idnits 2.17.1 

draft-ietf-httpbis-header-structure-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
     being 4 characters in excess of 72.

  ** The abstract seems to contain references ([2], [3], [1]), which it
     shouldn't.  Please replace those with straight textual mentions of the
     documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (March 4, 2018) is 2245 days in the past.  Is this
     intentional?

  -- Found something which looks like a code comment -- if you have code
     sections in the document, please surround them with '<CODE BEGINS>' and
     '<CODE ENDS>' lines.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: '1' on line 807

  -- Looks like a reference, but probably isn't: '2' on line 809

  -- Looks like a reference, but probably isn't: '3' on line 811

  == Missing Reference: 'RFCxxxx' is mentioned on line 188, but not defined

  ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112)

  -- Obsolete informational reference (is this intentional?): RFC 7231
     (Obsoleted by RFC 9110)

  -- Obsolete informational reference (is this intentional?): RFC 7540
     (Obsoleted by RFC 9113)


     Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	HTTP                                                       M. Nottingham
3	Internet-Draft                                                    Fastly
4	Intended status: Standards Track                               P-H. Kamp
5	Expires: September 5, 2018                     The Varnish Cache Project
6	                                                           March 4, 2018

8	                      Structured Headers for HTTP
9	                 draft-ietf-httpbis-header-structure-04

11	Abstract

13	   This document describes a set of data types and parsing algorithms
14	   associated with them that are intended to make it easier and safer to
15	   define and handle HTTP header fields.  It is intended for use by new
16	   specifications of HTTP header fields as well as revisions of existing
17	   header field specifications when doing so does not cause
18	   interoperability issues.

20	Note to Readers

22	   _RFC EDITOR: please remove this section before publication_

24	   Discussion of this draft takes place on the HTTP working group
25	   mailing list (ietf-http-wg@w3.org), which is archived at
26	   https://lists.w3.org/Archives/Public/ietf-http-wg/ [1].

28	   Working Group information can be found at https://httpwg.github.io/
29	   [2]; source code and issues list for this draft can be found at
30	   https://github.com/httpwg/http-extensions/labels/header-structure
31	   [3].

33	Status of This Memo

35	   This Internet-Draft is submitted in full conformance with the
36	   provisions of BCP 78 and BCP 79.

38	   Internet-Drafts are working documents of the Internet Engineering
39	   Task Force (IETF).  Note that other groups may also distribute
40	   working documents as Internet-Drafts.  The list of current Internet-
41	   Drafts is at https://datatracker.ietf.org/drafts/current/.

43	   Internet-Drafts are draft documents valid for a maximum of six months
44	   and may be updated, replaced, or obsoleted by other documents at any
45	   time.  It is inappropriate to use Internet-Drafts as reference
46	   material or to cite them other than as "work in progress."

48	   This Internet-Draft will expire on September 5, 2018.

50	Copyright Notice

52	   Copyright (c) 2018 IETF Trust and the persons identified as the
53	   document authors.  All rights reserved.

55	   This document is subject to BCP 78 and the IETF Trust's Legal
56	   Provisions Relating to IETF Documents
57	   (https://trustee.ietf.org/license-info) in effect on the date of
58	   publication of this document.  Please review these documents
59	   carefully, as they describe your rights and restrictions with respect
60	   to this document.  Code Components extracted from this document must
61	   include Simplified BSD License text as described in Section 4.e of
62	   the Trust Legal Provisions and are provided without warranty as
63	   described in the Simplified BSD License.

