Header list to encode: 2074 :status: 307 2075 cache-control: private 2076 date: Mon, 21 Oct 2013 20:13:21 GMT 2077 location: https://www.example.com 2079 Hex dump of encoded data: 2081 4803 3330 37c1 c0bf | H.307... 2083 Decoding process: 2085 48 | == Literal indexed == 2086 | Indexed name (idx = 8) 2087 | :status 2088 03 | Literal value (len = 3) 2089 3330 37 | 307 2090 | - evict: :status: 302 2091 | -> :status: 307 2092 c1 | == Indexed - Add == 2093 | idx = 65 2094 | -> cache-control: private 2095 c0 | == Indexed - Add == 2096 | idx = 64 2097 | -> date: Mon, 21 Oct 2013 \ 2098 | 20:13:21 GMT 2099 bf | == Indexed - Add == 2100 | idx = 63 2101 | -> location: https://www.e\ 2102 | xample.com 2104 Dynamic Table (after decoding): 2106 [ 1] (s = 42) :status: 307 2107 [ 2] (s = 63) location: https://www.example.com 2108 [ 3] (s = 65) date: Mon, 21 Oct 2013 20:13:21 GMT 2109 [ 4] (s = 52) cache-control: private 2110 Table size: 222 2112 Decoded header list: 2114 :status: 307 2115 cache-control: private 2116 date: Mon, 21 Oct 2013 20:13:21 GMT 2117 location: https://www.example.com 2119 C.5.3. Third Response 2121 Several header fields are evicted from the dynamic table during the 2122 processing of this header list. 2124 Header list to encode: 2126 :status: 200 2127 cache-control: private 2128 date: Mon, 21 Oct 2013 20:13:22 GMT 2129 location: https://www.example.com 2130 content-encoding: gzip 2131 set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1 2133 Hex dump of encoded data: 2135 88c1 611d 4d6f 6e2c 2032 3120 4f63 7420 | ..a.Mon, 21 Oct 2136 3230 3133 2032 303a 3133 3a32 3220 474d | 2013 20:13:22 GM 2137 54c0 5a04 677a 6970 7738 666f 6f3d 4153 | T.Z.gzipw8foo=AS 2138 444a 4b48 514b 425a 584f 5157 454f 5049 | DJKHQKBZXOQWEOPI 2139 5541 5851 5745 4f49 553b 206d 6178 2d61 | UAXQWEOIU; max-a 2140 6765 3d33 3630 303b 2076 6572 7369 6f6e | ge=3600; version 2141 3d31 | =1 2142 Decoding process: 2144 88 | == Indexed - Add == 2145 | idx = 8 2146 | -> :status: 200 2147 c1 | == Indexed - Add == 2148 | idx = 65 2149 | -> cache-control: private 2150 61 | == Literal indexed == 2151 | Indexed name (idx = 33) 2152 | date 2153 1d | Literal value (len = 29) 2154 4d6f 6e2c 2032 3120 4f63 7420 3230 3133 | Mon, 21 Oct 2013 2155 2032 303a 3133 3a32 3220 474d 54 | 20:13:22 GMT 2156 | - evict: cache-control: pr\ 2157 | ivate 2158 | -> date: Mon, 21 Oct 2013 \ 2159 | 20:13:22 GMT 2160 c0 | == Indexed - Add == 2161 | idx = 64 2162 | -> location: https://www.e\ 2163 | xample.com 2164 5a | == Literal indexed == 2165 | Indexed name (idx = 26) 2166 | content-encoding 2167 04 | Literal value (len = 4) 2168 677a 6970 | gzip 2169 | - evict: date: Mon, 21 Oct\ 2170 | 2013 20:13:21 GMT 2171 | -> content-encoding: gzip 2172 77 | == Literal indexed == 2173 | Indexed name (idx = 55) 2174 | set-cookie 2175 38 | Literal value (len = 56) 2176 666f 6f3d 4153 444a 4b48 514b 425a 584f | foo=ASDJKHQKBZXO 2177 5157 454f 5049 5541 5851 5745 4f49 553b | QWEOPIUAXQWEOIU; 2178 206d 6178 2d61 6765 3d33 3630 303b 2076 | max-age=3600; v 2179 6572 7369 6f6e 3d31 | ersion=1 2180 | - evict: location: https:/\ 2181 | /www.example.com 2182 | - evict: :status: 307 2183 | -> set-cookie: foo=ASDJKHQ\ 2184 | KBZXOQWEOPIUAXQWEOIU; ma\ 2185 | x-age=3600; version=1 2187 Dynamic Table (after decoding): 2189 [ 1] (s = 98) set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age\ 2190 =3600; version=1 2191 [ 2] (s = 52) content-encoding: gzip 2192 [ 3] (s = 65) date: Mon, 21 Oct 2013 20:13:22 GMT 2193 Table size: 215 2195 Decoded header list: 2197 :status: 200 2198 cache-control: private 2199 date: Mon, 21 Oct 2013 20:13:22 GMT 2200 location: https://www.example.com 2201 content-encoding: gzip 2202 set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1 2204 C.6. Response Examples with Huffman Coding 2206 This section shows the same examples as the previous section, but 2207 using Huffman encoding for the literal values. The HTTP/2 setting 2208 parameter SETTINGS_HEADER_TABLE_SIZE is set to the value of 256 2209 octets, causing some evictions to occur. The eviction mechanism uses 2210 the length of the decoded literal values, so the same evictions 2211 occurs as in the previous section. 