| draft-ietf-httpbis-http2bis-03.txt | draft-ietf-httpbis-http2bis-latest.txt | |||
|---|---|---|---|---|
| HTTPbis Working Group M. Thomson, Ed. | HTTPbis Working Group M. Thomson, Ed. | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Obsoletes: 7540, 8740 (if approved) C. Benfield, Ed. | Obsoletes: 7540, 8740 (if approved) C. Benfield, Ed. | |||
| Intended status: Standards Track Apple Inc. | Intended status: Standards Track Apple Inc. | |||
| Expires: January 13, 2022 July 12, 2021 | Expires: January 23, 2022 July 22, 2021 | |||
| Hypertext Transfer Protocol Version 2 (HTTP/2) | Hypertext Transfer Protocol Version 2 (HTTP/2) | |||
| draft-ietf-httpbis-http2bis-latest | draft-ietf-httpbis-http2bis-latest | |||
| Abstract | Abstract | |||
| This specification describes an optimized expression of the semantics | This specification describes an optimized expression of the semantics | |||
| of the Hypertext Transfer Protocol (HTTP), referred to as HTTP | of the Hypertext Transfer Protocol (HTTP), referred to as HTTP | |||
| version 2 (HTTP/2). HTTP/2 enables a more efficient use of network | version 2 (HTTP/2). HTTP/2 enables a more efficient use of network | |||
| resources and a reduced perception of latency by introducing header | resources and a reduced perception of latency by introducing header | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 13, 2022. | This Internet-Draft will expire on January 23, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 67, line 20 ¶ | skipping to change at page 67, line 20 ¶ | |||
| This effectively prevents the use of renegotiation in response to a | This effectively prevents the use of renegotiation in response to a | |||
| request for a specific protected resource. A future specification | request for a specific protected resource. A future specification | |||
| might provide a way to support this use case. Alternatively, a | might provide a way to support this use case. Alternatively, a | |||
| server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to | server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to | |||
| request the client use a protocol that supports renegotiation. | request the client use a protocol that supports renegotiation. | |||
| Implementations MUST support ephemeral key exchange sizes of at least | Implementations MUST support ephemeral key exchange sizes of at least | |||
| 2048 bits for cipher suites that use ephemeral finite field Diffie- | 2048 bits for cipher suites that use ephemeral finite field Diffie- | |||
| Hellman (DHE) [TLS13] and 224 bits for cipher suites that use | Hellman (DHE) [TLS13] and 224 bits for cipher suites that use | |||
| ephemeral elliptic curve Diffie-Hellman (ECDHE) [RFC4492]. Clients | ephemeral elliptic curve Diffie-Hellman (ECDHE) [RFC8422]. Clients | |||
| MUST accept DHE sizes of up to 4096 bits. Endpoints MAY treat | MUST accept DHE sizes of up to 4096 bits. Endpoints MAY treat | |||
| negotiation of key sizes smaller than the lower limits as a | negotiation of key sizes smaller than the lower limits as a | |||
| connection error (Section 5.4.1) of type INADEQUATE_SECURITY. | connection error (Section 5.4.1) of type INADEQUATE_SECURITY. | |||
| 9.2.2. TLS 1.2 Cipher Suites | 9.2.2. TLS 1.2 Cipher Suites | |||
| A deployment of HTTP/2 over TLS 1.2 SHOULD NOT use any of the cipher | A deployment of HTTP/2 over TLS 1.2 SHOULD NOT use any of the cipher | |||
| suites that are listed in the list of prohibited cipher suites | suites that are listed in the list of prohibited cipher suites | |||
| (Appendix A). | (Appendix A). | |||
| skipping to change at page 81, line 7 ¶ | skipping to change at page 81, line 7 ¶ | |||
| [FIPS186] NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-4, | [FIPS186] NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-4, | |||
