idnits 2.17.1 draft-ietf-quic-qpack-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: To bound the memory requirements of the decoder, the decoder limits the maximum value the encoder is permitted to set for the dynamic table capacity. In HTTP/3, this limit is determined by the value of SETTINGS_QPACK_MAX_TABLE_CAPACITY sent by the decoder; see Section 5. The encoder MUST not set a dynamic table capacity that exceeds this maximum, but it can choose to use a lower dynamic table capacity; see Section 4.3.1. -- The document date (22 January 2020) is 1549 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-34) exists of draft-ietf-quic-http-25 == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-25 -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 QUIC C. Krasic 3 Internet-Draft Netflix 4 Intended status: Standards Track M. Bishop 5 Expires: 25 July 2020 Akamai Technologies 6 A. Frindell, Ed. 7 Facebook 8 22 January 2020 10 QPACK: Header Compression for HTTP/3 11 draft-ietf-quic-qpack-12 13 Abstract 15 This specification defines QPACK, a compression format for 16 efficiently representing HTTP header fields, to be used in HTTP/3. 17 This is a variation of HPACK header compression that seeks to reduce 18 head-of-line blocking. 20 Note to Readers 22 Discussion of this draft takes place on the QUIC working group 23 mailing list (quic@ietf.org), which is archived at 24 https://mailarchive.ietf.org/arch/search/?email_list=quic 25 (https://mailarchive.ietf.org/arch/search/?email_list=quic). 27 Working Group information can be found at https://github.com/quicwg 28 (https://github.com/quicwg); source code and issues list for this 29 draft can be found at https://github.com/quicwg/base-drafts/labels/- 30 qpack (https://github.com/quicwg/base-drafts/labels/-qpack). 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at https://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on 25 July 2020. 49 Copyright Notice 51 Copyright (c) 2020 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 56 license-info) in effect on the date of publication of this document. 57 Please review these documents carefully, as they describe your rights 58 and restrictions with respect to this document. Code Components 59 extracted from this document must include Simplified BSD License text 60 as described in Section 4.e of the Trust Legal Provisions and are 61 provided without warranty as described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 1.1. Conventions and Definitions . . . . . . . . . . . . . . . 4 67 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 4 68 2. Compression Process Overview . . . . . . . . . . . . . . . . 5 69 2.1. Encoder . . . . . . . . . . . . . . . . . . . . . . . . . 5 70 2.1.1. Reference Tracking . . . . . . . . . . . . . . . . . 6 71 2.1.2. Limits on Dynamic Table Insertions . . . . . . . . . 6 72 2.1.3. Blocked Streams . . . . . . . . . . . . . . . . . . . 7 73 2.1.4. Known Received Count . . . . . . . . . . . . . . . . 8 74 2.2. Decoder . . . . . . . . . . . . . . . . . . . . . . . . . 8 75 2.2.1. Blocked Decoding . . . . . . . . . . . . . . . . . . 8 76 2.2.2. State Synchronization . . . . . . . . . . . . . . . . 9 77 2.2.3. Invalid References . . . . . . . . . . . . . . . . . 10 78 3. Header Tables . . . . . . . . . . . . . . . . . . . . . . . . 10 79 3.1. Static Table . . . . . . . . . . . . . . . . . . . . . . 10 80 3.2. Dynamic Table . . . . . . . . . . . . . . . . . . . . . . 11 81 3.2.1. Dynamic Table Size . . . . . . . . . . . . . . . . . 11 82 3.2.2. Dynamic Table Capacity and Eviction . . . . . . . . . 11 83 3.2.3. Maximum Dynamic Table Capacity . . . . . . . . . . . 12 84 3.2.4. Absolute Indexing . . . . . . . . . . . . . . . . . . 12 85 3.2.5. Relative Indexing . . . . . . . . . . . . . . . . . . 12 86 3.2.6. Post-Base Indexing . . . . . . . . . . . . . . . . . 14 87 4. Wire Format . . . . . . . . . . . . . . . . . . . . . . . . . 14 88 4.1. Primitives . . . . . . . . . . . . . . . . . . . . . . . 14 89 4.1.1. Prefixed Integers . . . . . . . . . . . . . . . . . . 14 90 4.1.2. String Literals . . . . . . . . . . . . . . . . . . . 14 91 4.2. Encoder and Decoder Streams . . . . . . . . . . . . . . . 15 92 4.3. Encoder Instructions . . . . . . . . . . . . . . . . . . 16 93 4.3.1. Set Dynamic Table Capacity . . . . . . . . . . . . . 16 94 4.3.2. Insert With Name Reference . . . . . . . . . . . . . 16 95 4.3.3. Insert Without Name Reference . . . . . . . . . . . . 17 96 4.3.4. Duplicate . . . . . . . . . . . . . . . . . . . . . . 17 98 4.4. Decoder Instructions . . . . . . . . . . . . . . . . . . 18 99 4.4.1. Header Acknowledgement . . . . . . . . . . . . . . . 18 100 4.4.2. Stream Cancellation . . . . . . . . . . . . . . . . . 19 101 4.4.3. Insert Count Increment . . . . . . . . . . . . . . . 19 102 4.5. Header Block Representations . . . . . . . . . . . . . . 19 103 4.5.1. Header Block Prefix . . . . . . . . . . . . . . . . . 20 104 4.5.2. Indexed Header Field . . . . . . . . . . . . . . . . 22 105 4.5.3. Indexed Header Field With Post-Base Index . . . . . . 23 106 4.5.4. Literal Header Field With Name Reference . . . . . . 23 107 4.5.5. Literal Header Field With Post-Base Name Reference . 24 108 4.5.6. Literal Header Field Without Name Reference . . . . . 24 109 5. Configuration . . . . . . . . . . . . . . . . . . . . . . . . 25 110 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 25 111 7. Security Considerations . . . . . . . . . . . . . . . . . . . 26 112 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 113 8.1. Settings Registration . . . . . . . . . . . . . . . . . . 26 114 8.2. Stream Type Registration . . . . . . . . . . . . . . . . 26 115 8.3. Error Code Registration . . . . . . . . . . . . . . . . . 27 116 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 117 9.1. Normative References . . . . . . . . . . . . . . . . . . 27 118 9.2. Informative References . . . . . . . . . . . . . . . . . 28 119 Appendix A. Static Table . . . . . . . . . . . . . . . . . . . . 28 120 Appendix B. Sample One Pass Encoding Algorithm . . . . . . . . . 32 121 Appendix C. Change Log . . . . . . . . . . . . . . . . . . . . . 33 122 C.1. Since draft-ietf-quic-qpack-11 . . . . . . . . . . . . . 34 123 C.2. Since draft-ietf-quic-qpack-10 . . . . . . . . . . . . . 34 124 C.3. Since draft-ietf-quic-qpack-09 . . . . . . . . . . . . . 34 125 C.4. Since draft-ietf-quic-qpack-08 . . . . . . . . . . . . . 34 126 C.5. Since draft-ietf-quic-qpack-06 . . . . . . . . . . . . . 34 127 C.6. Since draft-ietf-quic-qpack-05 . . . . . . . . . . . . . 34 128 C.7. Since draft-ietf-quic-qpack-04 . . . . . . . . . . . . . 34 129 C.8. Since draft-ietf-quic-qpack-03 . . . . . . . . . . . . . 34 130 C.9. Since draft-ietf-quic-qpack-02 . . . . . . . . . . . . . 35 131 C.10. Since draft-ietf-quic-qpack-01 . . . . . . . . . . . . . 35 132 C.11. Since draft-ietf-quic-qpack-00 . . . . . . . . . . . . . 35 133 C.12. Since draft-ietf-quic-qcram-00 . . . . . . . . . . . . . 35 134 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 36 135 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 137 1. Introduction 139 The QUIC transport protocol [QUIC-TRANSPORT] is designed to support 140 HTTP semantics, and its design subsumes many of the features of 141 HTTP/2 [RFC7540]. HTTP/2 uses HPACK [RFC7541] for header 142 compression. If HPACK were used for HTTP/3 [HTTP3], it would induce 143 head-of-line blocking due to built-in assumptions of a total ordering 144 across frames on all streams. 146 QPACK reuses core concepts from HPACK, but is redesigned to allow 147 correctness in the presence of out-of-order delivery, with 148 flexibility for implementations to balance between resilience against 149 head-of-line blocking and optimal compression ratio. The design 150 goals are to closely approach the compression ratio of HPACK with 151 substantially less head-of-line blocking under the same loss 152 conditions. 154 1.1. Conventions and Definitions 156 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 157 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 158 "OPTIONAL" in this document are to be interpreted as described in BCP 159 14 [RFC2119] [RFC8174] when, and only when, they appear in all 160 capitals, as shown here. 162 Definitions of terms that are used in this document: 164 Header field: A name-value pair sent as part of an HTTP message. 166 Header list: An ordered collection of header fields associated with 167 an HTTP message. A header list can contain multiple header fields 168 with the same name. It can also contain duplicate header fields. 170 Header block: The compressed representation of a header list. 172 Encoder: An implementation which transforms a header list into a 173 header block. 175 Decoder: An implementation which transforms a header block into a 176 header list. 178 Absolute Index: A unique index for each entry in the dynamic table. 180 Base: A reference point for relative and post-base indices. 