idnits 2.17.1 draft-ietf-webtrans-http2-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7540], [OVERVIEW]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (30 July 2021) is 1001 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-httpbis-semantics-17 -- Possible downref: Normative reference to a draft: ref. 'HTTP' == Outdated reference: A later version (-07) exists of draft-ietf-webtrans-overview-02 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) == Outdated reference: A later version (-09) exists of draft-ietf-webtrans-http3-01 Summary: 4 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 webtrans A. Frindell 3 Internet-Draft Facebook Inc. 4 Intended status: Standards Track E. Kinnear 5 Expires: 31 January 2022 T. Pauly 6 Apple Inc. 7 V. Vasiliev 8 Google 9 G. Xie 10 Facebook Inc. 11 30 July 2021 13 WebTransport using HTTP/2 14 draft-ietf-webtrans-http2-01 16 Abstract 18 WebTransport [OVERVIEW] is a protocol framework that enables clients 19 constrained by the Web security model to communicate with a remote 20 server using a secure multiplexed transport. This document describes 21 a WebTransport protocol that is based on HTTP/2 [RFC7540] and 22 provides support for unidirectional streams, bidirectional streams 23 and datagrams, all multiplexed within the same HTTP/2 connection. 25 Note to Readers 27 Discussion of this draft takes place on the WebTransport mailing list 28 (webtransport@ietf.org (mailto:webtransport@ietf.org)), which is 29 archived at https://mailarchive.ietf.org/arch/ 30 search/?email_list=webtransport. 32 The repository tracking the issues for this draft can be found at 33 https://github.com/ietf-wg-webtrans/draft-webtransport-http2. The 34 web API draft corresponding to this document can be found at 35 https://w3c.github.io/webtransport/. 37 Status of This Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at https://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on 31 January 2022. 54 Copyright Notice 56 Copyright (c) 2021 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 61 license-info) in effect on the date of publication of this document. 62 Please review these documents carefully, as they describe your rights 63 and restrictions with respect to this document. Code Components 64 extracted from this document must include Simplified BSD License text 65 as described in Section 4.e of the Trust Legal Provisions and are 66 provided without warranty as described in the Simplified BSD License. 68 Table of Contents 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 71 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 73 3. Session Establishment . . . . . . . . . . . . . . . . . . . . 4 74 3.1. Establishing a Transport-Capable HTTP/2 Connection . . . 4 75 3.2. Extended CONNECT in HTTP/2 . . . . . . . . . . . . . . . 4 76 3.3. Creating a New Session . . . . . . . . . . . . . . . . . 4 77 3.4. Limiting the Number of Simultaneous Sessions . . . . . . 5 78 4. WebTransport Features . . . . . . . . . . . . . . . . . . . . 5 79 4.1. WT_STREAM Frame . . . . . . . . . . . . . . . . . . . . . 6 80 4.2. WT_RST_STREAM Frame . . . . . . . . . . . . . . . . . . . 7 81 4.3. WT_STOP_SENDING Frame . . . . . . . . . . . . . . . . . . 8 82 4.4. WT_DATAGRAM Frame . . . . . . . . . . . . . . . . . . . . 9 83 5. Session Termination . . . . . . . . . . . . . . . . . . . . . 10 84 6. Transport Properties . . . . . . . . . . . . . . . . . . . . 11 85 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 86 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 87 8.1. HTTP/2 SETTINGS Parameter Registration . . . . . . . . . 12 88 8.2. Frame Type Registration . . . . . . . . . . . . . . . . . 12 89 8.3. HTTP/2 Error Code Registry . . . . . . . . . . . . . . . 13 90 8.4. Examples . . . . . . . . . . . . . . . . . . . . . . . . 13 91 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 92 9.1. Normative References . . . . . . . . . . . . . . . . . . 15 93 9.2. Informative References . . . . . . . . . . . . . . . . . 