idnits 2.17.1 draft-kazuho-httpbis-priority-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 05, 2019) is 1633 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 855 -- Looks like a reference, but probably isn't: '2' on line 856 == Outdated reference: A later version (-34) exists of draft-ietf-quic-http-23 == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-23 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) == Outdated reference: A later version (-19) exists of draft-ietf-httpbis-header-structure-14 Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTP K. Oku 3 Internet-Draft Fastly 4 Intended status: Standards Track L. Pardue 5 Expires: May 8, 2020 Cloudflare 6 November 05, 2019 8 Extensible Prioritization Scheme for HTTP 9 draft-kazuho-httpbis-priority-03 11 Abstract 13 This document describes a scheme for prioritizing HTTP responses. 14 This scheme expresses the priority of each HTTP response using 15 absolute values, rather than as a relative relationship between a 16 group of HTTP responses. 18 This document defines the Priority header field for communicating the 19 initial priority in an HTTP version-independent manner, as well as 20 HTTP/2 and HTTP/3 frames for reprioritizing the responses. These 21 share a common format structure that is designed to provide future 22 extensibility. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on May 8, 2020. 41 Copyright Notice 43 Copyright (c) 2019 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 60 2. Motivation for Replacing HTTP/2 Priorities . . . . . . . . . 4 61 3. Negotiating Priorities . . . . . . . . . . . . . . . . . . . 5 62 3.1. The SETTINGS_PRIORITIES SETTINGS Parameter . . . . . . . 5 63 3.2. Defined Prioritization Scheme Values . . . . . . . . . . 6 64 3.2.1. H2_TREE . . . . . . . . . . . . . . . . . . . . . . . 6 65 3.2.2. URGENCY . . . . . . . . . . . . . . . . . . . . . . . 7 66 4. The Priority HTTP Header Field . . . . . . . . . . . . . . . 7 67 4.1. urgency . . . . . . . . . . . . . . . . . . . . . . . . . 7 68 4.1.1. prerequisite . . . . . . . . . . . . . . . . . . . . 8 69 4.1.2. default . . . . . . . . . . . . . . . . . . . . . . . 8 70 4.1.3. supplementary . . . . . . . . . . . . . . . . . . . . 8 71 4.1.4. background . . . . . . . . . . . . . . . . . . . . . 9 72 4.2. progressive . . . . . . . . . . . . . . . . . . . . . . . 9 73 5. Reprioritization . . . . . . . . . . . . . . . . . . . . . . 10 74 5.1. HTTP/2 PRIORITY_UPDATE Frame . . . . . . . . . . . . . . 11 75 5.2. HTTP/3 PRIORITY_UPDATE Frame . . . . . . . . . . . . . . 11 76 6. Merging Client- and Server-Driven Parameters . . . . . . . . 12 77 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 78 7.1. Fairness and Coalescing Intermediaries . . . . . . . . . 13 79 8. Considerations . . . . . . . . . . . . . . . . . . . . . . . 14 80 8.1. Why use an End-to-End Header Field? . . . . . . . . . . . 14 81 8.2. Why do Urgencies Have Meanings? . . . . . . . . . . . . . 14 82 8.3. Can an Intermediary Send its own Signal? . . . . . . . . 15 83 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 84 9.1. HTTP Prioritization Scheme Registry . . . . . . . . . . . 16 85 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 86 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 87 10.2. Informative References . . . . . . . . . . . . . . . . . 18 88 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 18 89 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 19 90 B.1. Since draft-kazuho-httpbis-priority-02 . . . . . . . . . 19 91 B.2. Since draft-kazuho-httpbis-priority-01 . . . . . . . . . 19 92 B.3. Since draft-kazuho-httpbis-priority-00 . . . . . . . . . 19 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 95 1. Introduction 97 It is common for an HTTP ([RFC7230]) resource representation to have 98 relationships to one or more other resources. Clients will often 99 discover these relationships while processing a retrieved 100 representation, leading to further retrieval requests. Meanwhile, 101 the nature of the relationship determines whether the client is 102 blocked from continuing to process locally available resources. For 103 example, visual rendering of an HTML document could be blocked by the 104 retrieval of a CSS file that the document refers to. In contrast, 105 inline images do not block rendering and get drawn progressively as 106 the chunks of the images arrive. 108 To provide meaningful representation of a document at the earliest 109 moment, it is important for an HTTP server to prioritize the HTTP 110 responses, or the chunks of those HTTP responses, that it sends. 