181 References to dynamic table entries in header blocks are relative 182 to a Base. 184 Insert Count: The total number of entries inserted in the dynamic 185 table. 187 QPACK is a name, not an acronym. 189 1.2. Notational Conventions 191 Diagrams use the format described in Section 3.1 of [RFC2360], with 192 the following additional conventions: 194 x (A) Indicates that x is A bits long 196 x (A+) Indicates that x uses the prefixed integer encoding defined 197 in Section 4.1.1, beginning with an A-bit prefix. 199 x ... Indicates that x is variable-length and extends to the end of 200 the region. 202 2. Compression Process Overview 204 Like HPACK, QPACK uses two tables for associating header fields to 205 indices. The static table (Section 3.1) is predefined and contains 206 common header fields (some of them with an empty value). The dynamic 207 table (Section 3.2) is built up over the course of the connection and 208 can be used by the encoder to index header fields in the encoded 209 header lists. 211 QPACK defines unidirectional streams for sending instructions from 212 encoder to decoder and vice versa. 214 2.1. Encoder 216 An encoder converts a header list into a header block by emitting 217 either an indexed or a literal representation for each header field 218 in the list; see Section 4.5. Indexed representations achieve high 219 compression by replacing the literal name and possibly the value with 220 an index to either the static or dynamic table. References to the 221 static table and literal representations do not require any dynamic 222 state and never risk head-of-line blocking. References to the 223 dynamic table risk head-of-line blocking if the encoder has not 224 received an acknowledgement indicating the entry is available at the 225 decoder. 227 An encoder MAY insert any entry in the dynamic table it chooses; it 228 is not limited to header fields it is compressing. 230 QPACK preserves the ordering of header fields within each header 231 list. An encoder MUST emit header field representations in the order 232 they appear in the input header list. 234 QPACK is designed to contain the more complex state tracking to the 235 encoder, while the decoder is relatively simple. 237 2.1.1. Reference Tracking 239 An encoder MUST ensure that a header block which references a dynamic 240 table entry is not processed by the decoder after the referenced 241 entry has been evicted. Hence the encoder needs to retain 242 information about each compressed header block that references the 243 dynamic table until that header block is acknowledged by the decoder; 244 see Section 4.4.1. 246 2.1.2. Limits on Dynamic Table Insertions 248 Inserting entries into the dynamic table might not be possible if the 249 table contains entries which cannot be evicted. 251 A dynamic table entry cannot be evicted immediately after insertion, 252 even if it has never been referenced. Once the insertion of a 253 dynamic table entry has been acknowledged and there are no 254 outstanding unacknowledged references to the entry, the entry becomes 255 evictable. 257 If the dynamic table does not contain enough room for a new entry 258 without evicting other entries, and the entries which would be 259 evicted are not evictable, the encoder MUST NOT insert that entry 260 into the dynamic table (including duplicates of existing entries). 261 In order to avoid this, an encoder that uses the dynamic table has to 262 keep track of whether each entry is currently evictable or not. 264 2.1.2.1. Avoiding Prohibited Insertions 266 To ensure that the encoder is not prevented from adding new entries, 267 the encoder can avoid referencing entries that are close to eviction. 268 Rather than reference such an entry, the encoder can emit a Duplicate 269 instruction (Section 4.3.4), and reference the duplicate instead. 271 Determining which entries are too close to eviction to reference is 272 an encoder preference. One heuristic is to target a fixed amount of 273 available space in the dynamic table: either unused space or space 274 that can be reclaimed by evicting non-blocking entries. To achieve 275 this, the encoder can maintain a draining index, which is the 276 smallest absolute index (Section 3.2.4) in the dynamic table that it 277 will emit a reference for. As new entries are inserted, the encoder 278 increases the draining index to maintain the section of the table 279 that it will not reference. If the encoder does not create new 280 references to entries with an absolute index lower than the draining 281 index, the number of unacknowledged references to those entries will 282 eventually become zero, allowing them to be evicted. 284 +----------+---------------------------------+--------+ 285 | Draining | Referenceable | Unused | 286 | Entries | Entries | Space | 287 +----------+---------------------------------+--------+ 288 ^ ^ ^ 289 | | | 290 Dropping Draining Index Insertion Point 291 Point 293 Figure 1: Draining Dynamic Table Entries 295 2.1.3. Blocked Streams 297 Because QUIC does not guarantee order between data on different 298 streams, a decoder might encounter a header block that references a 299 dynamic table entry that it has not yet received. 301 Each header block contains a Required Insert Count (Section 4.5.1), 302 the lowest possible value for the Insert Count with which the header 303 block can be decoded. For a header block with references to the 304 dynamic table, the Required Insert Count is one larger than the 305 largest absolute index of all referenced dynamic table entries. For 306 a header block with no references to the dynamic table, the Required 307 Insert Count is zero. 309 When the decoder receives a header block with a Required Insert Count 310 greater than its own Insert Count, the stream cannot be processed 311 immediately, and is considered "blocked"; see Section 2.2.1. 313 The decoder specifies an upper bound on the number of streams which 314 can be blocked using the SETTINGS_QPACK_BLOCKED_STREAMS setting; see 315 Section 5. An encoder MUST limit the number of streams which could 316 become blocked to the value of SETTINGS_QPACK_BLOCKED_STREAMS at all 317 times. If a decoder encounters more blocked streams than it promised 318 to support, it MUST treat this as a connection error of type 319 HTTP_QPACK_DECOMPRESSION_FAILED. 321 Note that the decoder might not become blocked on every stream which 322 risks becoming blocked. 324 An encoder can decide whether to risk having a stream become blocked. 325 If permitted by the value of SETTINGS_QPACK_BLOCKED_STREAMS, 326 compression efficiency can often be improved by referencing dynamic 327 table entries that are still in transit, but if there is loss or 328 reordering the stream can become blocked at the decoder. An encoder 329 can avoid the risk of blocking by only referencing dynamic table 330 entries which have been acknowledged, but this could mean using 331 literals. Since literals make the header block larger, this can 332 result in the encoder becoming blocked on congestion or flow control 333 limits. 335 2.1.4. Known Received Count 337 The Known Received Count is the total number of dynamic table 338 insertions and duplications acknowledged by the decoder. The encoder 339 tracks the Known Received Count in order to identify which dynamic 340 table entries can be referenced without potentially blocking a 341 stream. The decoder tracks the Known Received Count in order to be 342 able to send Insert Count Increment instructions. 344 A Header Acknowledgement instruction (Section 4.4.1) implies that the 345 decoder has received all dynamic table state necessary to process 346 corresponding the header block. If the Required Insert Count of the 347 acknowledged header block is greater than the current Known Received 348 Count, Known Received Count is updated to the value of the Required 349 Insert Count. 351 An Insert Count Increment instruction Section 4.4.3 increases the 352 Known Received Count by its Increment parameter. See Section 2.2.2.3 353 for guidance. 355 2.2. Decoder 357 As in HPACK, the decoder processes header blocks and emits the 358 corresponding header lists. It also processes instructions received 359 on the encoder stream that modify the dynamic table. Note that 360 header blocks and encoder stream instructions arrive on separate 361 streams. This is unlike HPACK, where header blocks can contain 362 instructions that modify the dynamic table, and there is no dedicated 363 stream of HPACK instructions. 365 The decoder MUST emit header fields in the order their 366 representations appear in the input header block. 368 2.2.1. Blocked Decoding 370 Upon receipt of a header block, the decoder examines the Required 371 Insert Count. When the Required Insert Count is less than or equal 372 to the decoder's Insert Count, the header block can be processed 373 immediately. Otherwise, the stream on which the header block was 374 received becomes blocked. 