16 94 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 17 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 97 1. Introduction 99 Currently, the only mechanism in HTTP/2 for server to client 100 communication is server push. That is, servers can initiate 101 unidirectional push promised streams to clients, but clients cannot 102 respond to them; they can only accept them or discard them. 103 Additionally, intermediaries along the path may have different server 104 push policies and may not forward push promised streams to the 105 downstream client. This best effort mechanism is not sufficient to 106 reliably deliver messages from servers to clients, limiting server to 107 client use-cases such as chat messages or notifications. 109 Several techniques have been developed to workaround these 110 limitations: long polling [RFC6202], WebSocket [RFC8441], and 111 tunneling using the CONNECT method. All of these approaches have 112 limitations. 114 This document defines a mechanism for multiplexing non-HTTP data with 115 HTTP/2 in a manner that conforms with the WebTransport protocol 116 requirements and semantics [OVERVIEW]. Using the mechanism described 117 here, multiple WebTransport instances can be multiplexed 118 simultaneously with regular HTTP traffic on the same HTTP/2 119 connection. 121 1.1. Terminology 123 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 125 "OPTIONAL" in this document are to be interpreted as described in BCP 126 14 [RFC2119] [RFC8174] when, and only when, they appear in all 127 capitals, as shown here. 129 This document follows terminology defined in Section 1.2 of 130 [OVERVIEW]. Note that this document distinguishes between a 131 WebTransport server and an HTTP/2 server. An HTTP/2 server is the 132 server that terminates HTTP/2 connections; a WebTransport server is 133 an application that accepts WebTransport sessions, which can be 134 accessed via an HTTP/2 server. 136 2. Protocol Overview 138 WebTransport servers are identified by an HTTPS URI as defined in 139 Section 4.2.2 of [HTTP]. 141 When an HTTP/2 connection is established, both the client and server 142 have to send a SETTINGS_ENABLE_WEBTRANSPORT setting in order to 143 indicate that they both support WebTransport over HTTP/2. 145 WebTransport sessions are initiated inside a given HTTP/2 connection 146 by the client, who sends an extended CONNECT request [RFC8441]. If 147 the server accepts the request, an WebTransport session is 148 established. The resulting stream will be further referred to as a 149 _CONNECT stream_, and its stream ID is used to uniquely identify a 150 given WebTransport session within the connection. The ID of the 151 CONNECT stream that established a given WebTransport session will be 152 further referred to as a _Session ID_. 154 After the session is established, the peers can exchange data using 155 the following mechanisms: 157 * Both client and server can create a bidirectional or 158 unidirectional stream using a new HTTP/2 extension frame 159 (WT_STREAM) 161 * A datagram can be sent using a new HTTP/2 extension frame 162 WT_DATAGRAM. 164 A WebTransport session is terminated when the CONNECT stream that 165 created it is closed. 167 3. Session Establishment 169 3.1. Establishing a Transport-Capable HTTP/2 Connection 171 In order to indicate support for WebTransport, both the client and 172 the server MUST send a SETTINGS_ENABLE_WEBTRANSPORT value set to "1" 173 in their SETTINGS frame. Endpoints MUST NOT use any WebTransport- 174 related functionality unless the parameter has been negotiated. 176 3.2. Extended CONNECT in HTTP/2 178 [RFC8441] defines an extended CONNECT method in Section 4, enabled by 179 the SETTINGS_ENABLE_CONNECT_PROTOCOL parameter. An endpoint does not 180 need to send both SETTINGS_ENABLE_CONNECT_PROTOCOL and 181 SETTINGS_ENABLE_WEBTRANSPORT; the SETTINGS_ENABLE_WEBTRANSPORT 182 setting implies that an endpoint supports extended CONNECT. 184 3.3. Creating a New Session 186 As WebTransport sessions are established over HTTP/2, they are 187 identified using the "https" URI scheme [RFC7230]. 189 In order to create a new WebTransport session, a client can send an 190 HTTP CONNECT request. The ":protocol" pseudo-header field 191 ([RFC8441]) MUST be set to "webtransport" (Section 7.1 of 192 [WEBTRANSPORT-H3]). The ":scheme" field MUST be "https". Both the 193 ":authority" and the ":path" value MUST be set; those fields indicate 194 the desired WebTransport server. An "Origin" header [RFC6454] MUST 195 be provided within the request. 