idnits 2.17.1 draft-mcmanus-httpbis-h2-websockets-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC6455]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: o On requests bearing the :protocol pseudo-header, the :authority pseudo-header field is interpreted according to [RFC7540] Section 8.1.2.3 instead of [RFC7540] Section 8.3. In particular the server MUST not make a new TCP connection to the host and port indicated by the :authority. -- The document date (October 15, 2017) is 2378 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC7231' is defined on line 284, but no explicit reference was found in the text ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. McManus 3 Internet-Draft Mozilla 4 Intended status: Standards Track October 15, 2017 5 Expires: April 18, 2018 7 Bootstrapping WebSockets with HTTP/2 8 draft-mcmanus-httpbis-h2-websockets-00 10 Abstract 12 This document defines a mechanism for running the WebSocket Protocol 13 [RFC6455] over a single stream of an HTTP/2 connection. 15 Status of This Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at https://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on April 18, 2018. 32 Copyright Notice 34 Copyright (c) 2017 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (https://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 3. The ENABLE_CONNECT_PROTOCOL SETTINGS Parameter . . . . . . . 3 52 4. The Extended CONNECT Method . . . . . . . . . . . . . . . . . 3 53 4.1. Using Extended CONNECT To Bootstrap The WebSocket 54 Protocol . . . . . . . . . . . . . . . . . . . . . . . . 4 55 4.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 5. Design Considerations . . . . . . . . . . . . . . . . . . . . 5 57 6. About Intermediaries . . . . . . . . . . . . . . . . . . . . 6 58 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 59 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 60 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 61 10. Normative References . . . . . . . . . . . . . . . . . . . . 7 62 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 64 1. Introduction 66 The Hypertext Transfer Protocol (HTTP) provides compatible resource 67 level semantics across different versions but it does not offer 68 compatibility at the connection management level. Other protocols, 69 such as WebSockets, that rely on connection management details of 70 HTTP must be updated for new versions of HTTP. 72 The WebSocket Protocol [RFC6455] uses the HTTP/1.1 [RFC7230] Upgrade 73 mechanism to transition a TCP connection from HTTP into a WebSocket 74 connection. A different approach must be taken with HTTP/2 75 [RFC7540]. Due to the multiplexing nature of HTTP/2 it does not 76 allow connection wide header and status codes such as the Upgrade and 77 Connection request headers or the 101 response code. These are all 78 required by the [RFC6455] connection establishment process. 80 A server offering both HTTP/1.1 and WebSocket services can do so from 81 the same instance and same port although they require separate TCP 82 connections. Moving a server to HTTP/2 and WebSocket services 83 requires a separate port and protocol stack for the sole purpose of 84 bootstrapping WebSockets. This is a significant administrative 85 burden and may not even be possible in the case of large amounts of 86 deployed markup pointing at the old single name and port. Being able 87 to bootstrap WebSockets from HTTP/2 allows one server, one port, and 88 one TCP connection to be shared by both protocols. 90 This document extends the HTTP/2 CONNECT method. The extension 91 allows the substitution of a new protocol name to connect to rather 92 than the external host normally used by CONNECT. The result is a 93 tunnel on a single HTTP/2 stream that can carry data for WebSockets 94 (or any other protocol) while the other streams on the connection 95 continue to carry HTTP/2 data. 97 Streams that have been successfully established as protocol tunnels 98 proceed to establish and utilize the WebSocket Protocol using the 99 procedure defined by [RFC6455] treating the stream as if were the 100 connection in that specification. 102 This tunneled stream will be multiplexed with other regular streams 103 on the connection and enjoys the normal priority, cancellation, and 104 flow control features of HTTP/2. 106 2. Terminology 108 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 109 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 110 and "OPTIONAL" are to be interpreted as described in BCP 14, 111 [RFC2119]. 113 3. The ENABLE_CONNECT_PROTOCOL SETTINGS Parameter 115 This document adds a new SETTINGS Parameter to those defined by 116 [RFC7540] Section 6.5.2. 118 The new parameter is ENABLE_CONNECT_PROTOCOL (type = 0x8). The value 119 of the parameter MUST be 0 or 1. 121 Upon receipt of ENABLE_CONNECT_PROTOCOL with a value of 1 a client 122 MAY use the Extended CONNECT definition of this document when 123 creating new streams. Receipt of this parameter by a server does not 124 have any impact. 126 A sender MUST NOT send a ENABLE_CONNECT_PROTOCOL parameter with the 127 value of 0 after previously sending a value of 1. 129 The use of a SETTINGS Parameter to opt-in to an otherwise 130 incompatible protocol change is a use of "Extending HTTP/2" defined 131 by section 5.5 of [RFC7540]. If a client were to use the provisions 132 of the extended CONNECT method defined in this document without first 133 receiving a ENABLE_CONNECT_PROTOCOL parameter with the value of 1 it 134 would be a protocol violation. 