376 While blocked, header block data SHOULD remain in the blocked 377 stream's flow control window. A stream becomes unblocked when the 378 Insert Count becomes greater than or equal to the Required Insert 379 Count for all header blocks the decoder has started reading from the 380 stream. 382 When processing header blocks, the decoder expects the Required 383 Insert Count to exactly match the value defined in Section 2.1.3. If 384 it encounters a smaller value than expected, it MUST treat this as a 385 connection error of type HTTP_QPACK_DECOMPRESSION_FAILED; see 386 Section 2.2.3. If it encounters a larger value than expected, it MAY 387 treat this as a connection error of type 388 HTTP_QPACK_DECOMPRESSION_FAILED. 390 2.2.2. State Synchronization 392 The decoder signals the following events by emitting decoder 393 instructions (Section 4.4) on the decoder stream. 395 2.2.2.1. Completed Processing of a Header Block 397 After the decoder finishes decoding a header block containing dynamic 398 table references, it MUST emit a Header Acknowledgement instruction 399 (Section 4.4.1). A stream may carry multiple header blocks in the 400 case of intermediate responses, trailers, and pushed requests. The 401 encoder interprets each Header Acknowledgement instruction as 402 acknowledging the earliest unacknowledged header block containing 403 dynamic table references sent on the given stream. 405 2.2.2.2. Abandonment of a Stream 407 When an endpoint receives a stream reset before the end of a stream 408 or before all header blocks are processed on that stream, or when it 409 abandons reading of a stream, it generates a Stream Cancellation 410 instruction; see Section 4.4.2. This signals to the encoder that all 411 references to the dynamic table on that stream are no longer 412 outstanding. A decoder with a maximum dynamic table capacity 413 (Section 3.2.3) equal to zero MAY omit sending Stream Cancellations, 414 because the encoder cannot have any dynamic table references. An 415 encoder cannot infer from this instruction that any updates to the 416 dynamic table have been received. 418 The Header Acknowledgement and Stream Cancellation instructions 419 permit the encoder to remove references to entries in the dynamic 420 table. When an entry with absolute index lower than the Known 421 Received Count has zero references, then it is considered evictable; 422 see Section 2.1.2. 424 2.2.2.3. New Table Entries 426 After receiving new table entries on the encoder stream, the decoder 427 chooses when to emit Insert Count Increment instructions; see 428 Section 4.4.3. Emitting this instruction after adding each new 429 dynamic table entry will provide the timeliest feedback to the 430 encoder, but could be redundant with other decoder feedback. By 431 delaying an Insert Count Increment instruction, the decoder might be 432 able to coalesce multiple Insert Count Increment instructions, or 433 replace them entirely with Header Acknowledgements; see 434 Section 4.4.1. However, delaying too long may lead to compression 435 inefficiencies if the encoder waits for an entry to be acknowledged 436 before using it. 438 2.2.3. Invalid References 440 If the decoder encounters a reference in a header block 441 representation to a dynamic table entry which has already been 442 evicted or which has an absolute index greater than or equal to the 443 declared Required Insert Count (Section 4.5.1), it MUST treat this as 444 a connection error of type "HTTP_QPACK_DECOMPRESSION_FAILED". 446 If the decoder encounters a reference in an encoder instruction to a 447 dynamic table entry which has already been evicted, it MUST treat 448 this as a connection error of type "HTTP_QPACK_ENCODER_STREAM_ERROR". 450 3. Header Tables 452 Unlike in HPACK, entries in the QPACK static and dynamic tables are 453 addressed separately. The following sections describe how entries in 454 each table are addressed. 456 3.1. Static Table 458 The static table consists of a predefined static list of header 459 fields, each of which has a fixed index over time. Its entries are 460 defined in Appendix A. 462 All entries in the static table have a name and a value. However, 463 values can be empty (that is, have a length of 0). Each entry is 464 identified by a unique index. 466 Note that the QPACK static table is indexed from 0, whereas the HPACK 467 static table is indexed from 1. 469 When the decoder encounters an invalid static table index in a header 470 block representation it MUST treat this as a connection error of type 471 "HTTP_QPACK_DECOMPRESSION_FAILED". If this index is received on the 472 encoder stream, this MUST be treated as a connection error of type 473 "HTTP_QPACK_ENCODER_STREAM_ERROR". 475 3.2. Dynamic Table 477 The dynamic table consists of a list of header fields maintained in 478 first-in, first-out order. Each HTTP/3 endpoint holds a dynamic 479 table that is initially empty. Entries are added by encoder 480 instructions received on the encoder stream; see Section 4.3. 482 The dynamic table can contain duplicate entries (i.e., entries with 483 the same name and same value). Therefore, duplicate entries MUST NOT 484 be treated as an error by the decoder. 486 Dynamic table entries can have empty values. 488 3.2.1. Dynamic Table Size 490 The size of the dynamic table is the sum of the size of its entries. 492 The size of an entry is the sum of its name's length in bytes, its 493 value's length in bytes, and 32. The size of an entry is calculated 494 using the length of its name and value without Huffman encoding 495 applied. 497 3.2.2. Dynamic Table Capacity and Eviction 499 The encoder sets the capacity of the dynamic table, which serves as 500 the upper limit on its size. The initial capacity of the dynamic 501 table is zero. The encoder sends a Set Dynamic Table Capacity 502 instruction (Section 4.3.1) with a non-zero capacity to begin using 503 the dynamic table. 505 Before a new entry is added to the dynamic table, entries are evicted 506 from the end of the dynamic table until the size of the dynamic table 507 is less than or equal to (table capacity - size of new entry). The 508 encoder MUST NOT cause a dynamic table entry to be evicted unless 509 that entry is evictable; see Section 2.1.2. The new entry is then 510 added to the table. It is an error if the encoder attempts to add an 511 entry that is larger than the dynamic table capacity; the decoder 512 MUST treat this as a connection error of type 513 "HTTP_QPACK_ENCODER_STREAM_ERROR". 515 A new entry can reference an entry in the dynamic table that will be 516 evicted when adding this new entry into the dynamic table. 517 Implementations are cautioned to avoid deleting the referenced name 518 or value if the referenced entry is evicted from the dynamic table 519 prior to inserting the new entry. 521 Whenever the dynamic table capacity is reduced by the encoder 522 (Section 4.3.1), entries are evicted from the end of the dynamic 523 table until the size of the dynamic table is less than or equal to 524 the new table capacity. This mechanism can be used to completely 525 clear entries from the dynamic table by setting a capacity of 0, 526 which can subsequently be restored. 528 3.2.3. Maximum Dynamic Table Capacity 530 To bound the memory requirements of the decoder, the decoder limits 531 the maximum value the encoder is permitted to set for the dynamic 532 table capacity. In HTTP/3, this limit is determined by the value of 533 SETTINGS_QPACK_MAX_TABLE_CAPACITY sent by the decoder; see Section 5. 534 The encoder MUST not set a dynamic table capacity that exceeds this 535 maximum, but it can choose to use a lower dynamic table capacity; see 536 Section 4.3.1. 538 For clients using 0-RTT data in HTTP/3, the server's maximum table 539 capacity is the remembered value of the setting, or zero if the value 540 was not previously sent. When the client's 0-RTT value of the 541 SETTING is zero, the server MAY set it to a non-zero value in its 542 SETTINGS frame. If the remembered value is non-zero, the server MUST 543 send the same non-zero value in its SETTINGS frame. If it specifies 544 any other value, or omits SETTINGS_QPACK_MAX_TABLE_CAPACITY from 545 SETTINGS, the encoder must treat this as a connection error of type 546 "HTTP_QPACK_DECODER_STREAM_ERROR". 548 For HTTP/3 servers and HTTP/3 clients when 0-RTT is not attempted or 549 is rejected, the maximum table capacity is 0 until the encoder 550 processes a SETTINGS frame with a non-zero value of 551 SETTINGS_QPACK_MAX_TABLE_CAPACITY. 553 When the maximum table capacity is zero, the encoder MUST NOT insert 554 entries into the dynamic table, and MUST NOT send any encoder 555 instructions on the encoder stream. 557 3.2.4. Absolute Indexing 559 Each entry possesses an absolute index which is fixed for the 560 lifetime of that entry. The first entry inserted has an absolute 561 index of "0"; indices increase by one with each insertion. 563 3.2.5. Relative Indexing 565 Relative indices begin at zero and increase in the opposite direction 566 from the absolute index. Determining which entry has a relative 567 index of "0" depends on the context of the reference. 