197 Upon receiving an extended CONNECT request with a ":protocol" field 198 set to "webtransport", the HTTP/2 server can check if it has a 199 WebTransport server associated with the specified ":authority" and 200 ":path" values. If it does not, it SHOULD reply with status code 404 201 (Section 6.5.4, [RFC7231]). If it does, it MAY accept the session by 202 replying with status code 200. The WebTransport server MUST verify 203 the "Origin" header to ensure that the specified origin is allowed to 204 access the server in question. 206 From the client's perspective, a WebTransport session is established 207 when the client receives a 200 response. From the server's 208 perspective, a session is established once it sends a 200 response. 209 Both endpoints MUST NOT open any streams or send any datagrams on a 210 given session before that session is established. 212 3.4. Limiting the Number of Simultaneous Sessions 214 From the flow control perspective, WebTransport sessions count 215 against the stream flow control just like regular HTTP requests, 216 since they are established via an HTTP CONNECT request. This 217 document does not make any effort to introduce a separate flow 218 control mechanism for sessions, nor to separate HTTP requests from 219 WebTransport data streams. If the server needs to limit the rate of 220 incoming requests, it has alternative mechanisms at its disposal: 222 * "HTTP_STREAM_REFUSED" error code defined in [RFC7540] indicates to 223 the receiving HTTP/2 stack that the request was not processed in 224 any way. 226 * HTTP status code 429 indicates that the request was rejected due 227 to rate limiting [RFC6585]. Unlike the previous method, this 228 signal is directly propagated to the application. 230 4. WebTransport Features 232 WebTransport over HTTP/2 provides the following features described in 233 [OVERVIEW]: unidirectional streams, bidirectional streams and 234 datagrams, initiated by either endpoint. 236 Session IDs are used to demultiplex streams and datagrams belonging 237 to different WebTransport sessions. On the wire, session IDs are 238 encoded using a 31-bit integer field. 240 4.1. WT_STREAM Frame 242 A new HTTP/2 frame called WT_STREAM is introduced for either endpoint 243 to establish WebTransport streams. WT_STREAM frames can be sent on a 244 stream in the "idle", "reserved (local)", "open", or "half-closed 245 (remote)" state. 247 0 1 2 3 248 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 249 +---------------+ 250 |Pad Length? (8)| 251 +-+-------------+-----------------------------------------------+ 252 |R| Session ID (31) | 253 +-+-------------------------------------------------------------+ 254 | Padding (*) ... 255 +---------------------------------------------------------------+ 257 Figure 1: WT_STREAM Frame Format 259 The WT_STREAM frame define the following fields: 261 Pad Length: An 8-bit field containing the length of the frame padding 262 in units of octets. This field is conditional (as signified by a "?" 263 in the diagram) and is only present if the PADDED flag is set. 265 Session ID: An unsigned 31-bit integer that identifies the stream 266 Connect Stream for this Web Transport stream. The Session ID MUST be 267 MUST be an open stream negotiated via the extended CONNECT protocol 268 with a ":protocol" value of "webtransport". 270 The WT_STREAM frame defines the following flags: 272 UNIDIRECTIONAL (0x1): When set, the stream begins in the "half-closed 273 (remote)" state at the sender, and in the "half-closed (local)" state 274 at the receiver. 276 As with all HTTP/2 streams, WebTransport streams initiated by a 277 client have odd stream IDs and those initiated by a server have even 278 stream IDs. 280 The recipient MUST respond with a stream error of type 281 WT_STREAM_ERROR if the specified WebTransport Connect Stream does not 282 exist, is not a stream established via extended CONNECT to use the 283 "webtransport" protocol, or if it is in the "closed" or "half-closed 284 (remote)" stream state. 