112 HTTP/2 ([RFC7540]) provides such a prioritization scheme. A client 113 sends a series of PRIORITY frames to communicate to the server a 114 "priority tree"; this represents the client's preferred ordering and 115 weighted distribution of the bandwidth among the HTTP responses. 116 However, the design and implementation of this scheme has been 117 observed to have shortcomings, explained in Section 2. 119 This document defines the Priority HTTP header field that can be used 120 by both client and server to specify the precedence of HTTP responses 121 in a standardized, extensible, protocol-version-independent, end-to- 122 end format. Along with the protocol-version-specific frame for 123 reprioritization, this prioritization scheme acts as a substitute for 124 the original prioritization scheme of HTTP/2. 126 1.1. Notational Conventions 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 130 document are to be interpreted as described in [RFC2119]. 132 The terms sh-token and sh-boolean are imported from 133 [STRUCTURED-HEADERS]. 135 Example HTTP requests and responses use the HTTP/2-style formatting 136 from [RFC7540]. 138 This document uses the variable-length integer encoding from 139 [I-D.ietf-quic-transport]. 141 2. Motivation for Replacing HTTP/2 Priorities 143 An important feature of any implementation of a protocol that 144 provides multiplexing is the ability to prioritize the sending of 145 information. This was an important realization in the design of 146 HTTP/2. Prioritization is a difficult problem, so it will always be 147 suboptimal, particularly if one endpoint operates in ignorance of the 148 needs of its peer. 150 HTTP/2 introduced a complex prioritization signaling scheme that used 151 a combination of dependencies and weights, formed into an unbalanced 152 tree. This scheme has suffered from poor deployment and 153 interoperability. 155 The rich flexibility of client-driven HTTP/2 prioritization tree 156 building is rarely exercised; experience shows that clients either 157 choose a single model optimized for a web use case (and don't vary 158 it) or do nothing at all. But every client builds their 159 prioritization tree in a different way, which makes it difficult for 160 servers to understand their intent and act or intervene accordingly. 162 Many HTTP/2 server implementations do not include support for the 163 priority scheme, some favoring instead bespoke server-driven schemes 164 based on heuristics and other hints, like the content type of 165 resources and the order in which requests arrive. For example, a 166 server, with knowledge of the document structure, might want to 167 prioritize the delivery of images that are critical to user 168 experience above other images, but below the CSS files. Since client 169 trees vary, it is impossible for the server to determine how such 170 images should be prioritized against other responses. 172 The HTTP/2 scheme allows intermediaries to coalesce multiple client 173 trees into a single tree that is used for a single upstream HTTP/2 174 connection. However, most intermediaries do not support this. The 175 scheme does not define a method that can be used by a server to 176 express the priority of a response. Without such a method, 177 intermediaries cannot coordinate client-driven and server-driven 178 priorities. 180 HTTP/2 describes denial-of-service considerations for 181 implementations. On 2019-08-13 Netflix issued an advisory notice 182 about the discovery of several resource exhaustion vectors affecting 183 multiple HTTP/2 implementations. One attack, CVE-2019-9513 aka 184 "Resource Loop", is based on manipulation of the priority tree. 186 The HTTP/2 scheme depends on in-order delivery of signals, leading to 187 challenges in porting the scheme to protocols that do not provide 188 global ordering. For example, the scheme cannot be used in HTTP/3 189 [I-D.ietf-quic-http] without changing the signal and its processing. 191 Considering the problems with deployment and adaptability to HTTP/3, 192 retaining the HTTP/2 priority scheme increases the complexity of the 193 entire system without any evidence that the value it provides offsets 194 that complexity. In fact, multiple experiments from independent 195 research have shown that simpler schemes can reach at least 196 equivalent performance characteristics compared to the more complex 197 HTTP/2 setups seen in practice, at least for the web use case. 199 The problems and insights laid out above are motivation for the 200 alternative and more straightforward prioritization scheme presented 201 in this document. In order to support deployment of new schemes, a 202 general-purpose negotiation mechanism is specified in Section 3. 