2213 C.6.1. First Response 2215 Header list to encode: 2217 :status: 302 2218 cache-control: private 2219 date: Mon, 21 Oct 2013 20:13:21 GMT 2220 location: https://www.example.com 2222 Hex dump of encoded data: 2224 4882 6402 5885 aec3 771a 4b61 96d0 7abe | H.d.X...w.Ka..z. 2225 9410 54d4 44a8 2005 9504 0b81 66e0 82a6 | ..T.D. .....f... 2226 2d1b ff6e 919d 29ad 1718 63c7 8f0b 97c8 | -..n..)...c..... 2227 e9ae 82ae 43d3 | ....C. 2229 Decoding process: 2231 48 | == Literal indexed == 2232 | Indexed name (idx = 8) 2233 | :status 2234 82 | Literal value (len = 2) 2235 | Huffman encoded: 2236 6402 | d. 2237 | Decoded: 2238 | 302 2239 | -> :status: 302 2240 58 | == Literal indexed == 2241 | Indexed name (idx = 24) 2242 | cache-control 2243 85 | Literal value (len = 5) 2244 | Huffman encoded: 2245 aec3 771a 4b | ..w.K 2246 | Decoded: 2247 | private 2248 | -> cache-control: private 2249 61 | == Literal indexed == 2250 | Indexed name (idx = 33) 2251 | date 2252 96 | Literal value (len = 22) 2253 | Huffman encoded: 2254 d07a be94 1054 d444 a820 0595 040b 8166 | .z...T.D. .....f 2255 e082 a62d 1bff | ...-.. 2256 | Decoded: 2257 | Mon, 21 Oct 2013 20:13:21 \ 2258 | GMT 2259 | -> date: Mon, 21 Oct 2013 \ 2260 | 20:13:21 GMT 2261 6e | == Literal indexed == 2262 | Indexed name (idx = 46) 2263 | location 2264 91 | Literal value (len = 17) 2265 | Huffman encoded: 2266 9d29 ad17 1863 c78f 0b97 c8e9 ae82 ae43 | .)...c.........C 2267 d3 | . 2268 | Decoded: 2269 | https://www.example.com 2270 | -> location: https://www.e\ 2271 | xample.com 2273 Dynamic Table (after decoding): 2275 [ 1] (s = 63) location: https://www.example.com 2276 [ 2] (s = 65) date: Mon, 21 Oct 2013 20:13:21 GMT 2277 [ 3] (s = 52) cache-control: private 2278 [ 4] (s = 42) :status: 302 2279 Table size: 222 2281 Decoded header list: 2283 :status: 302 2284 cache-control: private 2285 date: Mon, 21 Oct 2013 20:13:21 GMT 2286 location: https://www.example.com 2288 C.6.2. Second Response 2290 The (":status", "302") header field is evicted from the dynamic table 2291 to free space to allow adding the (":status", "307") header field. 2293 Header list to encode: 2295 :status: 307 2296 cache-control: private 2297 date: Mon, 21 Oct 2013 20:13:21 GMT 2298 location: https://www.example.com 2300 Hex dump of encoded data: 2302 4883 640e ffc1 c0bf | H.d..... 2304 Decoding process: 2306 48 | == Literal indexed == 2307 | Indexed name (idx = 8) 2308 | :status 2309 83 | Literal value (len = 3) 2310 | Huffman encoded: 2311 640e ff | d.. 2312 | Decoded: 2313 | 307 2314 | - evict: :status: 302 2315 | -> :status: 307 2316 c1 | == Indexed - Add == 2317 | idx = 65 2318 | -> cache-control: private 2319 c0 | == Indexed - Add == 2320 | idx = 64 2321 | -> date: Mon, 21 Oct 2013 \ 2322 | 20:13:21 GMT 2323 bf | == Indexed - Add == 2324 | idx = 63 2325 | -> location: https://www.e\ 2326 | xample.com 2328 Dynamic Table (after decoding): 2330 [ 1] (s = 42) :status: 307 2331 [ 2] (s = 63) location: https://www.example.com 2332 [ 3] (s = 65) date: Mon, 21 Oct 2013 20:13:21 GMT 2333 [ 4] (s = 52) cache-control: private 2334 Table size: 222 2336 Decoded header list: 2338 :status: 307 2339 cache-control: private 2340 date: Mon, 21 Oct 2013 20:13:21 GMT 2341 location: https://www.example.com 2343 C.6.3. Third Response 2345 Several header fields are evicted from the dynamic table during the 2346 processing of this header list. 2348 Header list to encode: 2350 :status: 200 2351 cache-control: private 2352 date: Mon, 21 Oct 2013 20:13:22 GMT 2353 location: https://www.example.com 2354 content-encoding: gzip 2355 set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1 2357 Hex dump of encoded data: 2359 88c1 6196 d07a be94 1054 d444 a820 0595 | ..a..z...T.D. .. 