286 4.2. WT_RST_STREAM Frame 288 The RST_STREAM frame defined in HTTP/2 moves a stream to the "closed" 289 state, but WebTransport streams can be reset unidirectionally, as in 290 QUIC and HTTP/3. A new HTTP/2 frame called WT_RST_STREAM is 291 introduced for an endpoint to unidirectionally reset a stream for 292 writing. WT_RST_STREAM frames can be sent on a stream in the "open", 293 or "half-closed (remote)" state. 295 0 1 2 3 296 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 297 +---------------------------------------------------------------+ 298 | Error Code (32) | 299 +---------------------------------------------------------------+ 301 Figure 2: WT_RST_STREAM Frame Format 303 The WT_RST_STREAM frame contains a single unsigned, 32-bit integer 304 identifying the error code. The error code indicates why the stream 305 is being abruptly terminated for writing. 307 The WT_RST_STREAM frame does not define any flags. 309 The WT_RST_STREAM frame half-closes the referenced stream and effects 310 the same state machine transitions as sending or receiving the 311 END_STREAM flag. If the sender is in the "open" state, it 312 transitions to "half-closed (local)". If the sender is in the "half- 313 closed (remote)" state, it transitions to "closed". If the receiver 314 is in the "open" state, it transitions to "half-closed (remote)". If 315 the receiver is in the "half-closed (local)" state, it transitions to 316 "closed". 318 After sending a WT_RST_STREAM on a stream, the sender MUST NOT send 319 additional DATA frames for that stream. If another frame is received 320 on a stream after receiving a WT_RST_STREAM, the recipient MUST treat 321 this as a connection error of type PROTOCOL_ERROR. 323 WT_RST_STREAM frames MUST be associated with a WebTransport stream. 324 If a WT_RST_STREAM frame is received with a stream identifier of 0x0, 325 or a request or push stream, the recipient MUST treat this as a 326 connection error of type PROTOCOL_ERROR. 328 WT_RST_STREAM frames MUST NOT be sent for a stream in any state other 329 than "open" or "half-closed (remote)". If a WT_RST_STREAM frame 330 identifying a stream in the "idle", "reserved (local)", "reserved 331 (remote)" state is received, the recipient MUST treat this as a 332 connection error (Section 5.4.1) of type PROTOCOL_ERROR. Because of 333 race conditions with WT_STOP_SENDING, it is possible to receive a 334 WT_RST_STREAM in the "half-closed (remote)" or "closed" state. The 335 recipient should ignore the frame in this case. 337 A WT_RST_STREAM frame with a length other than 4 octets MUST be 338 treated as a connection error (Section 5.4.1) of type 339 FRAME_SIZE_ERROR. 341 4.3. WT_STOP_SENDING Frame 343 The RST_STREAM frame defined in HTTP/2 moves a stream to the "closed" 344 state, but WebTransport streams can be reset unidirectionally, as in 345 QUIC and HTTP/3. A new HTTP/2 frame called WT_STOP_SENDING is 346 introduced for an endpoint to unidirectionally reset a stream for 347 reading. WT_STOP_SENDING frames can be sent on a stream in the 348 "open", or "half-closed (local)" state. 350 0 1 2 3 351 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 352 +---------------------------------------------------------------+ 353 | Error Code (32) | 354 +---------------------------------------------------------------+ 356 Figure 3: WT_STOP_SENDING Frame Format 358 The WT_STOP_SENDING frame contains a single unsigned, 32-bit integer 359 identifying the error code. The error code indicates why the reading 360 the stream is being abandoned. 362 The WT_STOP_SENDING frame does not define any flags. 364 The WT_STOP_SENDING frame half-closes the referenced stream and 365 effects the same state machine transitions as sending or receiving 366 the END_STREAM flag. If the sender is in the open state, it 367 transitions to "half-closed (remote)". If the sender is in the 368 "half-closed (local)" state, it transitions to "closed". If the 369 receiver is in the "open" state, it transitions to "half-closed 370 (local)". If the receiver is in the "half-closed (remote)" state, it 371 transitions to "closed". 373 After receiving a WT_STOP_SENDING on a stream, the sender MUST NOT 374 send additional frames for that stream. After sending the 375 WT_STOP_SENDING, the sending endpoint MUST be prepared to receive and 376 handle additional frames sent on the stream that might have been sent 377 by the peer prior to the arrival of the WT_STOP_SENDING. 