204 3. Negotiating Priorities 206 The document specifies a negotiation mechanism that allows each peer 207 to communicate which, if any, priority schemes are supported, as well 208 as the server's ranked preference. 210 For both HTTP/2 and HTTP/3, either peer's SETTINGS may arrive first, 211 so any negotiation must be unilateral and not rely upon receiving the 212 peer's SETTINGS value. 214 Servers are likely to only use one prioritization scheme at once per 215 each connection, and may be unable to change the scheme once 216 established, so the setting MUST be sent prior to the first request 217 if it is ever sent. In HTTP/3, SETTINGS might arrive after the first 218 request even if they are sent first. Therefore, future 219 specifications that define alternative prioritization schemes for 220 HTTP/3 SHOULD define how the server would act when it receives a 221 stream-level priority signal prior to receiving the SETTINGS frame. 223 3.1. The SETTINGS_PRIORITIES SETTINGS Parameter 225 This document defines a new SETTINGS_PRIORITIES parameter (0x9) for 226 HTTP/2 and HTTP/3, which allows both peers to indicate which 227 prioritization schemes they support. The value of this parameter is 228 interpreted in two ways depending on if it is zero or non-zero. 230 If the setting has a value of zero it indicates no support for 231 priorities. If either side sends the parameter with a value of zero, 232 clients SHOULD NOT send hop-by-hop priority signals (e.g., HTTP/2 233 PRIORITY frame) and servers SHOULD NOT make any assumptions based on 234 the presence or lack thereof of such signals. 236 If the value is non-zero, then it is interpreted as an ordered 237 preference list of prioritization schemes represented by 8-bit 238 values. The least significant 8 bits indicate the sender's most 239 preferred priority scheme, the second least significant 8 bits 240 indicate the sender's second choice, and so on. This allows 241 expressing support for 4 schemes in HTTP/2 and 7 in HTTP/3. 243 A sender MUST comply with the following restrictions when 244 constructing a preference list: duplicate 8-bit values (excluding the 245 value 0) MUST NOT be used, and if any byte is 0 then all more 246 significant bytes MUST also be 0. An endpoint that receives a 247 setting in violation of these requirements MUST treat it as a 248 connection error of type PROTOCOL_ERROR for HTTP/2 [RFC7540], or of 249 type H3_SETTINGS_ERROR for HTTP/3 [I-D.ietf-quic-http]. 251 In HTTP/2, the setting SHOULD appear in the first SETTINGS frame and 252 peers MUST NOT process the setting if it is received multiple times 253 in order to avoid changing the agreed upon prioritization scheme. 255 If there is a prioritization scheme supported by both the client and 256 server, then the server's preference order prevails and both peers 257 SHOULD only use the agreed upon priority scheme for the remainder of 258 the session. The server chooses because it is in the best position 259 to know what information from the client is of the most value. 261 Once the negotiation is complete, endpoints MAY stop sending hop-by- 262 hop prioritization signals that were not negotiated in order to 263 conserve bandwidth. However, endpoints SHOULD continue sending end- 264 to-end signals (e.g., the Priority header field), as that might have 265 meaningful effect to other nodes that handle the HTTP message. 267 3.2. Defined Prioritization Scheme Values 269 This document defines two prioritization scheme values for use with 270 the SETTINGS_PRIORITIES setting. 272 3.2.1. H2_TREE 274 This document defines the priority scheme identifier H2_TREE (8-bit 275 value of 1) that indicates support for HTTP/2-style priorities 276 ([RFC7540], Section 5.3). 278 The H2_TREE priority scheme identifier MUST NOT be be sent in an 279 HTTP/3 settings because there is no defined mapping of this scheme. 280 Endpoints MUST treat receipt of H2_TREE as a connection error of type 281 H3_SETTINGS_ERROR. 283 3.2.2. URGENCY 285 This document defines the priority scheme identifier URGENCY (8-bit 286 value of 2) that indicates support for the extensible priority scheme 287 defined in the present document. 289 An intermediary connecting to a backend server SHOULD declare support 290 for the extensible priority scheme when and only when all the 291 requests that are to be sent on that backend connection originates 292 from one client-side connection that has negotiated the use of the 293 extensible priority scheme (see Section 7.1). 295 4. The Priority HTTP Header Field 297 The Priority HTTP header field can appear in requests and responses. 