2360 040b 8166 e084 a62d 1bff c05a 839b d9ab | ...f...-...Z.... 2361 77ad 94e7 821d d7f2 e6c7 b335 dfdf cd5b | w..........5...[ 2362 3960 d5af 2708 7f36 72c1 ab27 0fb5 291f | 9`..'..6r..'..). 2363 9587 3160 65c0 03ed 4ee5 b106 3d50 07 | ..1`e...N...=P. 2365 Decoding process: 2367 88 | == Indexed - Add == 2368 | idx = 8 2369 | -> :status: 200 2370 c1 | == Indexed - Add == 2371 | idx = 65 2372 | -> cache-control: private 2373 61 | == Literal indexed == 2374 | Indexed name (idx = 33) 2375 | date 2376 96 | Literal value (len = 22) 2377 | Huffman encoded: 2378 d07a be94 1054 d444 a820 0595 040b 8166 | .z...T.D. .....f 2379 e084 a62d 1bff | ...-.. 2380 | Decoded: 2381 | Mon, 21 Oct 2013 20:13:22 \ 2382 | GMT 2383 | - evict: cache-control: pr\ 2384 | ivate 2385 | -> date: Mon, 21 Oct 2013 \ 2386 | 20:13:22 GMT 2387 c0 | == Indexed - Add == 2388 | idx = 64 2389 | -> location: https://www.e\ 2390 | xample.com 2391 5a | == Literal indexed == 2392 | Indexed name (idx = 26) 2393 | content-encoding 2394 83 | Literal value (len = 3) 2395 | Huffman encoded: 2397 9bd9 ab | ... 2398 | Decoded: 2399 | gzip 2400 | - evict: date: Mon, 21 Oct\ 2401 | 2013 20:13:21 GMT 2402 | -> content-encoding: gzip 2403 77 | == Literal indexed == 2404 | Indexed name (idx = 55) 2405 | set-cookie 2406 ad | Literal value (len = 45) 2407 | Huffman encoded: 2408 94e7 821d d7f2 e6c7 b335 dfdf cd5b 3960 | .........5...[9` 2409 d5af 2708 7f36 72c1 ab27 0fb5 291f 9587 | ..'..6r..'..)... 2410 3160 65c0 03ed 4ee5 b106 3d50 07 | 1`e...N...=P. 2411 | Decoded: 2412 | foo=ASDJKHQKBZXOQWEOPIUAXQ\ 2413 | WEOIU; max-age=3600; versi\ 2414 | on=1 2415 | - evict: location: https:/\ 2416 | /www.example.com 2417 | - evict: :status: 307 2418 | -> set-cookie: foo=ASDJKHQ\ 2419 | KBZXOQWEOPIUAXQWEOIU; ma\ 2420 | x-age=3600; version=1 2422 Dynamic Table (after decoding): 2424 [ 1] (s = 98) set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age\ 2425 =3600; version=1 2426 [ 2] (s = 52) content-encoding: gzip 2427 [ 3] (s = 65) date: Mon, 21 Oct 2013 20:13:22 GMT 2428 Table size: 215 2430 Decoded header list: 2432 :status: 200 2433 cache-control: private 2434 date: Mon, 21 Oct 2013 20:13:22 GMT 2435 location: https://www.example.com 2436 content-encoding: gzip 2437 set-cookie: foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1 2439 Appendix D. Change Log (to be removed by RFC Editor before publication) 2440 D.1. Since draft-ietf-httpbis-header-compression-10 2442 o Editorial corrections for taking into account IETF LC comments. 2444 * Added links to security sections. 2446 * Made spec more independent of HTTP/2. 2448 * Expanded security section about never indexed literal usage. 2450 o Removed most usages of 'name-value pair' instead of header field. 2452 o Changed 'header table' to 'header field table'. 2454 D.2. Since draft-ietf-httpbis-header-compression-09 2456 o Renamed header table to dynamic table. 2458 o Updated integer representation. 2460 o Editorial corrections. 2462 D.3. Since draft-ietf-httpbis-header-compression-08 2464 o Removed the reference set. 2466 o Removed header emission. 2468 o Explicit handling of several SETTINGS_HEADER_TABLE_SIZE parameter 2469 changes. 2471 o Changed header set to header list, and forced ordering. 2473 o Updated examples. 2475 o Exchanged header and static table positions. 2477 D.4. Since draft-ietf-httpbis-header-compression-07 2479 o Removed old text on index value of 0. 