379 WT_STOP_SENDING frames MUST be associated with a WebTransport stream. 380 If a WT_STOP_SENDING frame is received with a stream identifier of 381 0x0, or a request or push stream, the recipient MUST treat this as a 382 connection error of type PROTOCOL_ERROR. 384 WT_STOP_SENDING frames MUST NOT be sent for a stream in any state 385 other than "open" or "half-closed (local)". It is possible to 386 receive a WT_STOP_SENDING in another state however, because the 387 sender might have closed or reset the stream while the 388 WT_STOP_SENDING was in flight. If a WT_STOP_SENDING frame 389 identifying a stream that is already "closed" or "half-closed 390 (local)", the recipient SHOULD ignore the frame. 392 It is also possible to receive DATA frames on a WebTransport stream 393 in the "half-closed (remote)" or "closed" states if the stream 394 transitioned there via WT_STOP_SENDING. If a DATA frame is received 395 on a WebTransport stream in one of these states, the recipient MUST 396 account for its contribution against the connection flow-control 397 window and MUST NOT treat it as an error. 399 A WT_STOP_SENDING frame with a length other than 4 octets MUST be 400 treated as a connection error (Section 5.4.1) of type 401 FRAME_SIZE_ERROR. 403 4.4. WT_DATAGRAM Frame 405 A new HTTP/2 frame called WT_DATAGRAM is introduced for either 406 endpoint to transmit a datagram. WT_DATAGRAM frames are sent with 407 Stream Identifier 0. 409 0 1 2 3 410 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 411 +---------------+ 412 |Pad Length? (8)| 413 +-+-------------+-----------------------------------------------+ 414 |R| Session ID (31) | 415 +-+-------------------------------------------------------------+ 416 | Data (*) ... 417 +---------------------------------------------------------------+ 418 | Padding (*) ... 419 +---------------------------------------------------------------+ 420 Figure 4: WT_DATAGRAM Frame Format 422 The WT_DATAGRAM frame define the following fields: 424 Pad Length: An 8-bit field containing the length of the frame padding 425 in units of octets. This field is conditional (as signified by a "?" 426 in the diagram) and is only present if the PADDED flag is set. 428 Session ID: An unsigned 31-bit integer that identifies the stream 429 Connect Stream for this Web Transport stream. The Session ID MUST be 430 MUST be an open stream negotiated via the extended CONNECT protocol 431 with a ":protocol" value of "webtransport". 433 Data: Application data. The amount of data is the remainder of the 434 frame payload after subtracting the length of the other fields that 435 are present. 437 The WT_DATAGRAM frame does not define any flags. 439 The recipient MAY respond with a stream error of type WT_STREAM_ERROR 440 if the specified WebTransport Connect Stream does not exist, is not a 441 stream established via extended CONNECT to use the "webtransport" 442 protocol, or if it is in the "closed" or "half-closed (remote)" 443 stream state. 445 The data in WT_DATAGRAM frames is not subject to flow control. The 446 receiver MAY discard this data if it does not have sufficient space 447 to buffer it. 449 An intermediary could forward the data in a WT_DATAGRAM frame over 450 another protocol, such as WebTransport over HTTP/3. In QUIC, a 451 datagram frame can span at most one packet. Because of that, the 452 applications have to know the maximum size of the datagram they can 453 send. However, when proxying the datagrams, the hop-by-hop MTUs can 454 vary. 456 5. Session Termination 458 An WebTransport session over HTTP/2 is terminated when either 459 endpoint closes the stream associated with the CONNECT request that 460 initiated the session. Upon learning about the session being 461 terminated, the endpoint MUST stop sending new datagrams and reset 462 all of the streams associated with the session. 464 6. Transport Properties 466 The WebTransport framework [OVERVIEW] defines a set of optional 467 transport properties that clients can use to determine the presence 468 of features which might allow additional optimizations beyond the 469 common set of properties available via all WebTransport protocols. 