136 4. The Extended CONNECT Method 138 The CONNECT Method of [RFC7540] Section 8.3 is modified in the 139 following ways: 141 o A new pseudo-header :protocol MAY be included on request HEADERS 142 indicating the desired protocol to be spoken on the tunnel created 143 by CONNECT. The pseudo-header is single valued and contains a 144 value from the HTTP Upgrade Token Registry defined by [RFC7230]. 146 o On requests bearing the :protocol pseudo-header, the :scheme and 147 :path pseudo-header fields SHOULD be included. 149 o On requests bearing the :protocol pseudo-header, the :authority 150 pseudo-header field is interpreted according to [RFC7540] 151 Section 8.1.2.3 instead of [RFC7540] Section 8.3. In particular 152 the server MUST not make a new TCP connection to the host and port 153 indicated by the :authority. 155 Upon receiving a CONNECT request bearing the :protocol pseudo-header 156 the server establishes a tunnel to another service of the protocol 157 type indicated by the pseudo-header. This service may or may not be 158 co-located with the server. 160 4.1. Using Extended CONNECT To Bootstrap The WebSocket Protocol 162 The pseudo-header :protocol MUST be included in the CONNECT request 163 and it MUST have a value of websocket to initiate a WebSocket 164 connection on an HTTP/2 stream. 166 Upon successfully establishing a protocol tunnel the client should 167 proceed with The WebSocket Protocol [RFC6455] using the HTTP/2 stream 168 from the CONNECT transaction as if it were the TCP connection in 169 [RFC6455]. Negotiation of WebSocket version and sub-protocols is 170 done unmodified within that stream. 172 4.2. Example 174 [[ From Client ]] [[ From Server ]] 176 SETTINGS 177 ENABLE_CONNECT_PROTOCOL = 1 179 HEADERS + END_HEADERS 180 :method = CONNECT 181 :protocol = websocket 182 :scheme = wss 183 :path = /chat 184 :authority = server.example.com:443 186 HEADERS + END_HEADERS 187 :status = 200 189 DATA 190 GET /chat HTTP/1.1 191 Host: server.example.com 192 Upgrade: websocket 193 Connection: Upgrade 194 Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== 195 Origin: http://example.com 196 Sec-WebSocket-Protocol: chat, superchat 197 Sec-WebSocket-Version: 13 199 DATA 200 HTTP/1.1 101 Plead The Fifth 201 Upgrade: websocket 202 Connection: Upgrade 203 Sec-WebSocket-Accept: 204 s3pPLMBiTxaQ9kYGzzhZRbK+xOo= 205 Sec-WebSocket-Protocol: chat 207 DATA 208 WebSocket Data 210 DATA + END_STREAM 211 WebSocket Data 213 DATA + END_STREAM 214 WebSocket Data 216 5. Design Considerations 218 A more native integration with HTTP/2 is certainly possible with 219 larger additions to HTTP/2. This design was selected to minimize the 220 solution complexity while still addressing the primary concern of not 221 being able to run HTTP/2 and WebSockets on the same port and address. 223 6. About Intermediaries 225 This document does not change how WebSockets interacts with HTTP 226 proxies. If a client wishing to speak WebSockets connects via HTTP/2 227 to a HTTP proxy it should continue to use a traditional (i.e. not 228 with a :protocol pseudo-header) CONNECT to tunnel through that proxy 229 to the WebSocket server via HTTP. 231 The resulting version of HTTP on that tunnel determines whether 232 WebSockets is initiated directly or via a modified CONNECT request 233 described in this document. 235 7. Security Considerations 237 [RFC6455] ensures that non WebSockets clients, especially 238 XMLHttpRequest based clients, cannot make a WebSocket connection. 239 Its primary mechanism for doing that is the use of Sec- prefixed 240 request headers that cannot be created by XMLHttpRequest based 241 clients. This specification addresses that concern in two ways: 243 o The CONNECT method is prohibited from being used by XMLHttpRequest 245 o The use of a pseudo-header is something that is connection 246 specific and HTTP/2 does not ever allow to be created outside of 247 the protocol stack. 249 8. IANA Considerations 251 This document establishes a entry for the HTTP/2 Settings Registry 252 that was established by [RFC7540] Section 11.3 254 Name: ENABLE_CONNECT_PROTOCOL 256 Code: 0x8 258 Initial Value: 0 260 Specification: This document 262 9. Acknowledgments 264 The 2017 HTTP Workshop had a very productive discussion that helped 265 determine the key problem and acceptable level of solution 266 complexity. 268 10. Normative References 270 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 271 Requirement Levels", BCP 14, RFC 2119, 272 DOI 10.17487/RFC2119, March 1997, 273 . 275 [RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol", 276 RFC 6455, DOI 10.17487/RFC6455, December 2011, 277 . 279 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 280 Protocol (HTTP/1.1): Message Syntax and Routing", 281 RFC 7230, DOI 10.17487/RFC7230, June 2014, 282 . 284 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 285 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 286 DOI 10.17487/RFC7231, June 2014, 287 . 289 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 290 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 291 DOI 10.17487/RFC7540, May 2015, 292 . 294 Author's Address 296 Patrick McManus 297 Mozilla 299 Email: mcmanus@ducksong.com