569 In encoder instructions (Section 4.3), a relative index of "0" refers 570 to the most recently inserted value in the dynamic table. Note that 571 this means the entry referenced by a given relative index will change 572 while interpreting instructions on the encoder stream. 574 +-----+---------------+-------+ 575 | n-1 | ... | d | Absolute Index 576 + - - +---------------+ - - - + 577 | 0 | ... | n-d-1 | Relative Index 578 +-----+---------------+-------+ 579 ^ | 580 | V 581 Insertion Point Dropping Point 583 n = count of entries inserted 584 d = count of entries dropped 586 Figure 2: Example Dynamic Table Indexing - Encoder Stream 588 Unlike in encoder instructions, relative indices in header block 589 representations are relative to the Base at the beginning of the 590 header block; see Section 4.5.1. This ensures that references are 591 stable even if header blocks and dynamic table updates are processed 592 out of order. 594 In a header block a relative index of "0" refers to the entry with 595 absolute index equal to Base - 1. 597 Base 598 | 599 V 600 +-----+-----+-----+-----+-------+ 601 | n-1 | n-2 | n-3 | ... | d | Absolute Index 602 +-----+-----+ - +-----+ - + 603 | 0 | ... | n-d-3 | Relative Index 604 +-----+-----+-------+ 606 n = count of entries inserted 607 d = count of entries dropped 608 In this example, Base = n - 2 610 Figure 3: Example Dynamic Table Indexing - Relative Index in 611 Header Block 613 3.2.6. Post-Base Indexing 615 Post-Base indices are used in header block instructions for entries 616 with absolute indices greater than or equal to Base, starting at 0 617 for the entry with absolute index equal to Base, and increasing in 618 the same direction as the absolute index. 620 Post-Base indices allow an encoder to process a header block in a 621 single pass and include references to entries added while processing 622 this (or other) header blocks. 624 Base 625 | 626 V 627 +-----+-----+-----+-----+-----+ 628 | n-1 | n-2 | n-3 | ... | d | Absolute Index 629 +-----+-----+-----+-----+-----+ 630 | 1 | 0 | Post-Base Index 631 +-----+-----+ 633 n = count of entries inserted 634 d = count of entries dropped 635 In this example, Base = n - 2 637 Figure 4: Example Dynamic Table Indexing - Post-Base Index in 638 Header Block 640 4. Wire Format 642 4.1. Primitives 644 4.1.1. Prefixed Integers 646 The prefixed integer from Section 5.1 of [RFC7541] is used heavily 647 throughout this document. The format from [RFC7541] is used 648 unmodified. Note, however, that QPACK uses some prefix sizes not 649 actually used in HPACK. 651 QPACK implementations MUST be able to decode integers up to and 652 including 62 bits long. 654 4.1.2. String Literals 656 The string literal defined by Section 5.2 of [RFC7541] is also used 657 throughout. This string format includes optional Huffman encoding. 659 HPACK defines string literals to begin on a byte boundary. They 660 begin with a single bit flag, denoted as 'H' in this document 661 (indicating whether the string is Huffman-coded), followed by the 662 Length encoded as a 7-bit prefix integer, and finally Length bytes of 663 data. When Huffman encoding is enabled, the Huffman table from 664 Appendix B of [RFC7541] is used without modification. 666 This document expands the definition of string literals and permits 667 them to begin other than on a byte boundary. An "N-bit prefix string 668 literal" begins with the same Huffman flag, followed by the length 669 encoded as an (N-1)-bit prefix integer. The prefix size, N, can have 670 a value between 2 and 8 inclusive. The remainder of the string 671 literal is unmodified. 673 A string literal without a prefix length noted is an 8-bit prefix 674 string literal and follows the definitions in [RFC7541] without 675 modification. 677 4.2. Encoder and Decoder Streams 679 QPACK defines two unidirectional stream types: 681 * An encoder stream is a unidirectional stream of type "0x02". It 682 carries an unframed sequence of encoder instructions from encoder 683 to decoder. 685 * A decoder stream is a unidirectional stream of type "0x03". It 686 carries an unframed sequence of decoder instructions from decoder 687 to encoder. 689 HTTP/3 endpoints contain a QPACK encoder and decoder. Each endpoint 690 MUST initiate at most one encoder stream and at most one decoder 691 stream. Receipt of a second instance of either stream type MUST be 692 treated as a connection error of type HTTP_STREAM_CREATION_ERROR. 693 These streams MUST NOT be closed. Closure of either unidirectional 694 stream type MUST be treated as a connection error of type 695 HTTP_CLOSED_CRITICAL_STREAM. 697 An endpoint MAY avoid creating an encoder stream if it's not going to 698 be used (for example if its encoder doesn't wish to use the dynamic 699 table, or if the maximum size of the dynamic table permitted by the 700 peer is zero). 702 An endpoint MAY avoid creating a decoder stream if its decoder sets 703 the maximum capacity of the dynamic table to zero. 705 An endpoint MUST allow its peer to create an encoder stream and a 706 decoder stream even if the connection's settings prevent their use. 708 4.3. Encoder Instructions 710 An encoder sends encoder instructions on the encoder stream to set 711 the capacity of the dynamic table and add dynamic table entries. 712 Instructions adding table entries can use existing entries to avoid 713 transmitting redundant information. The name can be transmitted as a 714 reference to an existing entry in the static or the dynamic table or 715 as a string literal. For entries which already exist in the dynamic 716 table, the full entry can also be used by reference, creating a 717 duplicate entry. 719 This section specifies the following encoder instructions. 721 4.3.1. Set Dynamic Table Capacity 723 An encoder informs the decoder of a change to the dynamic table 724 capacity using an instruction which begins with the '001' three-bit 725 pattern. This is followed by the new dynamic table capacity 726 represented as an integer with a 5-bit prefix; see Section 4.1.1. 728 0 1 2 3 4 5 6 7 729 +---+---+---+---+---+---+---+---+ 730 | 0 | 0 | 1 | Capacity (5+) | 731 +---+---+---+-------------------+ 733 Figure 5: Set Dynamic Table Capacity 735 The new capacity MUST be lower than or equal to the limit described 736 in Section 3.2.3. In HTTP/3, this limit is the value of the 737 SETTINGS_QPACK_MAX_TABLE_CAPACITY parameter (Section 5) received from 738 the decoder. The decoder MUST treat a new dynamic table capacity 739 value that exceeds this limit as a connection error of type 740 "HTTP_QPACK_ENCODER_STREAM_ERROR". 742 Reducing the dynamic table capacity can cause entries to be evicted; 743 see Section 3.2.2. This MUST NOT cause the eviction of entries which 744 are not evictable; see Section 2.1.2. Changing the capacity of the 745 dynamic table is not acknowledged as this instruction does not insert 746 an entry. 748 4.3.2. Insert With Name Reference 750 An encoder adds an entry to the dynamic table where the header field 751 name matches the header field name of an entry stored in the static 752 or the dynamic table using an instruction that starts with the '1' 753 one-bit pattern. The second ('T') bit indicates whether the 754 reference is to the static or dynamic table. The 6-bit prefix 755 integer (Section 4.1.1) that follows is used to locate the table 756 entry for the header name. When T=1, the number represents the 757 static table index; when T=0, the number is the relative index of the 758 entry in the dynamic table. 760 The header name reference is followed by the header field value 761 represented as a string literal; see Section 4.1.2. 763 0 1 2 3 4 5 6 7 764 +---+---+---+---+---+---+---+---+ 765 | 1 | T | Name Index (6+) | 766 +---+---+-----------------------+ 767 | H | Value Length (7+) | 768 +---+---------------------------+ 769 | Value String (Length bytes) | 770 +-------------------------------+ 772 Figure 6: Insert Header Field -- Indexed Name 774 4.3.3. Insert Without Name Reference 776 An encoder adds an entry to the dynamic table where both the header 777 field name and the header field value are represented as string 778 literals using an instruction that starts with the '01' two-bit 779 pattern. 781 This is followed by the name represented as a 6-bit prefix string 782 literal, and the value represented as an 8-bit prefix string literal; 783 see Section 4.1.2. 785 0 1 2 3 4 5 6 7 786 +---+---+---+---+---+---+---+---+ 787 | 0 | 1 | H | Name Length (5+) | 788 +---+---+---+-------------------+ 789 | Name String (Length bytes) | 790 +---+---------------------------+ 791 | H | Value Length (7+) | 792 +---+---------------------------+ 793 | Value String (Length bytes) | 794 +-------------------------------+ 796 Figure 7: Insert Header Field -- New Name 798 4.3.4. Duplicate 800 An encoder duplicates an existing entry in the dynamic table using an 801 instruction that begins with the '000' three-bit pattern. This is 802 followed by the relative index of the existing entry represented as 803 an integer with a 5-bit prefix; see Section 4.1.1. 