65	Table of Contents

67	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
68	     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   4
69	   2.  Specifying Structured Headers . . . . . . . . . . . . . . . .   4
70	   3.  Parsing Text into Structured Headers  . . . . . . . . . . . .   5
71	   4.  Structured Header Data Types  . . . . . . . . . . . . . . . .   6
72	     4.1.  Dictionaries  . . . . . . . . . . . . . . . . . . . . . .   6
73	     4.2.  Lists . . . . . . . . . . . . . . . . . . . . . . . . . .   8
74	     4.3.  Parameterised Lists . . . . . . . . . . . . . . . . . . .   9
75	     4.4.  Items . . . . . . . . . . . . . . . . . . . . . . . . . .  11
76	     4.5.  Integers  . . . . . . . . . . . . . . . . . . . . . . . .  11
77	     4.6.  Floats  . . . . . . . . . . . . . . . . . . . . . . . . .  12
78	     4.7.  Strings . . . . . . . . . . . . . . . . . . . . . . . . .  13
79	     4.8.  Identifiers . . . . . . . . . . . . . . . . . . . . . . .  15
80	     4.9.  Binary Content  . . . . . . . . . . . . . . . . . . . . .  16
81	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  17
82	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  17
83	   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
84	     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  17
85	     7.2.  Informative References  . . . . . . . . . . . . . . . . .  18
86	     7.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .  18
87	   Appendix A.  Changes  . . . . . . . . . . . . . . . . . . . . . .  18
88	     A.1.  Since draft-ietf-httpbis-header-structure-03  . . . . . .  18
89	     A.2.  Since draft-ietf-httpbis-header-structure-02  . . . . . .  18
90	     A.3.  Since draft-ietf-httpbis-header-structure-01  . . . . . .  19
91	     A.4.  Since draft-ietf-httpbis-header-structure-00  . . . . . .  19
92	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19

94	1.  Introduction

96	   Specifying the syntax of new HTTP header fields is an onerous task;
97	   even with the guidance in [RFC7231], Section 8.3.1, there are many
98	   decisions - and pitfalls - for a prospective HTTP header field
99	   author.

101	   Once a header field is defined, bespoke parsers for it often need to
102	   be written, because each header has slightly different handling of
103	   what looks like common syntax.

105	   This document introduces structured HTTP header field values
106	   (hereafter, Structured Headers) to address these problems.
107	   Structured Headers define a generic, abstract model for header field
108	   values, along with a concrete serialisation for expressing that model
109	   in textual HTTP headers, as used by HTTP/1 [RFC7230] and HTTP/2
110	   [RFC7540].

112	   HTTP headers that are defined as Structured Headers use the types
113	   defined in this specification to define their syntax and basic
114	   handling rules, thereby simplifying both their definition and
115	   parsing.

117	   Additionally, future versions of HTTP can define alternative
118	   serialisations of the abstract model of Structured Headers, allowing
119	   headers that use it to be transmitted more efficiently without being
120	   redefined.

122	   Note that it is not a goal of this document to redefine the syntax of
123	   existing HTTP headers; the mechanisms described herein are only
124	   intended to be used with headers that explicitly opt into them.

126	   To specify a header field that uses Structured Headers, see
127	   Section 2.

129	   Section 4 defines a number of abstract data types that can be used in
130	   Structured Headers.  Dictionaries and lists are only usable at the
131	   "top" level, while the remaining types can be specified appear at the
132	   top level or inside those structures.

134	   Those abstract types can be serialised into textual headers - such as
135	   those used in HTTP/1 and HTTP/2 - using the algorithms described in
136	   Section 3.

138	1.1.  Notational Conventions

140	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
141	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
142	   "OPTIONAL" in this document are to be interpreted as described in BCP
143	   14 [RFC2119] [RFC8174] when, and only when, they appear in all
144	   capitals, as shown here.

146	   This document uses the Augmented Backus-Naur Form (ABNF) notation of
147	   [RFC5234], including the DIGIT, ALPHA and DQUOTE rules from that
148	   document.  It also includes the OWS rule from [RFC7230].

150	2.  Specifying Structured Headers

152	   A HTTP header that uses Structured Headers need to be defined to do
153	   so explicitly; recipients and generators need to know that the
154	   requirements of this document are in effect.  The simplest way to do
155	   that is by referencing this document in its definition.

