From 2448fae23b44f4ece1af13b86846a8157baf948b Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 12:03:18 -0500 Subject: [PATCH 01/13] Expert Reviewers gonna do... --- draft-ietf-quic-http.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 79316d7523..937c7552d0 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -2052,7 +2052,8 @@ While this registry is separate from the "HTTP/2 Frame Type" registry defined in {{?HTTP2}}, it is preferable that the assignments parallel each other where the code spaces overlap. If an entry is present in only one registry, every effort SHOULD be made to avoid assigning the corresponding value to an unrelated -operation. +operation. Expert reviewers MAY reject unrelated registrations which would +conflict with the same value in the corresponding registry. In addition to common fields as described in {{iana-policy}}, permanent registrations in this registry MUST include the following field: @@ -2099,7 +2100,9 @@ using Standards Action or IESG Approval as defined in Section 4.9 and 4.10 of While this registry is separate from the "HTTP/2 Settings" registry defined in {{?HTTP2}}, it is preferable that the assignments parallel each other. If an entry is present in only one registry, every effort SHOULD be made to avoid -assigning the corresponding value to an unrelated operation. +assigning the corresponding value to an unrelated operation. Expert reviewers +MAY reject unrelated registrations which would conflict with the same value in +the corresponding registry. In addition to common fields as described in {{iana-policy}}, permanent registrations in this registry MUST include the following fields: @@ -2138,11 +2141,12 @@ values between 0x00 and 0x3f (in hexadecimal; inclusive), which are assigned using Standards Action or IESG Approval as defined in Section 4.9 and 4.10 of {{!RFC8126}}. -Registrations for error codes are required to include a description of the -error code. An expert reviewer is advised to examine new registrations for -possible duplication with existing error codes. Use of existing -registrations is to be encouraged, but not mandated. Use of values that -are registered in the "HTTP/2 Error Code" registry is discouraged. +Registrations for error codes are required to include a description of the error +code. An expert reviewer is advised to examine new registrations for possible +duplication with existing error codes. Use of existing registrations is to be +encouraged, but not mandated. Use of values that are registered in the "HTTP/2 +Error Code" registry is discouraged, and expert reviewers MAY reject such +registrations. In addition to common fields as described in {{iana-policy}}, this registry includes two additional fields. Permanent registrations in this registry MUST From 9e186b523a405aeee9ea95f37df16bb05f20c81e Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 12:08:23 -0500 Subject: [PATCH 02/13] Insert reliance in intro --- draft-ietf-quic-http.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 937c7552d0..75e8e05049 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -137,11 +137,13 @@ transport layer, offering comparable confidentiality and integrity to running TLS over TCP, with the improved connection setup latency of TCP Fast Open ({{?TFO=RFC7413}}). -This document defines a mapping of HTTP semantics over the QUIC transport -protocol, drawing heavily on the design of HTTP/2. While delegating stream -lifetime and flow control issues to QUIC, a similar binary framing is used on -each stream. Some HTTP/2 features are subsumed by QUIC, while other features are -implemented atop QUIC. +This document defines HTTP/3, a mapping of HTTP semantics over the QUIC +transport protocol, drawing heavily on the design of HTTP/2. HTTP/3 relies on +QUIC to provide confidentiality and integrity protection of data; peer +authentication; and reliable, in-order, per-stream delivery. While delegating +stream lifetime and flow control issues to QUIC, a similar binary framing is +used on each stream. Some HTTP/2 features are subsumed by QUIC, while other +features are implemented atop QUIC. QUIC is described in {{QUIC-TRANSPORT}}. For a full description of HTTP/2, see {{?HTTP2}}. From 06933d0eacdb22d636cc71f4bc7211118a9dd433 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 12:12:02 -0500 Subject: [PATCH 03/13] Control streams need flow control credit --- draft-ietf-quic-http.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 75e8e05049..8b9912443e 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1150,6 +1150,10 @@ control stream is closed at any point, this MUST be treated as a connection error of type H3_CLOSED_CRITICAL_STREAM. Connection errors are described in {{errors}}. +Because the contents of the control stream are used to manage the behavior of +other streams, endpoints SHOULD provide enough flow control credit to keep the +peer's control stream from becoming blocked. + A pair of unidirectional streams is used rather than a single bidirectional stream. This allows either peer to send data as soon as it is able. Depending on whether 0-RTT is enabled on the QUIC connection, either client or server From 866bcbc39be403a12f3dfa049a214f8dc251ef4f Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 12:16:53 -0500 Subject: [PATCH 04/13] Note flow control difference in HTTP/2 appendix --- draft-ietf-quic-http.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 8b9912443e..b43854e0c8 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -2266,6 +2266,10 @@ of time. HTTP/3 servers might choose to permit a larger number of concurrent client-initiated bidirectional streams to achieve equivalent concurrency to HTTP/2, depending on the expected usage patterns. +In HTTP/2, only request and response bodies (DATA frames) are subject to flow +control. All HTTP/3 frames are sent on QUIC streams, so all frames on all +streams are flow-controlled in HTTP/3. + Due to the presence of other unidirectional stream types, HTTP/3 does not rely exclusively on the number of concurrent unidirectional streams to control the number of concurrent in-flight pushes. Instead, HTTP/3 clients use the From d409146c4a064a3405a8f197c7aa3e064e592551 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 14:03:10 -0500 Subject: [PATCH 05/13] CONNECT precautions --- draft-ietf-quic-http.