| FIPS PUB 186-4, July 2013, | FIPS PUB 186-4, July 2013, | |||
| <http://dx.doi.org/10.6028/NIST.FIPS.186-4>. | <http://dx.doi.org/10.6028/NIST.FIPS.186-4>. | |||
| [COOKIE] Barth, A., "HTTP State Management Mechanism", RFC 6265, | [COOKIE] Barth, A., "HTTP State Management Mechanism", RFC 6265, | |||
| RFC 6265, DOI 10.17487/RFC6265, April 2011, | RFC 6265, DOI 10.17487/RFC6265, April 2011, | |||
| <https://www.rfc-editor.org/rfc/rfc6265>. | <https://www.rfc-editor.org/rfc/rfc6265>. | |||
| [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP Semantics", Work in Progress, Internet-Draft, | Ed., "HTTP Semantics", Work in Progress, Internet-Draft, | |||
| draft-ietf-httpbis-semantics-15, Internet-Draft, draft- | draft-ietf-httpbis-semantics-16, Internet-Draft, draft- | |||
| ietf-httpbis-semantics-15, March 30, 2021, | ietf-httpbis-semantics-16, May 27, 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | |||
| semantics-15>. | semantics-16>. | |||
| [CACHE] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [CACHE] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP Caching", Work in Progress, Internet-Draft, | Ed., "HTTP Caching", Work in Progress, Internet-Draft, | |||
| draft-ietf-httpbis-cache-15, Internet-Draft, draft-ietf- | draft-ietf-httpbis-cache-16, Internet-Draft, draft-ietf- | |||
| httpbis-cache-15, March 30, 2021, | httpbis-cache-16, May 27, 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | |||
| cache-15>. | cache-16>. | |||
| [QUIC] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | [QUIC] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | |||
| Multiplexed and Secure Transport", RFC 9000, | Multiplexed and Secure Transport", RFC 9000, | |||
| DOI 10.17487/RFC9000, May 2021, | DOI 10.17487/RFC9000, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc9000>. | <https://www.rfc-editor.org/info/rfc9000>. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | |||
| Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | |||
| DOI 10.17487/RFC7540, RFC 7540, DOI 10.17487/RFC7540, May | DOI 10.17487/RFC7540, RFC 7540, DOI 10.17487/RFC7540, May | |||
| 2015, <https://www.rfc-editor.org/rfc/rfc7540>. | 2015, <https://www.rfc-editor.org/rfc/rfc7540>. | |||
| [RFC8740] Benjamin, D., "Using TLS 1.3 with HTTP/2", RFC 8740, | [RFC8740] Benjamin, D., "Using TLS 1.3 with HTTP/2", RFC 8740, | |||
| DOI 10.17487/RFC8740, RFC 8740, DOI 10.17487/RFC8740, | DOI 10.17487/RFC8740, RFC 8740, DOI 10.17487/RFC8740, | |||
| February 2020, <https://www.rfc-editor.org/rfc/rfc8740>. | February 2020, <https://www.rfc-editor.org/rfc/rfc8740>. | |||
| [HTTP11] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [HTTP11] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP/1.1", Work in Progress, Internet-Draft, draft- | Ed., "HTTP/1.1", Work in Progress, Internet-Draft, draft- | |||
| ietf-httpbis-messaging-15, Internet-Draft, draft-ietf- | ietf-httpbis-messaging-16, Internet-Draft, draft-ietf- | |||
| httpbis-messaging-15, March 30, 2021, | httpbis-messaging-16, May 27, 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | |||
| messaging-15>. | messaging-16>. | |||
| [RFC7323] Borman, D., Braden, B., Jacobson, V., and R. | [RFC7323] Borman, D., Braden, B., Jacobson, V., and R. | |||
| Scheffenegger, Ed., "TCP Extensions for High Performance", | Scheffenegger, Ed., "TCP Extensions for High Performance", | |||
| RFC 7323, RFC 7323, DOI 10.17487/RFC7323, September 2014, | RFC 7323, RFC 7323, DOI 10.17487/RFC7323, September 2014, | |||
| <https://www.rfc-editor.org/rfc/rfc7323>. | <https://www.rfc-editor.org/rfc/rfc7323>. | |||
| [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol | [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol | |||
| Compression Methods", RFC 3749, RFC 3749, | Compression Methods", RFC 3749, RFC 3749, | |||