157	   The field's definition will also need to specify the field-value's
158	   allowed syntax, in terms of the types described in Section 4, along
159	   with their associated semantics.

161	   A header field definition cannot relax or otherwise modify the
162	   requirements of this specification; doing so would preclude handling
163	   by generic software.

165	   However, header field authors are encouraged to clearly state
166	   additional constraints upon the syntax, as well as the consequences
167	   when those constraints are violated.  Such additional constraints
168	   could include additional structure (e.g., a list of URLs [RFC3986]
169	   inside a string) that cannot be expressed using the primitives
170	   defined here.

172	   For example:

174	# FooExample Header

176	The FooExample HTTP header field conveys a list of integers about how
177	much Foo the sender has.

179	FooExample is a Structured header [RFCxxxx]. Its value MUST be a
180	dictionary ([RFCxxxx], Section Y.Y).

182	The dictionary MUST contain:

184	* Exactly one member whose key is "foo", and whose value is an integer
185	  ([RFCxxxx], Section Y.Y), indicating the number of foos in
186	  the message.
187	* Exactly one member whose key is "barUrls", and whose value is a string
188	  ([RFCxxxx], Section Y.Y), conveying the Bar URLs for the message.
189	  See below for processing requirements.

191	If the parsed header field does not contain both, it MUST be ignored.

193	"foo" MUST be between 0 and 10, inclusive; other values MUST be ignored.

195	"barUrls" contains a space-separated list of URI-references ([RFC3986],
196	Section 4.1):

198	   barURLs = URI-reference *( 1*SP URI-reference )

200	If a member of barURLs is not a valid URI-reference, it MUST be ignored.

202	If a member of barURLs is a relative reference ([RFC3986], Section 4.2),
203	it MUST be resolved ([RFC3986], Section 5) before being used.

205	   Note that empty header field values are not allowed by the syntax,
206	   and therefore parsing for them will fail.

208	3.  Parsing Text into Structured Headers

210	   When a receiving implementation parses textual HTTP header fields
211	   (e.g., in HTTP/1 or HTTP/2) that are known to be Structured Headers,
212	   it is important that care be taken, as there are a number of edge
213	   cases that can cause interoperability or even security problems.
214	   This section specifies the algorithm for doing so.

216	   Given an ASCII string input_string that represents the chosen
217	   header's field-value, return the parsed header value.  When
218	   generating input_string, parsers MUST combine all instances of the
219	   target header field into one comma-separated field-value, as per
220	   [RFC7230], Section 3.2.2; this assures that the header is processed
221	   correctly.

223	   1.  Discard any leading OWS from input_string.

225	   2.  If the field-value is defined to be a dictionary, let output be
226	       the result of Parsing a Dictionary from Text (Section 4.1.1).

228	   3.  If the field-value is defined to be a list, let output be the
229	       result of Parsing a List from Text (Section 4.2.1).

231	   4.  If the field-value is defined to be a parameterised list, let
232	       output be the result of Parsing a Parameterised List from Text
233	       (Section 4.3.1).

235	   5.  Otherwise, let output be the result of Parsing an Item from Text
236	       (Section 4.4.1).

238	   6.  Discard any leading OWS from input_string.

240	   7.  If input_string is not empty, fail parsing.

242	   8.  Otherwise, return output.

244	   Note that in the case of lists, parameterised lists and dictionaries,
245	   this has the effect of coalescing all of the values for that field.
246	   However, for singular items, parsing will fail if more than instance
247	   of that header field is present.

249	   If parsing fails, the entire header field's value MUST be discarded.
250	   This is intentionally strict, to improve interoperability and safety,
251	   and specifications referencing this document MUST NOT loosen this
252	   requirement.

254	   Note that this has the effect of discarding any header field with
255	   non-ASCII characters in input_string.

257	4.  Structured Header Data Types

259	   This section defines the abstract value types that can be composed
260	   into Structured Headers, along with the textual HTTP serialisations
261	   of them.