2481 o Added clarification for signalling of maximum table size after a 2482 SETTINGS_HEADER_TABLE_SIZE update. 2484 o Rewrote security considerations. 2486 o Many editorial clarifications or improvements. 2488 o Added convention section. 2490 o Reworked document's outline. 2492 o Updated static table. Entry 16 has now "gzip, deflate" for value. 2494 o Updated Huffman table, using data set provided by Google. 2496 D.5. Since draft-ietf-httpbis-header-compression-06 2498 o Updated format to include literal headers that must never be 2499 compressed. 2501 o Updated security considerations. 2503 o Moved integer encoding examples to the appendix. 2505 o Updated Huffman table. 2507 o Updated static header table (adding and removing status values). 2509 o Updated examples. 2511 D.6. Since draft-ietf-httpbis-header-compression-05 2513 o Regenerated examples. 2515 o Only one Huffman table for requests and responses. 2517 o Added maximum size for dynamic table, independent of 2518 SETTINGS_HEADER_TABLE_SIZE. 2520 o Added pseudo-code for integer decoding. 2522 o Improved examples (removing unnecessary removals). 2524 D.7. Since draft-ietf-httpbis-header-compression-04 2526 o Updated examples: take into account changes in the spec, and show 2527 more features. 2529 o Use 'octet' everywhere instead of having both 'byte' and 'octet'. 2531 o Added reference set emptying. 2533 o Editorial changes and clarifications. 2535 o Added "host" header to the static table. 2537 o Ordering for list of values (either NULL- or comma-separated). 2539 D.8. Since draft-ietf-httpbis-header-compression-03 2541 o A large number of editorial changes; changed the description of 2542 evicting/adding new entries. 2544 o Removed substitution indexing 2546 o Changed 'initial headers' to 'static headers', as per issue #258 2548 o Merged 'request' and 'response' static headers, as per issue #259 2550 o Changed text to indicate that new headers are added at index 0 and 2551 expire from the largest index, as per issue #233 2553 D.9. Since draft-ietf-httpbis-header-compression-02 2555 o Corrected error in integer encoding pseudocode. 2557 D.10. Since draft-ietf-httpbis-header-compression-01 2559 o Refactored of Header Encoding Section: split definitions and 2560 processing rule. 2562 o Backward incompatible change: Updated reference set management as 2563 per issue #214. This changes how the interaction between the 2564 reference set and eviction works. This also changes the working 2565 of the reference set in some specific cases. 2567 o Backward incompatible change: modified initial header list, as per 2568 issue #188. 2570 o Added example of 32 octets entry structure (issue #191). 2572 o Added Header Set Completion section. Reflowed some text. 2573 Clarified some writing which was akward. Added text about 2574 duplicate header entry encoding. Clarified some language w.r.t 2575 Header Set. Changed x-my-header to mynewheader. Added text in 2576 the HeaderEmission section indicating that the application may 2577 also be able to free up memory more quickly. Added information in 2578 Security Considerations section. 2580 D.11. Since draft-ietf-httpbis-header-compression-00 2582 Fixed bug/omission in integer representation algorithm. 2584 Changed the document title. 2586 Header matching text rewritten. 2588 Changed the definition of header emission. 2590 Changed the name of the setting which dictates how much memory the 2591 compression context should use. 2593 Removed "specific use cases" section 2595 Corrected erroneous statement about what index can be contained in 2596 one octet 2598 Added descriptions of opcodes 2600 Removed security claims from introduction. 2602 Authors' Addresses 2604 Roberto Peon 2605 Google, Inc 2607 EMail: fenix@google.com 2609 Herve Ruellan 2610 Canon CRF 2612 EMail: herve.ruellan@crf.canon.fr