idnits 2.17.1 

draft-ietf-httpbis-tunnel-protocol-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The abstract seems to contain references ([2], [3], [4], [1]), which it
     shouldn't.  Please replace those with straight textual mentions of the
     documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (January 19, 2015) is 3378 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: '1' on line 216

  -- Looks like a reference, but probably isn't: '2' on line 24

  -- Looks like a reference, but probably isn't: '3' on line 24

  -- Looks like a reference, but probably isn't: '4' on line 25

  -- Looks like a reference, but probably isn't: '5' on line 151

  ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112)

  ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110)

  -- Obsolete informational reference (is this intentional?): RFC 5246
     (Obsoleted by RFC 8446)


     Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	HTTPbis Working Group                                          A. Hutton
3	Internet-Draft                                                     Unify
4	Intended status: Standards Track                               J. Uberti
5	Expires: July 23, 2015                                            Google
6	                                                              M. Thomson
7	                                                                 Mozilla
8	                                                        January 19, 2015

10	             The Tunnel-Protocol HTTP Request Header Field
11	                 draft-ietf-httpbis-tunnel-protocol-01

13	Abstract

15	   This specification allows HTTP CONNECT requests to indicate what
16	   protocol will be used within the tunnel once established, using the
17	   Tunnel-Protocol request header field.

19	Editorial Note (To be removed by RFC Editor)

21	   Discussion of this draft takes place on the HTTPBIS working group
22	   mailing list (ietf-http-wg@w3.org), which is archived at [1].

24	   Working Group information can be found at [2] and [3]; source code
25	   and issues list for this draft can be found at [4].

27	Status of This Memo

29	   This Internet-Draft is submitted in full conformance with the
30	   provisions of BCP 78 and BCP 79.

32	   Internet-Drafts are working documents of the Internet Engineering
33	   Task Force (IETF).  Note that other groups may also distribute
34	   working documents as Internet-Drafts.  The list of current Internet-
35	   Drafts is at http://datatracker.ietf.org/drafts/current/.

37	   Internet-Drafts are draft documents valid for a maximum of six months
38	   and may be updated, replaced, or obsoleted by other documents at any
39	   time.  It is inappropriate to use Internet-Drafts as reference
40	   material or to cite them other than as "work in progress."

42	   This Internet-Draft will expire on July 23, 2015.

44	Copyright Notice

46	   Copyright (c) 2015 IETF Trust and the persons identified as the
47	   document authors.  All rights reserved.

49	   This document is subject to BCP 78 and the IETF Trust's Legal
50	   Provisions Relating to IETF Documents
51	   (http://trustee.ietf.org/license-info) in effect on the date of
52	   publication of this document.  Please review these documents
53	   carefully, as they describe your rights and restrictions with respect
54	   to this document.  Code Components extracted from this document must
55	   include Simplified BSD License text as described in Section 4.e of
56	   the Trust Legal Provisions and are provided without warranty as
57	   described in the Simplified BSD License.

59	Table of Contents

61	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
62	     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
63	   2.  The Tunnel-Protocol HTTP Request Header Field . . . . . . . .   3
64	     2.1.  Header Field Values . . . . . . . . . . . . . . . . . . .   3
65	     2.2.  Syntax  . . . . . . . . . . . . . . . . . . . . . . . . .   3
66	   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
67	   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
68	   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
69	     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
70	     5.2.  Informative References  . . . . . . . . . . . . . . . . .   5
71	     5.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .   5

73	1.  Introduction

75	   The HTTP CONNECT method (Section 4.3.6 of [RFC7231]) requests that
76	   the recipient establish a tunnel to the identified origin server and
77	   thereafter forward packets, in both directions, until the tunnel is
78	   closed.  Such tunnels are commonly used to create end-to-end virtual
79	   connections, through one or more proxies, which may then be secured
80	   using TLS (Transport Layer Security, [RFC5246]).

82	   The HTTP Tunnel-Protocol header field identifies the protocol that
83	   will be spoken within the tunnel, using the application layer next
84	   protocol identifier [RFC7301] specified for TLS [RFC5246].

86	   When CONNECT is used to establish a TLS tunnel, the Tunnel-Protocol
87	   header field may be used to carry the same application protocol label
88	   as will be carried within the TLS handshake.  If there are multiple
89	   possible application protocols, all of those application protocols
90	   are indicated.

92	   The Tunnel-Protocol header field carries an indication only.  In TLS,
93	   the final choice of application protocol is made by the server.
94	   Proxies do not implement the tunneled protocol, though they might
95	   choose to make policy decisions based on the value of the header
96	   field.

98	1.1.  Requirements Language

100	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
101	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
102	   document are to be interpreted as described in RFC 2119 [RFC2119].