298 A client uses it to specify the priority of the response. A server 299 uses it to inform the client that the priority was overwritten. An 300 intermediary can use the Priority information from client requests 301 and server responses to correct or amend the precedence to suit it 302 (see Section 6). 304 The value of the Priority header field is a Structured Headers 305 Dictionary ([STRUCTURED-HEADERS]). Each dictionary member represents 306 a parameter of the Priority header field. This document defines the 307 "urgency" and "progressive" parameters. Values of these parameters 308 MUST always be present. When any of the defined parameters are 309 omitted, or if the Priority header field is not used, their default 310 values SHOULD be applied. 312 Unknown parameters MUST be ignored. 314 4.1. urgency 316 The "urgency" parameter takes an integer between -1 and 6 as shown 317 below: 319 +-----------------+-------------------------------+ 320 | Urgency | Definition | 321 +-----------------+-------------------------------+ 322 | -1 | prerequisite (Section 4.1.1) | 323 | 0 | default (Section 4.1.2) | 324 | between 1 and 5 | supplementary (Section 4.1.3) | 325 | 6 | background (Section 4.1.4) | 326 +-----------------+-------------------------------+ 328 Table 1: Urgencies 330 The value is encoded as an sh-integer. The default value is zero. 332 A server SHOULD transmit HTTP responses in the order of their urgency 333 values. The lower the value, the higher the precedence. 335 The following example shows a request for a CSS file with the urgency 336 set to "-1": 338 :method = GET 339 :scheme = https 340 :authority = example.net 341 :path = /style.css 342 priority = urgency=-1 344 The definition of the urgencies and their expected use-case are 345 described below. Endpoints SHOULD respect the definition of the 346 values when assigning urgencies. 348 4.1.1. prerequisite 350 The prerequisite urgency (value -1) indicates that the response 351 prevents other responses with an urgency of prerequisite or default 352 from being used. 354 For example, use of an external stylesheet can block a web browser 355 from rendering the HTML. In such case, the stylesheet is given the 356 prerequisite urgency. 358 4.1.2. default 360 The default urgency (value 0) indicates a response that is to be used 361 as it is delivered to the client, but one that does not block other 362 responses from being used. 364 For example, when a user using a web browser navigates to a new HTML 365 document, the request for that HTML is given the default urgency. 366 When that HTML document uses a custom font, the request for that 367 custom font SHOULD also be given the default urgency. This is 368 because the availability of the custom font is likely a precondition 369 for the user to use that portion of the HTML document, which is to be 370 rendered by that font. 372 4.1.3. supplementary 374 The supplementary urgency indicates a response that is helpful to the 375 client using a composition of responses, even though the response 376 itself is not mandatory for using those responses. 378 For example, inline images (i.e., images being fetched and displayed 379 as part of the document) are visually important elements of an HTML 380 document. As such, users will typically not be prevented from using 381 the document, at least to some degree, before any or all of these 382 images are loaded. Display of those images are thus considered to be 383 an improvement for visual clients rather than a prerequisite for all 384 user agents. Therefore, such images will be given the supplementary 385 urgency. 387 Values between 1 and 5 are used to represent this urgency, to provide 388 flexibility to the endpoints for giving some responses more or less 389 precedence than others that belong to the supplementary group. 390 Section 6 explains how these values might be used. 392 Clients SHOULD NOT use values 1 and 5. Servers MAY use these values 393 to prioritize a response above or below other supplementary 394 responses. 396 Clients MAY use values 2 to indicate that a request is given 397 relatively high priority, or 4 to indicate relatively low priority, 398 within the supplementary urgency group. 400 For example, an image certain to be visible at the top of the page, 401 might be assigned a value of 2 instead of 3, as it will have a high 402 visual impact for the user. Conversely, an asynchronously loaded 403 JavaScript file might be assigned an urgency value of 4, as it is 404 less likely to have a visual impact. 406 When none of the considerations above is applicable, the value of 3 407 SHOULD be used. 409 4.1.4. background 411 The background urgency (value 6) is used for responses of which the 412 delivery can be postponed without having an impact on using other 413 responses. 