idnits 2.17.1 draft-ietf-httpbis-tunnel-protocol-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 18, 2014) is 3538 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force A. Hutton 3 Internet-Draft Unify 4 Intended status: Standards Track J. Uberti 5 Expires: February 19, 2015 Google 6 M. Thomson 7 Mozilla 8 August 18, 2014 10 The Tunnel-Protocol HTTP Request Header Field 11 draft-ietf-httpbis-tunnel-protocol-00 13 Abstract 15 This specification allows HTTP CONNECT requests to indicate what 16 protocol will be used within the tunnel once established, using the 17 Tunnel-Protocol request header field. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on February 19, 2015. 36 Copyright Notice 38 Copyright (c) 2014 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 55 2. The Tunnel-Protocol HTTP Request Header Field . . . . . . . . 2 56 2.1. Header Field Values . . . . . . . . . . . . . . . . . . . 3 57 2.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 59 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 60 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 5.1. Normative References . . . . . . . . . . . . . . . . . . 4 62 5.2. Informative References . . . . . . . . . . . . . . . . . 4 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 65 1. Introduction 67 The HTTP CONNECT method (Section 4.3.6 of [RFC7231]) requests that 68 the recipient establish a tunnel to the identified origin server and 69 thereafter forward packets, in both directions, until the tunnel is 70 closed. Such tunnels are commonly used to create end-to-end virtual 71 connections, through one or more proxies, which may then be secured 72 using TLS (Transport Layer Security, [RFC5246]). 74 The HTTP Tunnel-Protocol header field identifies the protocol that 75 will be spoken within the tunnel, using the application layer next 76 protocol identifier [RFC7301] specified for TLS [RFC5246]". 78 When CONNECT is used to establish a TLS tunnel, the Tunnel-Protocol 79 header field may be used to carry the same next protocol label as was 80 carried within the TLS handshake. However, the HTTP-Protocol is an 81 indication rather a negotiation since HTTP proxies do not implement 82 the tunneled protocol. 84 1.1. Requirements Language 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 88 document are to be interpreted as described in RFC 2119 [RFC2119]. 90 2. The Tunnel-Protocol HTTP Request Header Field 92 Clients include the Tunnel-Protocol Request Header field in a HTTP 93 Connect request to indicate the application layer protocol used 94 within the tunnel. 96 2.1. Header Field Values 98 Valid values for the protocol field are taken from the registry 99 established in [RFC7301]. 101 2.2. Syntax 103 The ABNF (Augmented Backus-Naur Form) syntax for the Tunnel-Protocol 104 header field is given below. It is based on the Generic Grammar 105 defined in Section 2 of [RFC7230]. 107 Tunnel-Protocol = "Tunnel-Protocol":" protocol-id 109 protocol-id = token ; percent-encoded ALPN protocol identifier 111 ALPN protocol names are octet sequences with no additional 112 constraints on format. Octets not allowed in tokens ([RFC7230], 113 Section 3.2.6) must be percent-encoded as per Section 2.1 of 114 [RFC3986]. Consequently, the octet representing the percent 115 character "%" (hex 25) must be percent-encoded as well. 117 In order to have precisely one way to represent any ALPN protocol 118 name, the following additional constraints apply: 120 o Octets in the ALPN protocol must not be percent-encoded if they 121 are valid token characters except "%", and 123 o When using percent-encoding, uppercase hex digits must be used. 125 With these constraints, recipients can apply simple string comparison 126 to match protocol identifiers. 128 For example: 130 CONNECT turn_server.example.com:5349 HTTP/1.1 131 Host: turn_server.example.com:5349 132 Tunnel-Protocol: turn 134 3. IANA Considerations 136 To Be Added 138 4. Security Considerations 140 In case of using HTTP CONNECT to a TURN server the security 141 consideration of [RFC7231], Section-4.3.6] apply. It states that 142 there "are significant risks in establishing a tunnel to arbitrary 143 servers, particularly when the destination is a well-known or 144 reserved TCP port that is not intended for Web traffic. Proxies that 145 support CONNECT SHOULD restrict its use to a limited set of known 146 ports or a configurable whitelist of safe request targets." 148 The Tunnel-Protocol request header field described in this document 149 is an optional header and HTTP Proxies may of course not support the 150 header and therefore ignore it. If the header is not present or 151 ignored then the proxy has no explicit indication as to the purpose 152 of the tunnel on which to provide consent, this is the generic case 153 that exists without the Tunnel-Protocol header. 155 5. References 157 5.1. Normative References 159 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 160 Requirement Levels", BCP 14, RFC 2119, March 1997. 162 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 163 Resource Identifier (URI): Generic Syntax", STD 66, RFC 164 3986, January 2005. 166 [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 167 (HTTP/1.1): Message Syntax and Routing", RFC 7230, June 168 2014. 170 [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 171 (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. 173 [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, 174 "Transport Layer Security (TLS) Application-Layer Protocol 175 Negotiation Extension", RFC 7301, July 2014. 177 5.2. Informative References 179 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 180 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 182 Authors' Addresses 184 Andrew Hutton 185 Unify 186 Technology Drive 187 Nottingham NG9 1LA 188 UK 190 Email: andrew.hutton@unify.com 191 Justin Uberti 192 Google 193 747 6th Ave S 194 Kirkland, WA 98033 195 US 197 Email: justin@uberti.name 199 Martin Thomson 200 Mozilla 201 331 E Evelyn Street 202 Mountain View, CA 94041 203 US 205 Email: martin.thomson@gmail.com