470 Below are details about support in Http2Transport for those 471 properties. 473 Stream Independence: Http2Transport does not support stream 474 independence, as HTTP/2 inherently has head of line blocking. 476 Partial Reliability: Http2Transport does not support partial 477 reliability, as HTTP/2 retransmits any lost data. This means that 478 any datagrams sent via Http2Transport will be retransmitted 479 regardless of the preference of the application. The receiver is 480 permitted to drop them, however, if it is unable to buffer them. 482 Pooling Support: Http2Transport supports pooling, as multiple 483 transports using Http2Transport may share the same underlying 484 HTTP/2 connection and therefore share a congestion controller and 485 other transport context. 487 Connection Mobility: Http2Transport does not support connection 488 mobility, unless an underlying transport protocol that supports 489 multipath or migration, such as MPTCP [RFC7540], is used 490 underneath HTTP/2 and TLS. Without such support, Http2Transport 491 connections cannot survive network transitions. 493 7. Security Considerations 495 WebTransport over HTTP/2 satisfies all of the security requirements 496 imposed by [OVERVIEW] on WebTransport protocols, thus providing a 497 secure framework for client-server communication in cases when the 498 client is potentially untrusted. 500 WebTransport over HTTP/2 requires explicit opt-in through the use of 501 HTTP SETTINGS; this avoids potential protocol confusion attacks by 502 ensuring the HTTP/2 server explicitly supports it. It also requires 503 the use of the Origin header, providing the server with the ability 504 to deny access to Web-based clients that do not originate from a 505 trusted origin. 507 Just like HTTP traffic going over HTTP/2, WebTransport pools traffic 508 to different origins within a single connection. Different origins 509 imply different trust domains, meaning that the implementations have 510 to treat each transport as potentially hostile towards others on the 511 same connection. One potential attack is a resource exhaustion 512 attack: since all of the transports share both congestion control and 513 flow control context, a single client aggressively using up those 514 resources can cause other transports to stall. The user agent thus 515 SHOULD implement a fairness scheme that ensures that each transport 516 within connection gets a reasonable share of controlled resources; 517 this applies both to sending data and to opening new streams. 519 8. IANA Considerations 521 8.1. HTTP/2 SETTINGS Parameter Registration 523 The following entry is added to the "HTTP/2 Settings" registry 524 established by [RFC7540]: 526 The "SETTINGS_ENABLE_WEBTRANSPORT" parameter indicates that the 527 specified HTTP/2 connection is WebTransport-capable. 529 Setting Name: ENABLE_WEBTRANSPORT 531 Value: 0x2b603742 533 Default: 0 535 Specification: This document 537 8.2. Frame Type Registration 539 The following entries are added to the "HTTP/2 Frame Type" registry 540 established by [RFC7540]: 542 The "WT_STREAM" frame allows HTTP/2 client- and server-initiated 543 unidirectional and bidirectional streams to be used by WebTransport: 545 Code: 0xTBD 547 Frame Type: WEBTRANSPORT_STREAM 549 Specification: This document 551 The "WT_RST_STREAM" frame allows HTTP/2 WebTransport streams to be 552 unidirectionally reset for writing: 554 Code: 0xTBD 556 Frame Type: WEBTRANSPORT_RST_STREAM 558 Specification: This document 559 The "WT_STOP_SENDING" frame allows HTTP/2 WebTransport streams to be 560 unidirectionally reset for reading: 562 Code: 0xTBD 564 Frame Type: WEBTRANSPORT_STOP_SENDING 566 Specification: This document 568 The "WT_DATAGRAM" frame allows HTTP/2 client and server to exchange 569 datagrams used by WebTransport: 571 Code: 0xTBD 573 Frame Type: WEBTRANSPORT_DATAGRAM 575 Specification: This document 577 8.3. HTTP/2 Error Code Registry 579 The following entries are added to the "HTTP/2 Error Code" registry 580 that was established by Section 11.2 of [RFC7540]. 