| DOI 10.17487/RFC3749, May 2004, | DOI 10.17487/RFC3749, May 2004, | |||
| <https://www.rfc-editor.org/rfc/rfc3749>. | <https://www.rfc-editor.org/rfc/rfc3749>. | |||
| [RFC6585] Nottingham, M. and R. Fielding, "Additional HTTP Status | [RFC6585] Nottingham, M. and R. Fielding, "Additional HTTP Status | |||
| Codes", RFC 6585, RFC 6585, DOI 10.17487/RFC6585, April | Codes", RFC 6585, RFC 6585, DOI 10.17487/RFC6585, April | |||
| 2012, <https://www.rfc-editor.org/rfc/rfc6585>. | 2012, <https://www.rfc-editor.org/rfc/rfc6585>. | |||
| [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. | [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic | |||
| Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites | Curve Cryptography (ECC) Cipher Suites for Transport Layer | |||
| for Transport Layer Security (TLS)", RFC 4492, RFC 4492, | Security (TLS) Versions 1.2 and Earlier", RFC 8422, | |||
| DOI 10.17487/RFC4492, May 2006, | RFC 8422, DOI 10.17487/RFC8422, August 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc4492>. | <https://www.rfc-editor.org/rfc/rfc8422>. | |||
| [PRIVACY] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | [PRIVACY] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | |||
| Morris, J., Hansen, M., and R. Smith, "Privacy | Morris, J., Hansen, M., and R. Smith, "Privacy | |||
| Considerations for Internet Protocols", RFC 6973, | Considerations for Internet Protocols", RFC 6973, | |||
| DOI 10.17487/RFC6973, RFC 6973, DOI 10.17487/RFC6973, July | DOI 10.17487/RFC6973, RFC 6973, DOI 10.17487/RFC6973, July | |||
| 2013, <https://www.rfc-editor.org/rfc/rfc6973>. | 2013, <https://www.rfc-editor.org/rfc/rfc6973>. | |||
| [TALKING] Huang, L., Chen, E., Barth, A., Rescorla, E., and C. | [TALKING] Huang, L., Chen, E., Barth, A., Rescorla, E., and C. | |||
| Jackson, "Talking to Yourself for Fun and Profit", 2011, | Jackson, "Talking to Yourself for Fun and Profit", 2011, | |||
| <http://w2spconf.com/2011/papers/websocket.pdf>. | <http://w2spconf.com/2011/papers/websocket.pdf>. | |||
| skipping to change at page 83, line 8 ¶ | skipping to change at page 83, line 8 ¶ | |||
| <https://www.rfc-editor.org/rfc/rfc8499>. | <https://www.rfc-editor.org/rfc/rfc8499>. | |||
| [NFLX-2019-002] | [NFLX-2019-002] | |||
| Netflix, "HTTP/2 Denial of Service Advisory", August 13, | Netflix, "HTTP/2 Denial of Service Advisory", August 13, | |||
| 2019, <https://github.com/Netflix/security- | 2019, <https://github.com/Netflix/security- | |||
| bulletins/blob/master/advisories/third-party/2019-002.md>. | bulletins/blob/master/advisories/third-party/2019-002.md>. | |||
| [I-D.ietf-httpbis-priority] | [I-D.ietf-httpbis-priority] | |||
| Oku, K. and L. Pardue, "Extensible Prioritization Scheme | Oku, K. and L. Pardue, "Extensible Prioritization Scheme | |||
| for HTTP", Work in Progress, Internet-Draft, draft-ietf- | for HTTP", Work in Progress, Internet-Draft, draft-ietf- | |||
| httpbis-priority-03, January 11, 2021, | httpbis-priority-04, July 11, 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis- | |||
| priority-03>. | priority-04>. | |||
| Appendix A. Prohibited TLS 1.2 Cipher Suites | Appendix A. Prohibited TLS 1.2 Cipher Suites | |||
| An HTTP/2 implementation MAY treat the negotiation of any of the | An HTTP/2 implementation MAY treat the negotiation of any of the | |||
| following cipher suites with TLS 1.2 as a connection error | following cipher suites with TLS 1.2 as a connection error | |||
| (Section 5.4.1) of type INADEQUATE_SECURITY: | (Section 5.4.1) of type INADEQUATE_SECURITY: | |||
| o TLS_NULL_WITH_NULL_NULL | o TLS_NULL_WITH_NULL_NULL | |||
| o TLS_RSA_WITH_NULL_MD5 | o TLS_RSA_WITH_NULL_MD5 | |||
| o TLS_RSA_WITH_NULL_SHA | o TLS_RSA_WITH_NULL_SHA | |||
| End of changes. 12 change blocks. | ||||
| 19 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||