263	4.1.  Dictionaries

265	   Dictionaries are unordered maps of key-value pairs, where the keys
266	   are identifiers (Section 4.8) and the values are items (Section 4.4).
267	   There can be between 1 and 1024 members, and keys are required to be
268	   unique.

270	   In the textual HTTP serialisation, keys and values are separated by
271	   "=" (without whitespace), and key/value pairs are separated by a
272	   comma with optional whitespace.  Duplicate keys MUST cause parsing to
273	   fail.

275	dictionary        = dictionary_member *1023( OWS "," OWS dictionary_member )
276	dictionary_member = identifier "=" item

278	   For example, a header field whose value is defined as a dictionary
279	   could look like:

281	   ExampleDictHeader: foo=1.23, en="Applepie", da=*w4ZibGV0w6ZydGUK

283	   Typically, a header field specification will define the semantics of
284	   individual keys, as well as whether their presence is required or
285	   optional.  Recipients MUST ignore keys that are undefined or unknown,
286	   unless the header field's specification specifically disallows them.

288	4.1.1.  Parsing a Dictionary from Text

290	   Given an ASCII string input_string, return a mapping of (identifier,
291	   item). input_string is modified to remove the parsed value.

293	   1.  Let dictionary be an empty, unordered mapping.

295	   2.  While input_string is not empty:

297	       1.   Let this_key be the result of running Parse Identifier from
298	            Text (Section 4.8.1) with input_string.

300	       2.   If dictionary already contains this_key, fail parsing.

302	       3.   Consume a "=" from input_string; if none is present, fail
303	            parsing.

305	       4.   Let this_value be the result of running Parse Item from Text
306	            (Section 4.4.1) with input_string.

308	       5.   Add key this_key with value this_value to dictionary.

310	       6.   If dictionary has more than 1024 members, fail parsing.

312	       7.   Discard any leading OWS from input_string.

314	       8.   If input_string is empty, return dictionary.

316	       9.   Consume a COMMA from input_string; if no comma is present,
317	            fail parsing.

319	       10.  Discard any leading OWS from input_string.

321	       11.  If input_string is empty, fail parsing.

323	   3.  If dictionary is empty, fail parsing.

325	   4.  Return dictionary.

327	4.2.  Lists

329	   Lists are arrays of items (Section 4.4) with one to 1024 members.

331	   In the textual HTTP serialisation, each member is separated by a
332	   comma and optional whitespace.

334	   list = list_member 0*1023( OWS "," OWS list_member )
335	   list_member = item

337	   For example, a header field whose value is defined as a list of
338	   identifiers could look like:

340	   ExampleIdListHeader: foo, bar, baz_45

342	4.2.1.  Parsing a List from Text

344	   Given an ASCII string input_string, return a list of items.
345	   input_string is modified to remove the parsed value.

347	   1.  Let items be an empty array.

349	   2.  While input_string is not empty:

351	       1.  Let item be the result of running Parse Item from Text
352	           (Section 4.4.1) with input_string.

354	       2.  Append item to items.

356	       3.  If items has more than 1024 members, fail parsing.

358	       4.  Discard any leading OWS from input_string.

360	       5.  If input_string is empty, return items.

362	       6.  Consume a COMMA from input_string; if no comma is present,
363	           fail parsing.

365	       7.  Discard any leading OWS from input_string.

367	       8.  If input_string is empty, fail parsing.

369	   3.  If items is empty, fail parsing.

371	   4.  Return items.

373	4.3.  Parameterised Lists

375	   Parameterised Lists are arrays of a parameterised identifiers with 1
376	   to 256 members.

378	   A parameterised identifier is an identifier (Section 4.8) with up to
379	   256 parameters, each parameter having a identifier and an optional
380	   value that is an item (Section 4.4).  Ordering between parameters is
381	   not significant, and duplicate parameters MUST cause parsing to fail.