104	2.  The Tunnel-Protocol HTTP Request Header Field

106	   Clients include the `Tunnel-Protocol` Request Header field in an HTTP
107	   CONNECT request to indicate the application layer protocol will be
108	   used within the tunnel, or the set of protocols that might be used
109	   within the tunnel.

111	2.1.  Header Field Values

113	   Valid values for the protocol field are taken from the registry
114	   established in [RFC7301].

116	2.2.  Syntax

118	   The ABNF (Augmented Backus-Naur Form) syntax for the `Tunnel-
119	   Protocol` header field is given below.  It is based on the Generic
120	   Grammar defined in Section 2 of [RFC7230].

122	   Tunnel-Protocol = "Tunnel-Protocol":" 1#protocol-id
123	   protocol-id     = token ; percent-encoded ALPN protocol identifier

125	   ALPN protocol names are octet sequences with no additional
126	   constraints on format.  Octets not allowed in tokens ([RFC7230],
127	   Section 3.2.6) must be percent-encoded as per Section 2.1 of
128	   [RFC3986].  Consequently, the octet representing the percent
129	   character "%" (hex 25) must be percent-encoded as well.

131	   In order to have precisely one way to represent any ALPN protocol
132	   name, the following additional constraints apply:

134	   o  Octets in the ALPN protocol must not be percent-encoded if they
135	      are valid token characters except "%", and

137	   o  When using percent-encoding, uppercase hex digits must be used.

139	   With these constraints, recipients can apply simple string comparison
140	   to match protocol identifiers.

142	   For example:

144	     CONNECT www.example.com HTTP/1.1
145	     Host: www.example.com
146	     Tunnel-Protocol: h2, http%2F1.1

148	3.  IANA Considerations

150	   HTTP header fields are registered within the "Message Headers"
151	   registry maintained at [5].  This document defines and registers the
152	   `Tunnel-Protocol` header field, according to [RFC3864] as follows:

154	   Header Field Name:  Tunnel-Protocol

156	   Protocol:  http

158	   Status:  Standard

160	   Reference:  Section 2

162	   Change Controller:  IETF (iesg@ietf.org) - Internet Engineering Task
163	      Force

165	4.  Security Considerations

167	   In case of using HTTP CONNECT to a TURN server the security
168	   considerations of Section 4.3.6 of [RFC7231] apply.  It states that
169	   there "are significant risks in establishing a tunnel to arbitrary
170	   servers, particularly when the destination is a well-known or
171	   reserved TCP port that is not intended for Web traffic.  Proxies that
172	   support CONNECT SHOULD restrict its use to a limited set of known
173	   ports or a configurable whitelist of safe request targets."

175	   The `Tunnel-Protocol` request header field described in this document
176	   is an optional header.  Clients and HTTP Proxies could choose to not
177	   support the header and therefore fail to provide it, or ignore it
178	   when present.  If the header is not available or ignored, a proxy
179	   cannot identify the purpose of the tunnel and use this as input to
180	   any authorization decision regarding the tunnel.  This is
181	   indistinguishable from the case where either client or proxy does not
182	   support the `Tunnel-Protocol` header.

184	5.  References
185	5.1.  Normative References

187	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
188	              Requirement Levels", BCP 14, RFC 2119, March 1997.

190	   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
191	              Procedures for Message Header Fields", BCP 90, RFC 3864,
192	              September 2004.

194	   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
195	              Resource Identifier (URI): Generic Syntax", STD 66, RFC
196	              3986, January 2005.

198	   [RFC7230]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
199	              (HTTP/1.1): Message Syntax and Routing", RFC 7230, June
200	              2014.

202	   [RFC7231]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
203	              (HTTP/1.1): Semantics and Content", RFC 7231, June 2014.

205	   [RFC7301]  Friedl, S., Popov, A., Langley, A., and E. Stephan,
206	              "Transport Layer Security (TLS) Application-Layer Protocol
207	              Negotiation Extension", RFC 7301, July 2014.

209	5.2.  Informative References

211	   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
212	              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

214	5.3.  URIs

216	   [1] https://www.iana.org/assignments/message-headers

218	Authors' Addresses

220	   Andrew Hutton
221	   Unify
222	   Technology Drive
223	   Nottingham  NG9 1LA
224	   UK

226	   EMail: andrew.hutton@unify.com
227	   Justin Uberti
228	   Google
229	   747 6th Ave S
230	   Kirkland, WA  98033
231	   US

233	   EMail: justin@uberti.name

235	   Martin Thomson
236	   Mozilla
237	   331 E Evelyn Street
238	   Mountain View, CA  94041
239	   US

241	   EMail: martin.thomson@gmail.com