582 Name: WT_STREAM_ERROR 584 Code: 0xTBD 586 Description: Invalid use of WT_STREAM frame 588 Specification: _RFC Editor: Please fill in this value with the RFC 589 number for this document_ 591 8.4. Examples 593 An example of negotiating a WebTransport Stream on an HTTP/2 594 connection follows. This example is intended to closely follow the 595 example in Section 5.1 of [RFC8441] to help illustrate the 596 differences defined in this document. 598 [[ From Client ]] [[ From Server ]] 600 SETTINGS 601 SETTINGS_ENABLE_WEBTRANSPORT = 1 603 SETTINGS 604 SETTINGS_ENABLE_WEBTRANSPORT = 1 606 HEADERS + END_HEADERS 607 Stream ID = 3 608 :method = CONNECT 609 :protocol = webtransport 610 :scheme = https 611 :path = / 612 :authority = server.example.com 613 origin: server.example.com 615 HEADERS + END_HEADERS 616 Stream ID = 3 617 :status = 200 619 WT_STREAM 620 Stream ID = 5 621 Session ID = 3 623 DATA 624 Stream ID = 5 625 WebTransport Data 627 DATA + END_STREAM 628 Stream ID = 5 629 WebTransport Data 631 DATA + END_STREAM 632 Stream ID = 5 633 WebTransport Data 635 An example of the server initiating a WebTransport Stream follows. 636 The only difference here is the endpoint that sends the first 637 WT_STREAM frame. 639 [[ From Client ]] [[ From Server ]] 641 SETTINGS 642 SETTINGS_ENABLE_WEBTRANSPORT = 1 644 SETTINGS 645 SETTINGS_ENABLE_WEBTRANSPORT = 1 647 HEADERS + END_HEADERS 648 Stream ID = 3 649 :method = CONNECT 650 :protocol = webtransport 651 :scheme = https 652 :path = / 653 :authority = server.example.com 654 origin: server.example.com 655 HEADERS + END_HEADERS 656 Stream ID = 3 657 :status = 200 659 WT_STREAM 660 Stream ID = 2 661 Session ID = 3 663 DATA 664 Stream ID = 2 665 WebTransport Data 667 DATA + END_STREAM 668 Stream ID = 2 669 WebTransport Data 671 DATA + END_STREAM 672 Stream ID = 2 673 WebTransport Data 675 9. References 677 9.1. Normative References 679 [HTTP] Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP 680 Semantics", Work in Progress, Internet-Draft, draft-ietf- 681 httpbis-semantics-17, 25 July 2021, 682 . 685 [OVERVIEW] Vasiliev, V., "The WebTransport Protocol Framework", Work 686 in Progress, Internet-Draft, draft-ietf-webtrans-overview- 687 02, 28 July 2021, . 690 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 691 Requirement Levels", BCP 14, RFC 2119, 692 DOI 10.17487/RFC2119, March 1997, 693 . 695 [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, 696 DOI 10.17487/RFC6454, December 2011, 697 . 699 [RFC6585] Nottingham, M. and R. Fielding, "Additional HTTP Status 700 Codes", RFC 6585, DOI 10.17487/RFC6585, April 2012, 701 . 703 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 704 Protocol (HTTP/1.1): Message Syntax and Routing", 705 RFC 7230, DOI 10.17487/RFC7230, June 2014, 706 . 708 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 709 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 710 DOI 10.17487/RFC7231, June 2014, 711 . 713 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 714 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 715 DOI 10.17487/RFC7540, May 2015, 716 . 718 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 719 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 720 May 2017, . 722 [RFC8441] McManus, P., "Bootstrapping WebSockets with HTTP/2", 723 RFC 8441, DOI 10.17487/RFC8441, September 2018, 724 . 726 [WEBTRANSPORT-H3] 727 Vasiliev, V., "WebTransport over HTTP/3", Work in 728 Progress, Internet-Draft, draft-ietf-webtrans-http3-01, 19 729 May 2021, . 732 9.2. Informative References 734 [RFC6202] Loreto, S., Saint-Andre, P., Salsano, S., and G. Wilkins, 735 "Known Issues and Best Practices for the Use of Long 736 Polling and Streaming in Bidirectional HTTP", RFC 6202, 737 DOI 10.17487/RFC6202, April 2011, 738 . 740 Acknowledgments 742 Thanks to Anthony Chivetta, Joshua Otto, and Valentin Pistol for 743 their contributions in the design and implementation of this work. 745 Authors' Addresses 747 Alan Frindell 748 Facebook Inc. 750 Email: afrind@fb.com 752 Eric Kinnear 753 Apple Inc. 754 One Apple Park Way 755 Cupertino, California 95014, 756 United States of America 758 Email: ekinnear@apple.com 760 Tommy Pauly 761 Apple Inc. 762 One Apple Park Way 763 Cupertino, California 95014, 764 United States of America 766 Email: tpauly@apple.com 768 Victor Vasiliev 769 Google 771 Email: vasilvv@google.com 773 Guowu Xie 774 Facebook Inc. 776 Email: woo@fb.com