383	   In the textual HTTP serialisation, each parameterised identifier is
384	   separated by a comma and optional whitespace.  Parameters are
385	   delimited from each other using semicolons (";"), and equals ("=")
386	   delimits the parameter name from its value.

388	   param_list = param_id 0*255( OWS "," OWS param_id )
389	   param_id   = identifier 0*256( OWS ";" OWS identifier [ "=" item ] )

391	   For example,

393	   ExampleParamListHeader: abc_123;a=1;b=2; c, def_456, ghi;q="19";r=foo

395	4.3.1.  Parsing a Parameterised List from Text

397	   Given an ASCII string input_string, return a list of parameterised
398	   identifiers. input_string is modified to remove the parsed value.

400	   1.  Let items be an empty array.

402	   2.  While input_string is not empty:

404	       1.  Let item be the result of running Parse Parameterised
405	           Identifier from Text (Section 4.3.2) with input_string.

407	       2.  Append item to items.

409	       3.  If items has more than 256 members, fail parsing.

411	       4.  Discard any leading OWS from input_string.

413	       5.  If input_string is empty, return items.

415	       6.  Consume a COMMA from input_string; if no comma is present,
416	           fail parsing.

418	       7.  Discard any leading OWS from input_string.

420	       8.  If input_string is empty, fail parsing.

422	   3.  If items is empty, fail parsing.

424	   4.  Return items.

426	4.3.2.  Parsing a Parameterised Identifier from Text

428	   Given an ASCII string input_string, return a identifier with an
429	   mapping of parameters. input_string is modified to remove the parsed
430	   value.

432	   1.  Let primary_identifier be the result of Parsing a Identifier from
433	       Text (Section 4.8.1) from input_string.

435	   2.  Let parameters be an empty, unordered mapping.

437	   3.  In a loop:

439	       1.   Discard any leading OWS from input_string.

441	       2.   If the first character of input_string is not ";", exit the
442	            loop.

444	       3.   Consume a ";" character from the beginning of input_string.

446	       4.   Discard any leading OWS from input_string.

448	       5.   let param_name be the result of Parsing a Identifier from
449	            Text (Section 4.8.1) from input_string.

451	       6.   If param_name is already present in parameters, fail
452	            parsing.

454	       7.   Let param_value be a null value.

456	       8.   If the first character of input_string is "=":

458	            1.  Consume the "=" character at the beginning of
459	                input_string.

461	            2.  Let param_value be the result of Parsing an Item from
462	                Text (Section 4.4.1) from input_string.

464	       9.   If parameters has more than 255 members, fail parsing.

466	       10.  Add param_name to parameters with the value param_value.

468	   4.  Return the tuple (primary_identifier, parameters).

470	4.4.  Items

472	   An item is can be a integer (Section 4.5), float (Section 4.6),
473	   string (Section 4.7), identifier (Section 4.8) or binary content
474	   (Section 4.9).

476	   item = integer / float / string / identifier / binary

478	4.4.1.  Parsing an Item from Text

480	   Given an ASCII string input_string, return an item. input_string is
481	   modified to remove the parsed value.

483	   1.  Discard any leading OWS from input_string.

485	   2.  If the first character of input_string is a "-" or a DIGIT,
486	       process input_string as a number (Section 4.5.1) and return the
487	       result.

489	   3.  If the first character of input_string is a DQUOTE, process
490	       input_string as a string (Section 4.7.1) and return the result.

492	   4.  If the first character of input_string is "*", process
493	       input_string as binary content (Section 4.9.1) and return the
494	       result.

496	   5.  If the first character of input_string is an lcalpha, process
497	       input_string as a identifier (Section 4.8.1) and return the
498	       result.

500	   6.  Otherwise, fail parsing.

502	4.5.  Integers

504	   Abstractly, integers have a range of -9,223,372,036,854,775,808 to
505	   9,223,372,036,854,775,807 inclusive (i.e., a 64-bit signed integer).