805 0 1 2 3 4 5 6 7 806 +---+---+---+---+---+---+---+---+ 807 | 0 | 0 | 0 | Index (5+) | 808 +---+---+---+-------------------+ 810 Figure 8: Duplicate 812 The existing entry is re-inserted into the dynamic table without 813 resending either the name or the value. This is useful to avoid 814 adding a reference to an older entry, which might block inserting new 815 entries. 817 4.4. Decoder Instructions 819 A decoder sends decoder instructions on the decoder stream to inform 820 the encoder about the processing of header blocks and table updates 821 to ensure consistency of the dynamic table. 823 This section specifies the following decoder instructions. 825 4.4.1. Header Acknowledgement 827 After processing a header block whose declared Required Insert Count 828 is not zero, the decoder emits a Header Acknowledgement instruction. 829 The instruction begins with the '1' one-bit pattern which is followed 830 by the header block's associated stream ID encoded as a 7-bit prefix 831 integer; see Section 4.1.1. 833 This instruction is used as described in Section 2.1.4 and in 834 Section 2.2.2. 836 0 1 2 3 4 5 6 7 837 +---+---+---+---+---+---+---+---+ 838 | 1 | Stream ID (7+) | 839 +---+---------------------------+ 841 Figure 9: Header Acknowledgement 843 If an encoder receives a Header Acknowledgement instruction referring 844 to a stream on which every header block with a non-zero Required 845 Insert Count has already been acknowledged, that MUST be treated as a 846 connection error of type "HTTP_QPACK_DECODER_STREAM_ERROR". 848 The Header Acknowledgement instruction might increase the Known 849 Received Count; see Section 2.1.4. 851 4.4.2. Stream Cancellation 853 When a stream is reset or reading is abandoned, the decoder emits a 854 Stream Cancellation instruction. The instruction begins with the 855 '01' two-bit pattern, which is followed by the stream ID of the 856 affected stream encoded as a 6-bit prefix integer. 858 This instruction is used as described in Section 2.2.2. 860 0 1 2 3 4 5 6 7 861 +---+---+---+---+---+---+---+---+ 862 | 0 | 1 | Stream ID (6+) | 863 +---+---+-----------------------+ 865 Figure 10: Stream Cancellation 867 4.4.3. Insert Count Increment 869 The Insert Count Increment instruction begins with the '00' two-bit 870 pattern, followed by the Increment encoded as a 6-bit prefix integer. 871 This instruction increases the Known Received Count (Section 2.1.4) 872 by the value of the Increment parameter. The decoder should send an 873 Increment value that increases the Known Received Count to the total 874 number of dynamic table insertions and duplications processed so far. 876 0 1 2 3 4 5 6 7 877 +---+---+---+---+---+---+---+---+ 878 | 0 | 0 | Increment (6+) | 879 +---+---+-----------------------+ 881 Figure 11: Insert Count Increment 883 An encoder that receives an Increment field equal to zero, or one 884 that increases the Known Received Count beyond what the encoder has 885 sent MUST treat this as a connection error of type 886 "HTTP_QPACK_DECODER_STREAM_ERROR". 888 4.5. Header Block Representations 890 A header block consists of a prefix and a possibly empty sequence of 891 representations defined in this section. Each representation 892 corresponds to a single header field. These representations 893 reference the static table or the dynamic table in a particular 894 state, but do not modify that state. 896 Header blocks are carried in frames on streams defined by the 897 enclosing protocol. 899 4.5.1. Header Block Prefix 901 Each header block is prefixed with two integers. The Required Insert 902 Count is encoded as an integer with an 8-bit prefix after the 903 encoding described in Section 4.5.1.1). The Base is encoded as a 904 sign bit ('S') and a Delta Base value with a 7-bit prefix; see 905 Section 4.5.1.2. 907 0 1 2 3 4 5 6 7 908 +---+---+---+---+---+---+---+---+ 909 | Required Insert Count (8+) | 910 +---+---------------------------+ 911 | S | Delta Base (7+) | 912 +---+---------------------------+ 913 | Compressed Headers ... 914 +-------------------------------+ 916 Figure 12: Header Block 918 4.5.1.1. Required Insert Count 920 Required Insert Count identifies the state of the dynamic table 921 needed to process the header block. Blocking decoders use the 922 Required Insert Count to determine when it is safe to process the 923 rest of the block. 925 The encoder transforms the Required Insert Count as follows before 926 encoding: 928 if ReqInsertCount == 0: 929 EncInsertCount = 0 930 else: 931 EncInsertCount = (ReqInsertCount mod (2 * MaxEntries)) + 1 933 Here "MaxEntries" is the maximum number of entries that the dynamic 934 table can have. The smallest entry has empty name and value strings 935 and has the size of 32. Hence "MaxEntries" is calculated as 937 MaxEntries = floor( MaxTableCapacity / 32 ) 939 "MaxTableCapacity" is the maximum capacity of the dynamic table as 940 specified by the decoder; see Section 3.2.3. 942 This encoding limits the length of the prefix on long-lived 943 connections. 945 The decoder can reconstruct the Required Insert Count using an 946 algorithm such as the following. If the decoder encounters a value 947 of EncodedInsertCount that could not have been produced by a 948 conformant encoder, it MUST treat this as a connection error of type 949 "HTTP_QPACK_DECOMPRESSION_FAILED". 951 TotalNumberOfInserts is the total number of inserts into the 952 decoder's dynamic table. 954 FullRange = 2 * MaxEntries 955 if EncodedInsertCount == 0: 956 ReqInsertCount = 0 957 else: 958 if EncodedInsertCount > FullRange: 959 Error 960 MaxValue = TotalNumberOfInserts + MaxEntries 962 # MaxWrapped is the largest possible value of 963 # ReqInsertCount that is 0 mod 2*MaxEntries 964 MaxWrapped = floor(MaxValue / FullRange) * FullRange 965 ReqInsertCount = MaxWrapped + EncodedInsertCount - 1 967 # If ReqInsertCount exceeds MaxValue, the Encoder's value 968 # must have wrapped one fewer time 969 if ReqInsertCount > MaxValue: 970 if ReqInsertCount <= FullRange: 971 Error 972 ReqInsertCount -= FullRange 974 # Value of 0 must be encoded as 0. 975 if ReqInsertCount == 0: 976 Error 978 For example, if the dynamic table is 100 bytes, then the Required 979 Insert Count will be encoded modulo 6. If a decoder has received 10 980 inserts, then an encoded value of 3 indicates that the Required 981 Insert Count is 9 for the header block. 983 4.5.1.2. Base 985 The "Base" is used to resolve references in the dynamic table as 986 described in Section 3.2.5. 988 To save space, the Base is encoded relative to the Required Insert 989 Count using a one-bit sign ('S') and the "Delta Base" value. A sign 990 bit of 0 indicates that the Base is greater than or equal to the 991 value of the Required Insert Count; the decoder adds the value of 992 Delta Base to the Required Insert Count to determine the value of the 993 Base. A sign bit of 1 indicates that the Base is less than the 994 Required Insert Count; the decoder subtracts the value of Delta Base 995 from the Required Insert Count and also subtracts one to determine 996 the value of the Base. That is: 998 if S == 0: 999 Base = ReqInsertCount + DeltaBase 1000 else: 1001 Base = ReqInsertCount - DeltaBase - 1 1003 A single-pass encoder determines the Base before encoding a header 1004 block. If the encoder inserted entries in the dynamic table while 1005 encoding the header block, Required Insert Count will be greater than 1006 the Base, so the encoded difference is negative and the sign bit is 1007 set to 1. If the header block did not reference the most recent 1008 entry in the table and did not insert any new entries, the Base will 1009 be greater than the Required Insert Count, so the delta will be 1010 positive and the sign bit is set to 0. 1012 An encoder that produces table updates before encoding a header block 1013 might set Base to the value of Required Insert Count. In such case, 1014 both the sign bit and the Delta Base will be set to zero. 1016 A header block that does not reference the dynamic table can use any 1017 value for the Base; setting Delta Base to zero is one of the most 1018 efficient encodings. 1020 For example, with a Required Insert Count of 9, a decoder receives an 1021 S bit of 1 and a Delta Base of 2. This sets the Base to 6 and 1022 enables post-base indexing for three entries. In this example, a 1023 relative index of 1 refers to the 5th entry that was added to the 1024 table; a post-base index of 1 refers to the 8th entry. 1026 4.5.2. Indexed Header Field 1028 An indexed header field representation identifies an entry in the 1029 static table, or an entry in the dynamic table with an absolute index 1030 less than the value of the Base. 1032 0 1 2 3 4 5 6 7 1033 +---+---+---+---+---+---+---+---+ 1034 | 1 | T | Index (6+) | 1035 +---+---+-----------------------+ 1037 Figure 13: Indexed Header Field 1039 This representation starts with the '1' 1-bit pattern, followed by 1040 the 'T' bit indicating whether the reference is into the static or 1041 dynamic table. The 6-bit prefix integer (Section 4.1.1) that follows 1042 is used to locate the table entry for the header field. When T=1, 1043 the number represents the static table index; when T=0, the number is 1044 the relative index of the entry in the dynamic table. 