415 As an example, the download of a large file in a web browser would be 416 assigned the background urgency so it would not impact further page 417 loads on the same connection. 419 4.2. progressive 421 The "progressive" parameter takes an sh-boolean as the value that 422 indicates if a response can be processed progressively, i.e. provide 423 some meaningful output as chunks of the response arrive. 425 The default value of the "progressive" parameter is "0". 427 A server SHOULD distribute the bandwidth of a connection between 428 progressive responses that share the same urgency. 430 A server SHOULD transmit non-progressive responses one by one, 431 preferably in the order the requests were generated. Doing so 432 maximizes the chance of the client making progress in using the 433 composition of the HTTP responses at the earliest moment. 435 The following example shows a request for a JPEG file with the 436 urgency parameter set to "3" and the progressive parameter set to 437 "1". 439 :method = GET 440 :scheme = https 441 :authority = example.net 442 :path = /image.jpg 443 priority = urgency=3, progressive=?1 445 5. Reprioritization 447 Once a client sends a request, circumstances might change and mean 448 that it is beneficial to change the priority of the response. As an 449 example, a web browser might issue a prefetch request for a 450 JavaScript file with the urgency parameter of the Priority request 451 header field set to "urgency=6" (background). Then, when the user 452 navigates to a page which references the new JavaScript file, while 453 the prefetch is in progress, the browser would send a 454 reprioritization frame with the priority field value set to 455 "urgency=-1" (prerequisite). 457 However, a client cannot reprioritize a response by using the 458 Priority header field. This is because an HTTP header field can only 459 be sent as part of an HTTP message. Therefore, to support 460 reprioritization, it is necessary to define a HTTP-version-dependent 461 mechanism for transmitting the priority parameters. 463 This document specifies a new PRIORITY_UPDATE frame type for HTTP/2 464 ([RFC7540]) and HTTP/3 ([I-D.ietf-quic-http]) that is specialized for 465 reprioritization. It carries updated priority parameters and 466 references the target of the reprioritization based on a version- 467 specific identifier; in HTTP/2 this is the Stream ID, in HTTP/3 this 468 is either the Stream ID or Push ID. 470 In HTTP/2 and HTTP/3 a request message sent on a stream transitions 471 it into a state that prevents the client from sending additional 472 frames on the stream. Modifying this behavior requires a semantic 473 change to the protocol, this is avoided by restricting the stream on 474 which a PRIORITY_UPDATE frame can be sent. In HTTP/2 the frame is on 475 stream zero and in HTTP/3 it is sent on the control stream 476 ([I-D.ietf-quic-http], Section 6.2.1). 478 5.1. HTTP/2 PRIORITY_UPDATE Frame 480 The HTTP/2 PRIORITY_UPDATE frame (type=0xF) carries the stream ID of 481 the response that is being reprioritized, and the updated priority in 482 ASCII text, using the same representation as that of the Priority 483 header field value. 485 The Stream Identifier field ([RFC7540], Section 4.1) in the 486 PRIORITY_UPDATE frame header MUST be zero (0x0). 488 0 1 2 3 489 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 490 +---------------------------------------------------------------+ 491 |R| Stream ID (31) | 492 +---------------------------------------------------------------+ 493 | Priority Field Value (*) ... 494 +---------------------------------------------------------------+ 496 Figure 1: HTTP/2 PRIORITY_UPDATE Frame Payload 498 TODO: add more description of how to handle things like receiving 499 PRIORITY_UPDATE on wrong stream, a PRIORITY_UPDATE with an invalid 500 ID, etc. 502 5.2. HTTP/3 PRIORITY_UPDATE Frame 504 The HTTP/3 PRIORITY_UPDATE frame (type=0xF) carries the identifier of 505 the element that is being reprioritized, and the updated priority in 506 ASCII text, using the same representation as that of the Priority 507 header field value. 509 The PRIORITY_UPDATE frame MUST be sent on the control stream 510 ([I-D.ietf-quic-http], Section 6.2.1). 512 0 1 2 3 513 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 514 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 515 |T| Empty | Prioritized Element ID (i) ... 516 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 | Priority Field Value (*) ... 