507	   integer   = ["-"] 1*19DIGIT

509	   Parsers that encounter an integer outside the range defined above
510	   MUST fail parsing.  Therefore, the value "9223372036854775808" would
511	   be invalid.  Likewise, values that do not conform to the ABNF above
512	   are invalid, and MUST fail parsing.

514	   For example, a header whose value is defined as a integer could look
515	   like:

517	   ExampleIntegerHeader: 42

519	4.5.1.  Parsing a Number from Text

521	   NOTE: This algorithm parses both Integers and Floats Section 4.6, and
522	   returns the corresponding structure.

524	   1.  If the first character of input_string is not "-" or a DIGIT,
525	       fail parsing.

527	   2.  Let input_number be the result of consuming input_string up to
528	       (but not including) the first character that is not in DIGIT,
529	       "-", and ".".

531	   3.  If input_number contains ".", parse it as a floating point number
532	       and let output_number be the result.

534	   4.  Otherwise, parse input_number as an integer and let output_number
535	       be the result.

537	   5.  Return output_number.

539	4.6.  Floats

541	   Abstractly, floats are integers with a fractional part.  They have a
542	   maximum of fifteen digits available to be used in both of the parts,
543	   as reflected in the ABNF below; this allows them to be stored as IEEE
544	   754 double precision numbers (binary64) ([IEEE754]).

546	   The textual HTTP serialisation of floats allows a maximum of fifteen
547	   digits between the integer and fractional part, with at least one
548	   required on each side, along with an optional "-" indicating negative
549	   numbers.

551	   float    = ["-"] (
552	                DIGIT "." 1*14DIGIT /
553	               2DIGIT "." 1*13DIGIT /
554	               3DIGIT "." 1*12DIGIT /
555	               4DIGIT "." 1*11DIGIT /
556	               5DIGIT "." 1*10DIGIT /
557	               6DIGIT "." 1*9DIGIT /
558	               7DIGIT "." 1*8DIGIT /
559	               8DIGIT "." 1*7DIGIT /
560	               9DIGIT "." 1*6DIGIT /
561	              10DIGIT "." 1*5DIGIT /
562	              11DIGIT "." 1*4DIGIT /
563	              12DIGIT "." 1*3DIGIT /
564	              13DIGIT "." 1*2DIGIT /
565	              14DIGIT "." 1DIGIT )

567	   Values that do not conform to the ABNF above are invalid, and MUST
568	   fail parsing.

570	   For example, a header whose value is defined as a float could look
571	   like:

573	   ExampleFloatHeader: 4.5

575	   See Section 4.5.1 for the parsing algorithm for floats.

577	4.7.  Strings

579	   Abstractly, strings are up to 1024 printable ASCII [RFC0020]
580	   characters (i.e., the range 0x20 to 0x7E).  Note that this excludes
581	   tabs, newlines and carriage returns.

583	   The textual HTTP serialisation of strings uses a backslash ("\") to
584	   escape double quotes and backslashes in strings.

586	   string    = DQUOTE 0*1024(char) DQUOTE
587	   char      = unescaped / escape ( DQUOTE / "\" )
588	   unescaped = %x20-21 / %x23-5B / %x5D-7E
589	   escape    = "\"

591	   For example, a header whose value is defined as a string could look
592	   like:

594	   ExampleStringHeader: "hello world"

596	   Note that strings only use DQUOTE as a delimiter; single quotes do
597	   not delimit strings.  Furthermore, only DQUOTE and "\" can be
598	   escaped; other sequences MUST cause parsing to fail.

600	   Unicode is not directly supported in Structured Headers, because it
601	   causes a number of interoperability issues, and - with few exceptions
602	   - header values do not require it.

604	   When it is necessary for a field value to convey non-ASCII string
605	   content, binary content (Section 4.9) SHOULD be specified, along with
606	   a character encoding (preferably, UTF-8).

608	4.7.1.  Parsing a String from Text

610	   Given an ASCII string input_string, return an unquoted string.
611	   input_string is modified to remove the parsed value.