1046 4.5.3. Indexed Header Field With Post-Base Index 1048 An indexed header field with post-base index representation 1049 identifies an entry in the dynamic table with an absolute index 1050 greater than or equal to the value of the Base. 1052 0 1 2 3 4 5 6 7 1053 +---+---+---+---+---+---+---+---+ 1054 | 0 | 0 | 0 | 1 | Index (4+) | 1055 +---+---+---+---+---------------+ 1057 Figure 14: Indexed Header Field with Post-Base Index 1059 This representation starts with the '0001' 4-bit pattern. This is 1060 followed by the post-base index (Section 3.2.6) of the matching 1061 header field, represented as an integer with a 4-bit prefix; see 1062 Section 4.1.1. 1064 4.5.4. Literal Header Field With Name Reference 1066 A literal header field with name reference representation encodes a 1067 header field where the header field name matches the header field 1068 name of an entry in the static table, or the header field name of an 1069 entry in the dynamic table with an absolute index less than the value 1070 of the Base. 1072 0 1 2 3 4 5 6 7 1073 +---+---+---+---+---+---+---+---+ 1074 | 0 | 1 | N | T |Name Index (4+)| 1075 +---+---+---+---+---------------+ 1076 | H | Value Length (7+) | 1077 +---+---------------------------+ 1078 | Value String (Length bytes) | 1079 +-------------------------------+ 1081 Figure 15: Literal Header Field With Name Reference 1083 This representation starts with the '01' two-bit pattern. The 1084 following bit, 'N', indicates whether an intermediary is permitted to 1085 add this header to the dynamic header table on subsequent hops. When 1086 the 'N' bit is set, the encoded header MUST always be encoded with a 1087 literal representation. In particular, when a peer sends a header 1088 field that it received represented as a literal header field with the 1089 'N' bit set, it MUST use a literal representation to forward this 1090 header field. This bit is intended for protecting header field 1091 values that are not to be put at risk by compressing them; see 1092 Section 7 for more details. 1094 The fourth ('T') bit indicates whether the reference is to the static 1095 or dynamic table. The 4-bit prefix integer (Section 4.1.1) that 1096 follows is used to locate the table entry for the header name. When 1097 T=1, the number represents the static table index; when T=0, the 1098 number is the relative index of the entry in the dynamic table. 1100 Only the header field name is taken from the dynamic table entry; the 1101 header field value is encoded as an 8-bit prefix string literal; see 1102 Section 4.1.2. 1104 4.5.5. Literal Header Field With Post-Base Name Reference 1106 A literal header field with post-base name reference representation 1107 encodes a header field where the header field name matches the header 1108 field name of a dynamic table entry with an absolute index greater 1109 than or equal to the value of the Base. 1111 0 1 2 3 4 5 6 7 1112 +---+---+---+---+---+---+---+---+ 1113 | 0 | 0 | 0 | 0 | N |NameIdx(3+)| 1114 +---+---+---+---+---+-----------+ 1115 | H | Value Length (7+) | 1116 +---+---------------------------+ 1117 | Value String (Length bytes) | 1118 +-------------------------------+ 1120 Figure 16: Literal Header Field With Post-Base Name Reference 1122 This representation starts with the '0000' four-bit pattern. The 1123 fifth bit is the 'N' bit as described in Section 4.5.4. This is 1124 followed by a post-base index of the dynamic table entry 1125 (Section 3.2.6) encoded as an integer with a 3-bit prefix; see 1126 Section 4.1.1. 1128 Only the header field name is taken from the dynamic table entry; the 1129 header field value is encoded as an 8-bit prefix string literal; see 1130 Section 4.1.2. 1132 4.5.6. Literal Header Field Without Name Reference 1134 The literal header field without name reference representation 1135 encodes a header field name and a header field value as string 1136 literals. 1138 0 1 2 3 4 5 6 7 1139 +---+---+---+---+---+---+---+---+ 1140 | 0 | 0 | 1 | N | H |NameLen(3+)| 1141 +---+---+---+---+---+-----------+ 1142 | Name String (Length bytes) | 1143 +---+---------------------------+ 1144 | H | Value Length (7+) | 1145 +---+---------------------------+ 1146 | Value String (Length bytes) | 1147 +-------------------------------+ 1149 Figure 17: Literal Header Field Without Name Reference 1151 This representation begins with the '001' three-bit pattern. The 1152 fourth bit is the 'N' bit as described in Section 4.5.4. The name 1153 follows, represented as a 4-bit prefix string literal, then the 1154 value, represented as an 8-bit prefix string literal; see 1155 Section 4.1.2. 1157 5. Configuration 1159 QPACK defines two settings which are included in the HTTP/3 SETTINGS 1160 frame. 1162 SETTINGS_QPACK_MAX_TABLE_CAPACITY (0x1): The default value is zero. 1163 See Section 3.2 for usage. This is the equivalent of the 1164 SETTINGS_HEADER_TABLE_SIZE from HTTP/2. 1166 SETTINGS_QPACK_BLOCKED_STREAMS (0x7): The default value is zero. 1167 See Section 2.1.3. 1169 6. Error Handling 1171 The following error codes are defined for HTTP/3 to indicate failures 1172 of QPACK which prevent the connection from continuing: 1174 HTTP_QPACK_DECOMPRESSION_FAILED (0x200): The decoder failed to 1175 interpret a header block and is not able to continue decoding that 1176 header block. 1178 HTTP_QPACK_ENCODER_STREAM_ERROR (0x201): The decoder failed to 1179 interpret an encoder instruction received on the encoder stream. 1181 HTTP_QPACK_DECODER_STREAM_ERROR (0x202): The encoder failed to 1182 interpret a decoder instruction received on the decoder stream. 1184 7. Security Considerations 1186 TBD. Also see Section 7.1 of [RFC7541]. 1188 While the negotiated limit on the dynamic table size accounts for 1189 much of the memory that can be consumed by a QPACK implementation, 1190 data which cannot be immediately sent due to flow control is not 1191 affected by this limit. Implementations should limit the size of 1192 unsent data, especially on the decoder stream where flexibility to 1193 choose what to send is limited. Possible responses to an excess of 1194 unsent data might include limiting the ability of the peer to open 1195 new streams, reading only from the encoder stream, or closing the 1196 connection. 1198 8. IANA Considerations 1200 8.1. Settings Registration 1202 This document specifies two settings. The entries in the following 1203 table are registered in the "HTTP/3 Settings" registry established in 1204 [HTTP3]. 1206 +--------------------------+------+---------------+---------+ 1207 | Setting Name | Code | Specification | Default | 1208 +==========================+======+===============+=========+ 1209 | QPACK_MAX_TABLE_CAPACITY | 0x1 | Section 5 | 0 | 1210 +--------------------------+------+---------------+---------+ 1211 | QPACK_BLOCKED_STREAMS | 0x7 | Section 5 | 0 | 1212 +--------------------------+------+---------------+---------+ 1214 Table 1 1216 8.2. Stream Type Registration 1218 This document specifies two stream types. The entries in the 1219 following table are registered in the "HTTP/3 Stream Type" registry 1220 established in [HTTP3]. 1222 +----------------------+------+---------------+--------+ 1223 | Stream Type | Code | Specification | Sender | 1224 +======================+======+===============+========+ 1225 | QPACK Encoder Stream | 0x02 | Section 4.2 | Both | 1226 +----------------------+------+---------------+--------+ 1227 | QPACK Decoder Stream | 0x03 | Section 4.2 | Both | 1228 +----------------------+------+---------------+--------+ 1230 Table 2 1232 8.3. Error Code Registration 1234 This document specifies three error codes. The entries in the 1235 following table are registered in the "HTTP/3 Error Code" registry 1236 established in [HTTP3]. 1238 +---------------------------------+-----+-------------+-------------+ 1239 | Name |Code | Description |Specification| 1240 +=================================+=====+=============+=============+ 1241 | HTTP_QPACK_DECOMPRESSION_FAILED |0x200|Decompression| Section 6 | 1242 | | | of a header | | 1243 | | |block failed | | 1244 +---------------------------------+-----+-------------+-------------+ 1245 | HTTP_QPACK_ENCODER_STREAM_ERROR |0x201|Error on the | Section 6 | 1246 | | | encoder | | 1247 | | | stream | | 1248 +---------------------------------+-----+-------------+-------------+ 1249 | HTTP_QPACK_DECODER_STREAM_ERROR |0x202|Error on the | Section 6 | 1250 | | | decoder | | 1251 | | | stream | | 1252 +---------------------------------+-----+-------------+-------------+ 1254 Table 3 1256 9. References 1258 9.1. Normative References 1260 [HTTP3] Bishop, M., Ed., "Hypertext Transfer Protocol Version 3 1261 (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- 1262 quic-http-25, 22 January 2020, 1263 . 