518 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 520 Figure 2: HTTP/3 PRIORITY_UPDATE Frame Payload 522 The PRIORITY_UPDATE frame payload has the following fields: 524 T (Prioritized Element Type): A one-bit field indicating the type of 525 element being prioritized. A value of 0 indicates a 526 reprioritization for a Request Stream, so the Prioritized Element 527 ID is interpreted as a Stream ID. A value of 1 indicates a 528 reprioritization for a Push stream, so the Prioritized Element ID 529 is interpreted as a Push ID. 531 Empty: A seven-bit field that has no semantic value. 533 TODO: add more description of how to handle things like receiving 534 PRIORITY_UPDATE on wrong stream, a PRIORITY_UPDATE with an invalid 535 ID, etc. 537 6. Merging Client- and Server-Driven Parameters 539 It is not always the case that the client has the best understanding 540 of how the HTTP responses deserve to be prioritized. For example, 541 use of an HTML document might depend heavily on one of the inline 542 images. Existence of such dependencies is typically best known to 543 the server. 545 By using the "Priority" response header, a server can override the 546 prioritization hints provided by the client. When used, the 547 parameters found in the response header field overrides those 548 specified by the client. 550 For example, when the client sends an HTTP request with 552 :method = GET 553 :scheme = https 554 :authority = example.net 555 :path = /menu.png 556 priority = urgency=3, progressive=?1 558 and the origin responds with 560 :status = 200 561 content-type = image/png 562 priority = urgency=1 564 the intermediary's understanding of the urgency is promoted from "3" 565 to "1", because the server-provided value overrides the value 566 provided by the client. The progressiveness continues to be "1", the 567 value specified by the client, as the server did not specify the 568 "progressive" parameter. 570 7. Security Considerations 572 7.1. Fairness and Coalescing Intermediaries 574 When an intermediary coalesces HTTP requests coming from multiple 575 clients into one HTTP/2 or HTTP/3 connection going to the backend 576 server, requests that originate from one client might have higher 577 precedence than those coming from others. 579 It is sometimes beneficial for the server running behind an 580 intermediary to obey to the value of the Priority header field. As 581 an example, a resource-constrained server might defer the 582 transmission of software update files that would have the background 583 urgency being associated. However, in the worst case, the asymmetry 584 between the precedence declared by multiple clients might cause 585 responses going to one end client to be delayed totally after those 586 going to another. 588 In order to mitigate this fairness problem, when a server responds to 589 a request that is known to have come through an intermediary, the 590 server SHOULD prioritize the response as if it was assigned the 591 priority of "urgency=0, progressive=?1" (i.e. round-robin) regardless 592 of the value of the Priority header field being transmitted, unless 593 the server has the knowledge that no intermediaries are coalescing 594 requests from multiple clients. That can be determined by the 595 settings when the intermediaries support this specification (see 596 Section 3.2.2), or else through configuration. 598 A server can determine if a request came from an intermediary through 599 configuration, or by consulting if that request contains one of the 600 following header fields: 602 o CDN-Loop ([RFC8586]) 604 o Forwarded, X-Forwarded-For ([RFC7239]) 606 o Via ([RFC7230], Section 5.7.1) 608 Responding to requests coming through an intermediary in a round- 609 robin manner works well when the network bottleneck exists between 610 the intermediary and the end client, as the intermediary would be 611 buffering the responses and then be forwarding the chunks of those 612 buffered responses based on the prioritization scheme it implements. 613 A sophisticated server MAY use a weighted round-robin reflecting the 614 urgencies expressed in the requests, so that less urgent responses 615 would receive less bandwidth in case the bottleneck exists between 616 the server and the intermediary. 618 8. Considerations 620 8.1. Why use an End-to-End Header Field? 622 Contrary to the prioritization scheme of HTTP/2 that uses a hop-by- 623 hop frame, the Priority header field is defined as end-to-end. 625 The rationale is that the Priority header field transmits how each 626 response affects the client's processing of those responses, rather 627 than how relatively urgent each response is to others. The way a 628 client processes a response is a property associated to that client 629 generating that request. Not that of an intermediary. Therefore, it 630 is an end-to-end property. How these end-to-end properties carried 631 by the Priority header field affect the prioritization between the 632 responses that share a connection is a hop-by-hop issue. 