613	   1.  Let output_string be an empty string.

615	   2.  If the first character of input_string is not DQUOTE, fail
616	       parsing.

618	   3.  Discard the first character of input_string.

620	   4.  While input_string is not empty:

622	       1.  Let char be the result of removing the first character of
623	           input_string.

625	       2.  If char is a backslash ("\"):

627	           1.  If input_string is now empty, fail parsing.

629	           2.  Else:

631	               1.  Let next_char be the result of removing the first
632	                   character of input_string.

634	               2.  If next_char is not DQUOTE or "\", fail parsing.

636	               3.  Append next_char to output_string.

638	       3.  Else, if char is DQUOTE, return output_string.

640	       4.  Else, append char to output_string.

642	       5.  If output_string contains more than 1024 characters, fail
643	           parsing.

645	   5.  Otherwise, fail parsing.

647	4.8.  Identifiers

649	   Identifiers are short (up to 256 characters) textual identifiers;
650	   their abstract model is identical to their expression in the textual
651	   HTTP serialisation.

653	   identifier = lcalpha *255( lcalpha / DIGIT / "_" / "-"/ "*" / "/" )
654	   lcalpha    = %x61-7A ; a-z

656	   Note that identifiers can only contain lowercase letters.

658	   For example, a header whose value is defined as a identifier could
659	   look like:

661	   ExampleIdHeader: foo/bar

663	4.8.1.  Parsing a Identifier from Text

665	   Given an ASCII string input_string, return a identifier. input_string
666	   is modified to remove the parsed value.

668	   1.  If the first character of input_string is not lcalpha, fail
669	       parsing.

671	   2.  Let output_string be an empty string.

673	   3.  While input_string is not empty:

675	       1.  Let char be the result of removing the first character of
676	           input_string.

678	       2.  If char is not one of lcalpha, DIGIT, "_", "-", "*" or "/":

680	           1.  Prepend char to input_string.

682	           2.  Return output_string.

684	       3.  Append char to output_string.

686	       4.  If output_string contains more than 256 characters, fail
687	           parsing.

689	   4.  Return output_string.

691	4.9.  Binary Content

693	   Arbitrary binary content up to 16384 bytes in size can be conveyed in
694	   Structured Headers.

696	   The textual HTTP serialisation encodes the data using Base 64
697	   Encoding [RFC4648], Section 4, and surrounds it with a pair of
698	   asterisks ("*") to delimit from other content.

700	   The encoded data is required to be padded with "=", as per [RFC4648],
701	   Section 3.2.  It is RECOMMENDED that parsers reject encoded data that
702	   is not properly padded, although this might not be possible with some
703	   base64 implementations.

705	   Likewise, encoded data is required to have pad bits set to zero, as
706	   per [RFC4648], Section 3.5.  It is RECOMMENDED that parsers fail on
707	   encoded data that has non-zero pad bits, although this might not be
708	   possible with some base64 implementations.

710	   This specification does not relax the requirements in [RFC4648],
711	   Section 3.1 and 3.3; therefore, parsers MUST fail on characters
712	   outside the base64 alphabet, and on line feeds in encoded data.

714	   binary = "*" 0*21846(base64) "*"
715	   base64 = ALPHA / DIGIT / "+" / "/" / "="

717	   For example, a header whose value is defined as binary content could
718	   look like:

720	   ExampleBinaryHeader: *cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg*

722	4.9.1.  Parsing Binary Content from Text

724	   Given an ASCII string input_string, return binary content.
725	   input_string is modified to remove the parsed value.

727	   1.  If the first character of input_string is not "*", fail parsing.

729	   2.  Discard the first character of input_string.

731	   3.  Let b64_content be the result of removing content of input_string
732	       up to but not including the first instance of the character "*".
733	       If there is not a "*" character before the end of input_string,
734	       fail parsing.

736	   4.  Consume the "*" character at the beginning of input_string.