1265 [QUIC-TRANSPORT] 1266 Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based 1267 Multiplexed and Secure Transport", Work in Progress, 1268 Internet-Draft, draft-ietf-quic-transport-25, 22 January 1269 2020, . 1272 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1273 Requirement Levels", BCP 14, RFC 2119, 1274 DOI 10.17487/RFC2119, March 1997, 1275 . 1277 [RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for 1278 HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, 1279 . 1281 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1282 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1283 May 2017, . 1285 9.2. Informative References 1287 [RFC2360] Scott, G., "Guide for Internet Standards Writers", BCP 22, 1288 RFC 2360, DOI 10.17487/RFC2360, June 1998, 1289 . 1291 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 1292 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 1293 DOI 10.17487/RFC7540, May 2015, 1294 . 1296 Appendix A. Static Table 1298 +-------+----------------------------------+-----------------------+ 1299 | Index | Name | Value | 1300 +=======+==================================+=======================+ 1301 | 0 | :authority | | 1302 +-------+----------------------------------+-----------------------+ 1303 | 1 | :path | / | 1304 +-------+----------------------------------+-----------------------+ 1305 | 2 | age | 0 | 1306 +-------+----------------------------------+-----------------------+ 1307 | 3 | content-disposition | | 1308 +-------+----------------------------------+-----------------------+ 1309 | 4 | content-length | 0 | 1310 +-------+----------------------------------+-----------------------+ 1311 | 5 | cookie | | 1312 +-------+----------------------------------+-----------------------+ 1313 | 6 | date | | 1314 +-------+----------------------------------+-----------------------+ 1315 | 7 | etag | | 1316 +-------+----------------------------------+-----------------------+ 1317 | 8 | if-modified-since | | 1318 +-------+----------------------------------+-----------------------+ 1319 | 9 | if-none-match | | 1320 +-------+----------------------------------+-----------------------+ 1321 | 10 | last-modified | | 1322 +-------+----------------------------------+-----------------------+ 1323 | 11 | link | | 1324 +-------+----------------------------------+-----------------------+ 1325 | 12 | location | | 1326 +-------+----------------------------------+-----------------------+ 1327 | 13 | referer | | 1328 +-------+----------------------------------+-----------------------+ 1329 | 14 | set-cookie | | 1330 +-------+----------------------------------+-----------------------+ 1331 | 15 | :method | CONNECT | 1332 +-------+----------------------------------+-----------------------+ 1333 | 16 | :method | DELETE | 1334 +-------+----------------------------------+-----------------------+ 1335 | 17 | :method | GET | 1336 +-------+----------------------------------+-----------------------+ 1337 | 18 | :method | HEAD | 1338 +-------+----------------------------------+-----------------------+ 1339 | 19 | :method | OPTIONS | 1340 +-------+----------------------------------+-----------------------+ 1341 | 20 | :method | POST | 1342 +-------+----------------------------------+-----------------------+ 1343 | 21 | :method | PUT | 1344 +-------+----------------------------------+-----------------------+ 1345 | 22 | :scheme | http | 1346 +-------+----------------------------------+-----------------------+ 1347 | 23 | :scheme | https | 1348 +-------+----------------------------------+-----------------------+ 1349 | 24 | :status | 103 | 1350 +-------+----------------------------------+-----------------------+ 1351 | 25 | :status | 200 | 1352 +-------+----------------------------------+-----------------------+ 1353 | 26 | :status | 304 | 1354 +-------+----------------------------------+-----------------------+ 1355 | 27 | :status | 404 | 1356 +-------+----------------------------------+-----------------------+ 1357 | 28 | :status | 503 | 1358 +-------+----------------------------------+-----------------------+ 1359 | 29 | accept | */* | 1360 +-------+----------------------------------+-----------------------+ 1361 | 30 | accept | application/dns- | 1362 | | | message | 1363 +-------+----------------------------------+-----------------------+ 1364 | 31 | accept-encoding | gzip, deflate, br | 1365 +-------+----------------------------------+-----------------------+ 1366 | 32 | accept-ranges | bytes | 1367 +-------+----------------------------------+-----------------------+ 1368 | 33 | access-control-allow-headers | cache-control | 1369 +-------+----------------------------------+-----------------------+ 1370 | 34 | access-control-allow-headers | content-type | 1371 +-------+----------------------------------+-----------------------+ 1372 | 35 | access-control-allow-origin | * | 1373 +-------+----------------------------------+-----------------------+ 1374 | 36 | cache-control | max-age=0 | 1375 +-------+----------------------------------+-----------------------+ 1376 | 37 | cache-control | max-age=2592000 | 1377 +-------+----------------------------------+-----------------------+ 1378 | 38 | cache-control | max-age=604800 | 1379 +-------+----------------------------------+-----------------------+ 1380 | 39 | cache-control | no-cache | 1381 +-------+----------------------------------+-----------------------+ 1382 | 40 | cache-control | no-store | 1383 +-------+----------------------------------+-----------------------+ 1384 | 41 | cache-control | public, max- | 1385 | | | age=31536000 | 1386 +-------+----------------------------------+-----------------------+ 1387 | 42 | content-encoding | br | 1388 +-------+----------------------------------+-----------------------+ 1389 | 43 | content-encoding | gzip | 1390 +-------+----------------------------------+-----------------------+ 1391 | 44 | content-type | application/dns- | 1392 | | | message | 1393 +-------+----------------------------------+-----------------------+ 1394 | 45 | content-type | application/ | 1395 | | | javascript | 1396 +-------+----------------------------------+-----------------------+ 1397 | 46 | content-type | application/json | 1398 +-------+----------------------------------+-----------------------+ 1399 | 47 | content-type | application/x-www- | 1400 | | | form-urlencoded | 1401 +-------+----------------------------------+-----------------------+ 1402 | 48 | content-type | image/gif | 1403 +-------+----------------------------------+-----------------------+ 1404 | 49 | content-type | image/jpeg | 1405 +-------+----------------------------------+-----------------------+ 1406 | 50 | content-type | image/png | 1407 +-------+----------------------------------+-----------------------+ 1408 | 51 | content-type | text/css | 1409 +-------+----------------------------------+-----------------------+ 1410 | 52 | content-type | text/html; | 1411 | | | charset=utf-8 | 1412 +-------+----------------------------------+-----------------------+ 1413 | 53 | content-type | text/plain | 1414 +-------+----------------------------------+-----------------------+ 1415 | 54 | content-type | text/ | 1416 | | | plain;charset=utf-8 | 1417 +-------+----------------------------------+-----------------------+ 1418 | 55 | range | bytes=0- | 1419 +-------+----------------------------------+-----------------------+ 1420 | 56 | strict-transport-security | max-age=31536000 | 1421 +-------+----------------------------------+-----------------------+ 1422 | 57 | strict-transport-security | max-age=31536000; | 1423 | | | includesubdomains | 1424 +-------+----------------------------------+-----------------------+ 1425 | 58 | strict-transport-security | max-age=31536000; | 1426 | | | includesubdomains; | 1427 | | | preload | 1428 +-------+----------------------------------+-----------------------+ 1429 | 59 | vary | accept-encoding | 1430 +-------+----------------------------------+-----------------------+ 1431 | 60 | vary | origin | 1432 +-------+----------------------------------+-----------------------+ 1433 | 61 | x-content-type-options | nosniff | 1434 +-------+----------------------------------+-----------------------+ 1435 | 62 | x-xss-protection | 1; mode=block | 1436 +-------+----------------------------------+-----------------------+ 1437 | 63 | :status | 100 | 1438 +-------+----------------------------------+-----------------------+ 1439 | 64 | :status | 204 | 1440 +-------+----------------------------------+-----------------------+ 1441 | 65 | :status | 206 | 1442 +-------+----------------------------------+-----------------------+ 1443 | 66 | :status | 302 | 1444 +-------+----------------------------------+-----------------------+ 1445 | 67 | :status | 400 | 1446 +-------+----------------------------------+-----------------------+ 1447 | 68 | :status | 403 | 1448 +-------+----------------------------------+-----------------------+ 1449 | 69 | :status | 421 | 1450 +-------+----------------------------------+-----------------------+ 1451 | 70 | :status | 425 | 1452 +-------+----------------------------------+-----------------------+ 1453 | 71 | :status | 500 | 1454 +-------+----------------------------------+-----------------------+ 1455 | 72 | accept-language | | 1456 +-------+----------------------------------+-----------------------+ 1457 | 73 | access-control-allow-credentials | FALSE | 1458 +-------+----------------------------------+-----------------------+ 1459 | 74 | access-control-allow-credentials | TRUE | 1460 +-------+----------------------------------+-----------------------+ 1461 | 75 | access-control-allow-headers | * | 1462 +-------+----------------------------------+-----------------------+ 1463 | 76 | access-control-allow-methods | get | 1464 +-------+----------------------------------+-----------------------+ 1465 | 77 | access-control-allow-methods | get, post, options | 1466 +-------+----------------------------------+-----------------------+ 1467 | 78 | access-control-allow-methods | options | 1468 +-------+----------------------------------+-----------------------+ 1469 | 79 | access-control-expose-headers | content-length | 1470 +-------+----------------------------------+-----------------------+ 1471 | 80 | access-control-request-headers | content-type | 1472 +-------+----------------------------------+-----------------------+ 1473 | 81 | access-control-request-method | get | 1474 +-------+----------------------------------+-----------------------+ 1475 | 82 | access-control-request-method | post | 1476 +-------+----------------------------------+-----------------------+ 1477 | 83 | alt-svc | clear | 1478 +-------+----------------------------------+-----------------------+ 1479 | 84 | authorization | | 1480 +-------+----------------------------------+-----------------------+ 1481 | 85 | content-security-policy | script-src 'none'; | 1482 | | | object-src 'none'; | 1483 | | | base-uri 'none' | 1484 +-------+----------------------------------+-----------------------+ 1485 | 86 | early-data | 1 | 1486 +-------+----------------------------------+-----------------------+ 1487 | 87 | expect-ct | | 1488 +-------+----------------------------------+-----------------------+ 1489 | 88 | forwarded | | 1490 +-------+----------------------------------+-----------------------+ 1491 | 89 | if-range | | 1492 +-------+----------------------------------+-----------------------+ 1493 | 90 | origin | | 1494 +-------+----------------------------------+-----------------------+ 1495 | 91 | purpose | prefetch | 1496 +-------+----------------------------------+-----------------------+ 1497 | 92 | server | | 1498 +-------+----------------------------------+-----------------------+ 1499 | 93 | timing-allow-origin | * | 1500 +-------+----------------------------------+-----------------------+ 1501 | 94 | upgrade-insecure-requests | 1 | 1502 +-------+----------------------------------+-----------------------+ 1503 | 95 | user-agent | | 1504 +-------+----------------------------------+-----------------------+ 1505 | 96 | x-forwarded-for | | 1506 +-------+----------------------------------+-----------------------+ 1507 | 97 | x-frame-options | deny | 1508 +-------+----------------------------------+-----------------------+ 1509 | 98 | x-frame-options | sameorigin | 1510 +-------+----------------------------------+-----------------------+ 1512 Table 4 1514 Appendix B. Sample One Pass Encoding Algorithm 1516 Pseudo-code for single pass encoding, excluding handling of 1517 duplicates, non-blocking mode, and reference tracking. 1519 baseIndex = dynamicTable.baseIndex 1520 largestReference = 0 1521 for header in headers: 1522 staticIdx = staticTable.getIndex(header) 1523 if staticIdx: 1524 encodeIndexReference(streamBuffer, staticIdx) 1525 continue 1527 dynamicIdx = dynamicTable.getIndex(header) 1528 if !dynamicIdx: 1529 # No matching entry. Either insert+index or encode literal 1530 nameIdx = getNameIndex(header) 1531 if shouldIndex(header) and dynamicTable.canIndex(header): 1532 encodeLiteralWithIncrementalIndex(controlBuffer, nameIdx, 1533 header) 1534 dynamicTable.add(header) 1535 dynamicIdx = dynamicTable.baseIndex 1537 if !dynamicIdx: 1538 # Couldn't index it, literal 1539 if nameIdx <= staticTable.size: 1540 encodeLiteral(streamBuffer, nameIndex, header) 1541 else: 1542 # encode literal, possibly with nameIdx above baseIndex 1543 encodeDynamicLiteral(streamBuffer, nameIndex, baseIndex, 1544 header) 1545 largestReference = max(largestReference, 1546 dynamicTable.toAbsolute(nameIdx)) 1547 else: 1548 # Dynamic index reference 1549 assert(dynamicIdx) 1550 largestReference = max(largestReference, dynamicIdx) 1551 # Encode dynamicIdx, possibly with dynamicIdx above baseIndex 1552 encodeDynamicIndexReference(streamBuffer, dynamicIdx, 1553 baseIndex) 1555 # encode the prefix 1556 encodeInteger(prefixBuffer, 0x00, largestReference, 8) 1557 if baseIndex >= largestReference: 1558 encodeInteger(prefixBuffer, 0, baseIndex - largestReference, 7) 1559 else: 1560 encodeInteger(prefixBuffer, 0x80, 1561 largestReference - baseIndex, 7) 1563 return controlBuffer, prefixBuffer + streamBuffer 1565 Appendix C. Change Log 1566 *RFC Editor's Note:* Please remove this section prior to 1567 publication of a final version of this document. 1569 C.1. Since draft-ietf-quic-qpack-11 1571 Editorial changes only 1573 C.2. Since draft-ietf-quic-qpack-10 1575 Editorial changes only 1577 C.3. Since draft-ietf-quic-qpack-09 1579 * Decoders MUST emit Header Acknowledgements (#2939) 1581 * Updated error code for multiple encoder or decoder streams (#2970) 1583 * Added explicit defaults for new SETTINGS (#2974) 1585 C.4. Since draft-ietf-quic-qpack-08 1587 * Endpoints are permitted to create encoder and decoder streams even 1588 if they can't use them (#2100, #2529) 1590 * Maximum values for settings removed (#2766, #2767) 1592 C.5. Since draft-ietf-quic-qpack-06 1594 * Clarify initial dynamic table capacity maximums (#2276, #2330, 1595 #2330) 1597 C.6. Since draft-ietf-quic-qpack-05 1599 * Introduced the terms dynamic table capacity and maximum dynamic 1600 table capacity. 1602 * Renamed SETTINGS_HEADER_TABLE_SIZE to 1603 SETTINGS_QPACK_MAX_TABLE_CAPACITY. 1605 C.7. Since draft-ietf-quic-qpack-04 1607 * Changed calculation of Delta Base Index to avoid an illegal value 1608 (#2002, #2005) 1610 C.8. Since draft-ietf-quic-qpack-03 1612 * Change HTTP settings defaults (#2038) 1613 * Substantial editorial reorganization 1615 C.9. Since draft-ietf-quic-qpack-02 1617 * Largest Reference encoded modulo MaxEntries (#1763) 1619 * New Static Table (#1355) 1621 * Table Size Update with Insert Count=0 is a connection error 1622 (#1762) 1624 * Stream Cancellations are optional when 1625 SETTINGS_HEADER_TABLE_SIZE=0 (#1761) 1627 * Implementations must handle 62 bit integers (#1760) 1629 * Different error types for each QPACK stream, other changes to 1630 error handling (#1726) 1632 * Preserve header field order (#1725) 1634 * Initial table size is the maximum permitted when table is first 1635 usable (#1642) 1637 C.10. Since draft-ietf-quic-qpack-01 1639 * Only header blocks that reference the dynamic table are 1640 acknowledged (#1603, #1605) 1642 C.11. Since draft-ietf-quic-qpack-00 1644 * Renumbered instructions for consistency (#1471, #1472) 1646 * Decoder is allowed to validate largest reference (#1404, #1469) 1648 * Header block acknowledgments also acknowledge the associated 1649 largest reference (#1370, #1400) 1651 * Added an acknowledgment for unread streams (#1371, #1400) 1653 * Removed framing from encoder stream (#1361,#1467) 1655 * Control streams use typed unidirectional streams rather than fixed 1656 stream IDs (#910,#1359) 1658 C.12. Since draft-ietf-quic-qcram-00 1659 * Separate instruction sets for table updates and header blocks 1660 (#1235, #1142, #1141) 1662 * Reworked indexing scheme (#1176, #1145, #1136, #1130, #1125, 1663 #1314) 1665 * Added mechanisms that support one-pass encoding (#1138, #1320) 1667 * Added a setting to control the number of blocked decoders (#238, 1668 #1140, #1143) 1670 * Moved table updates and acknowledgments to dedicated streams 1671 (#1121, #1122, #1238) 1673 Acknowledgments 1675 This draft draws heavily on the text of [RFC7541]. The indirect 1676 input of those authors is gratefully acknowledged, as well as ideas 1677 from: 1679 * Ryan Hamilton 1681 * Patrick McManus 1683 * Kazuho Oku 1685 * Biren Roy 1687 * Ian Swett 1689 * Dmitri Tikhonov 1691 Buck's contribution was supported by Google during his employment 1692 there. 1694 A substantial portion of Mike's contribution was supported by 1695 Microsoft during his employment there. 1697 Authors' Addresses 1699 Charles 'Buck' Krasic 1700 Netflix 1702 Email: ckrasic@netflix.com 1704 Mike Bishop 1705 Akamai Technologies 1707 Email: mbishop@evequefou.be 1709 Alan Frindell (editor) 1710 Facebook 1712 Email: afrind@fb.com