634 Having the Priority header field defined as end-to-end is important 635 for caching intermediaries. Such intermediaries can cache the value 636 of the Priority header field along with the response, and utilize the 637 value of the cached header field when serving the cached response, 638 only because the header field is defined as end-to-end rather than 639 hop-by-hop. 641 It should also be noted that the use of a header field carrying a 642 textual value makes the prioritization scheme extensible; see the 643 discussion below. 645 8.2. Why do Urgencies Have Meanings? 647 One of the aims of this specification is to define a mechanism for 648 merging client- and server-provided hints for prioritizing the 649 responses. For that to work, each urgency level needs to have a 650 well-defined meaning. As an example, a server can assign the highest 651 precedence among the supplementary responses to an HTTP response 652 carrying an icon, because the meaning of "urgency=1" is shared among 653 the endpoints. 655 This specification restricts itself to defining a minimum set of 656 urgency levels in order to provide sufficient granularity for 657 prioritizing responses for ordinary web browsing, at minimal 658 complexity. 660 However, that does not mean that the prioritization scheme would 661 forever be stuck to the eight levels. The design provides 662 extensibility. If deemed necessary, it would be possible to 663 subdivide any of the eight urgency levels that are currently defined. 664 Or, a graphical user-agent could send a "visible" parameter to 665 indicate if the resource being requested is within the viewport. 667 A server can combine the hints provided in the Priority header field 668 with other information in order to improve the prioritization of 669 responses. For example, a server that receives requests for a font 670 [RFC8081] and images with the same urgency might give higher 671 precedence to the font, so that a visual client can render textual 672 information at an early moment. 674 8.3. Can an Intermediary Send its own Signal? 676 There might be a benefit in recommending a coalescing intermediary to 677 embed its own prioritization hints into the HTTP request that it 678 forwards to the backend server, as otherwise the Priority header 679 field would not be as helpful to the backend (see Section 7.1). 681 One way of achieving that, without dropping the original signal, 682 would be to let the intermediary express its own signal using the 683 Priority header field, at the same time transplanting the original 684 value to a different header field. 686 As an example, when a client sends an HTTP request carrying a 687 priority of "urgency=-1" and the intermediary wants to instead 688 associate "urgency=0; progressive=?1", the intermediary would send a 689 HTTP request that contains to the following two header fields to the 690 backend server: 692 priority = urgency=0; progressive=?1 693 original-priority = urgency=-1 695 9. IANA Considerations 697 This specification registers the following entry in the Permanent 698 Message Header Field Names registry established by [RFC3864]: 700 Header field name: Priority 702 Applicable protocol: http 704 Status: standard 706 Author/change controller: IETF 708 Specification document(s): This document 710 Related information: n/a 712 This specification registers the following entry in the HTTP/2 713 Settings registry established by [RFC7540]: 715 Name: SETTINGS_PRIORITIES 717 Code: 0x9 719 Initial value: 0 721 Specification: This document 723 This specification registers the following entry in the HTTP/2 724 Settings registry established by [I-D.ietf-quic-http]: 726 Name: SETTINGS_PRIORITIES 728 Code: 0x9 730 Initial value: 0 732 Specification: This document 734 This specification registers the following entry in the HTTP/2 Frame 735 Type registry established by [RFC7540]: 737 Frame Type: PRIORITY_UPDATE 739 Code: 0xF 741 Specification: This document 743 This specification registers the following entries in the HTTP/3 744 Frame Type registry established by [I-D.ietf-quic-http]: 746 Frame Type: PRIORITY_UPDATE 748 Code: 0xF 750 Specification: This document 752 9.1. HTTP Prioritization Scheme Registry 754 This document establishes a registry for HTTP prioritization scheme 755 codes to be used in conjunction with the SETTINGS_PRIORITIES 756 parameter. The "HTTP Prioritization Scheme" registry manages an 757 8-bit space. The "HTTP Prioritization Scheme" registry operates 758 under either of the "IETF Review" or "IESG Approval" policies 759 [RFC5226] for values between 0x00 and 0xef, with values between 0xf0 760 and 0xff being reserved for Experimental Use. 762 New entries in this registry require the following information: 764 Prioritization Scheme: A name or label for the prioritization 765 scheme. 