738	   5.  If b64_content is has more than 21846 characters, fail parsing.

740	   6.  Let binary_content be the result of Base 64 Decoding [RFC4648]
741	       b64_content, synthesising padding if necessary (note the
742	       requirements about recipient behaviour in Section 4.9).

744	   7.  Return binary_content.

746	5.  IANA Considerations

748	   This draft has no actions for IANA.

750	6.  Security Considerations

752	   TBD

754	7.  References

756	7.1.  Normative References

758	   [RFC0020]  Cerf, V., "ASCII format for network interchange", STD 80,
759	              RFC 20, DOI 10.17487/RFC0020, October 1969,
760	              <https://www.rfc-editor.org/info/rfc20>.

762	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
763	              Requirement Levels", BCP 14, RFC 2119,
764	              DOI 10.17487/RFC2119, March 1997,
765	              <https://www.rfc-editor.org/info/rfc2119>.

767	   [RFC4648]  Josefsson, S., "The Base16, Base32, and Base64 Data
768	              Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
769	              <https://www.rfc-editor.org/info/rfc4648>.

771	   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
772	              Specifications: ABNF", STD 68, RFC 5234,
773	              DOI 10.17487/RFC5234, January 2008,
774	              <https://www.rfc-editor.org/info/rfc5234>.

776	   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
777	              Protocol (HTTP/1.1): Message Syntax and Routing",
778	              RFC 7230, DOI 10.17487/RFC7230, June 2014,
779	              <https://www.rfc-editor.org/info/rfc7230>.

781	   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
782	              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
783	              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

785	7.2.  Informative References

787	   [IEEE754]  IEEE, "IEEE Standard for Floating-Point Arithmetic", 2008,
788	              <http://grouper.ieee.org/groups/754/>.

790	   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
791	              Resource Identifier (URI): Generic Syntax", STD 66,
792	              RFC 3986, DOI 10.17487/RFC3986, January 2005,
793	              <https://www.rfc-editor.org/info/rfc3986>.

795	   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
796	              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
797	              DOI 10.17487/RFC7231, June 2014,
798	              <https://www.rfc-editor.org/info/rfc7231>.

800	   [RFC7540]  Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
801	              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
802	              DOI 10.17487/RFC7540, May 2015,
803	              <https://www.rfc-editor.org/info/rfc7540>.

805	7.3.  URIs

807	   [1] https://lists.w3.org/Archives/Public/ietf-http-wg/

809	   [2] https://httpwg.github.io/

811	   [3] https://github.com/httpwg/http-extensions/labels/header-structure

813	Appendix A.  Changes

815	A.1.  Since draft-ietf-httpbis-header-structure-03

817	   o  Strengthen language around failure handling.

819	A.2.  Since draft-ietf-httpbis-header-structure-02

821	   o  Split Numbers into Integers and Floats.

823	   o  Define number parsing.

825	   o  Tighten up binary parsing and give it an explicit end delimiter.

827	   o  Clarify that mappings are unordered.

829	   o  Allow zero-length strings.

831	   o  Improve string parsing algorithm.

833	   o  Improve limits in algorithms.

835	   o  Require parsers to combine header fields before processing.

837	   o  Throw an error on trailing garbage.

839	A.3.  Since draft-ietf-httpbis-header-structure-01

841	   o  Replaced with draft-nottingham-structured-headers.

843	A.4.  Since draft-ietf-httpbis-header-structure-00

845	   o  Added signed 64bit integer type.

847	   o  Drop UTF8, and settle on BCP137 ::EmbeddedUnicodeChar for h1-
848	      unicode-string.

850	   o  Change h1_blob delimiter to ":" since "'" is valid t_char

852	Authors' Addresses

854	   Mark Nottingham
855	   Fastly

857	   Email: mnot@mnot.net
858	   URI:   https://www.mnot.net/

860	   Poul-Henning Kamp
861	   The Varnish Cache Project

863	   Email: phk@varnish-cache.org