767 Code: The 8-bit code assigned to the prioritization scheme. 769 Specification: A reference to a specification that includes a 770 description of the prioritization scheme. 772 The entries in the following table are registered by this document. 774 +-----------------------+------+---------------+ 775 | Prioritization Scheme | Code | Specification | 776 +-----------------------+------+---------------+ 777 | H2_TREE | 1 | Section 3.2.1 | 778 | URGENCY | 2 | Section 3.2.2 | 779 +-----------------------+------+---------------+ 781 10. References 783 10.1. Normative References 785 [I-D.ietf-quic-http] 786 Bishop, M., "Hypertext Transfer Protocol Version 3 787 (HTTP/3)", draft-ietf-quic-http-23 (work in progress), 788 September 2019. 790 [I-D.ietf-quic-transport] 791 Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 792 and Secure Transport", draft-ietf-quic-transport-23 (work 793 in progress), September 2019. 795 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 796 Requirement Levels", BCP 14, RFC 2119, 797 DOI 10.17487/RFC2119, March 1997, 798 . 800 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 801 IANA Considerations Section in RFCs", RFC 5226, 802 DOI 10.17487/RFC5226, May 2008, 803 . 805 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 806 Protocol (HTTP/1.1): Message Syntax and Routing", 807 RFC 7230, DOI 10.17487/RFC7230, June 2014, 808 . 810 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 811 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 812 DOI 10.17487/RFC7540, May 2015, 813 . 815 [STRUCTURED-HEADERS] 816 Nottingham, M. and P. Kamp, "Structured Headers for HTTP", 817 draft-ietf-httpbis-header-structure-14 (work in progress), 818 October 2019. 820 10.2. Informative References 822 [I-D.lassey-priority-setting] 823 Lassey, B. and L. Pardue, "Declaring Support for HTTP/2 824 Priorities", draft-lassey-priority-setting-00 (work in 825 progress), July 2019. 827 [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration 828 Procedures for Message Header Fields", BCP 90, RFC 3864, 829 DOI 10.17487/RFC3864, September 2004, 830 . 832 [RFC7239] Petersson, A. and M. Nilsson, "Forwarded HTTP Extension", 833 RFC 7239, DOI 10.17487/RFC7239, June 2014, 834 . 836 [RFC8081] Lilley, C., "The "font" Top-Level Media Type", RFC 8081, 837 DOI 10.17487/RFC8081, February 2017, 838 . 840 [RFC8586] Ludin, S., Nottingham, M., and N. Sullivan, "Loop 841 Detection in Content Delivery Networks (CDNs)", RFC 8586, 842 DOI 10.17487/RFC8586, April 2019, 843 . 845 10.3. URIs 847 [1] http://tools.ietf.org/agenda/83/slides/slides-83-httpbis-5.pdf 849 [2] https://github.com/pmeenan/http3-prioritization-proposal 851 Appendix A. Acknowledgements 853 Roy Fielding presented the idea of using a header field for 854 representing priorities in http://tools.ietf.org/agenda/83/slides/ 855 slides-83-httpbis-5.pdf [1]. In https://github.com/pmeenan/http3- 856 prioritization-proposal [2], Patrick Meenan advocates for 857 representing the priorities using a tuple of urgency and concurrency. 859 The negotiation scheme described in this document is based on 860 [I-D.lassey-priority-setting], authored by Brad Lassey and Lucas 861 Pardue. 863 The motivation for defining an alternative to HTTP/2 priorities is 864 drawn from discussion within the broad HTTP community. Special 865 thanks to Roberto Peon, Martin Thomson and Netflix for text that was 866 incorporated explicitly in this document. 868 In addition to the people above, this document owes a lot to the 869 extensive discussion in the HTTP priority design team, consisting of 870 Alan Frindell, Andrew Galloni, Craig Taylor, Ian Swett, Kazuho Oku, 871 Lucas Pardue, Matthew Cox, Mike Bishop, Roberto Peon, Robin Marx, Roy 872 Fielding. 874 Appendix B. Change Log 876 B.1. Since draft-kazuho-httpbis-priority-02 878 o Consolidation of the problem statement (#61, #73) 880 o Define SETTINGS_PRIORITIES for negotiation (#58, #69) 882 o Define PRIORITY_UPDATE frame for HTTP/2 and HTTP/3 (#51) 884 o Explain fairness issue and mitigations (#56) 886 B.2. Since draft-kazuho-httpbis-priority-01 888 o Explain how reprioritization might be supported. 890 B.3. Since draft-kazuho-httpbis-priority-00 892 o Expand urgency levels from 3 to 8. 894 Authors' Addresses 896 Kazuho Oku 897 Fastly 899 Email: kazuhooku@gmail.com 901 Lucas Pardue 902 Cloudflare 904 Email: lucaspardue.24.7@gmail.com