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index b43854e0c8..b77ab589d8 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -802,6 +802,10 @@ QUIC connection, it MUST close the TCP connection. If the underlying TCP implementation permits it, the proxy SHOULD send a TCP segment with the RST bit set. +Since CONNECT creates a tunnel to an arbitrary server, proxies that support +CONNECT SHOULD restrict its use to a set of known ports or a list of safe +request targets; see Section 9.3.6 of {{!SEMANTICS}} for more detail. + ## HTTP Upgrade HTTP/3 does not support the HTTP Upgrade mechanism (Section 7.8 of @@ -1903,13 +1907,13 @@ A client can discard responses that it cannot process. ### CONNECT Issues -The CONNECT method can be used to create disproportionate load on a proxy, -since stream creation is relatively inexpensive when compared to the creation -and maintenance of a TCP connection. A proxy might also maintain some resources -for a TCP connection beyond the closing of the stream that carries the CONNECT +The CONNECT method can be used to create disproportionate load on a proxy, since +stream creation is relatively inexpensive when compared to the creation and +maintenance of a TCP connection. A proxy might also maintain some resources for +a TCP connection beyond the closing of the stream that carries the CONNECT request, since the outgoing TCP connection remains in the TIME_WAIT state. -Therefore, a proxy cannot rely on QUIC stream limits alone to control the -resources consumed by CONNECT requests. +Therefore, a proxy might delay increasing the QUIC stream limits to account for +the resources consumed by CONNECT requests. ## Use of Compression From 18e41b5ddf05df7409697fb1edfbebec83d1ffc4 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 14:47:00 -0500 Subject: [PATCH 06/13] 8470 applied to QUIC --- draft-ietf-quic-http.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index b77ab589d8..b0585f1ee6 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1985,7 +1985,9 @@ contains. The use of 0-RTT with HTTP/3 creates an exposure to replay attack. The anti-replay mitigations in {{!HTTP-REPLAY=RFC8470}} MUST be applied when using -HTTP/3 with 0-RTT. +HTTP/3 with 0-RTT. When applying {{!HTTP-REPLAY}} to HTTP/3, references to the +TLS layer refer to the handshake performed within QUIC, while all references to +application data refer to the contents of streams. ## Migration From 774c56ef9ebdd396b75f7f61604363154b4532bb Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 15:04:15 -0500 Subject: [PATCH 07/13] Reserve 0x0 --- draft-ietf-quic-http.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index b0585f1ee6..e703fab64b 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -2131,6 +2131,7 @@ The entries in {{iana-setting-table}} are registered by this document. | ---------------------------- | ------ | ------------------------- | --------- | | Setting Name | Value | Specification | Default | | ---------------------------- | :----: | ------------------------- | --------- | +| Reserved | 0x0 | N/A | N/A | | Reserved | 0x2 | N/A | N/A | | Reserved | 0x3 | N/A | N/A | | Reserved | 0x4 | N/A | N/A | From 937c542552b6233a2c054232fda4a5fc656e0f1e Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 15:07:03 -0500 Subject: [PATCH 08/13] ALTSVC informative --- draft-ietf-quic-http.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index e703fab64b..40a78f66fb 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -330,9 +330,9 @@ default port associated with the scheme. ### HTTP Alternative Services {#alt-svc} -An HTTP origin advertises the availability of an equivalent HTTP/3 endpoint via -the Alt-Svc HTTP response header field or the HTTP/2 ALTSVC frame ({{!ALTSVC}}), -using the "h3" ALPN token. +An HTTP origin can advertise the availability of an equivalent HTTP/3 endpoint +via the Alt-Svc HTTP response header field or the HTTP/2 ALTSVC frame +({{?ALTSVC}}), using the "h3" ALPN token. For example, an origin could indicate in an HTTP response that HTTP/3 was available on UDP port 50781 at the same hostname by including the following @@ -354,7 +354,7 @@ associates authority with the ability to receive TCP connections on the indicated port of whatever host is identified within the authority component. Because HTTP/3 does not use TCP, HTTP/3 cannot be used for direct access to the authoritative server for a resource identified by an "http" URI. However, -protocol extensions such as {{!ALTSVC=RFC7838}} permit the authoritative server +protocol extensions such as {{?ALTSVC=RFC7838}} permit the authoritative server to identify other services that are also authoritative and that might be reachable over HTTP/3. @@ -399,7 +399,7 @@ server closes the connection. Once a connection exists to a server endpoint, this connection MAY be reused for requests with multiple different URI authority components. Clients SHOULD NOT open more than one HTTP/3 connection to a given host and port pair, where the -host is derived from a URI, a selected alternative service ({{!ALTSVC}}), or a +host is derived from a URI, a selected alternative service ({{?ALTSVC}}), or a configured proxy. A client MAY open multiple HTTP/3 connections to the same IP address and UDP port using different transport or TLS configurations but SHOULD avoid creating multiple connections with the same configuration. From 9de2d52ebef4c73ba55c82e3fa012b5f9297a16f Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 15:10:38 -0500 Subject: [PATCH 09/13] Setting values in Appendix --- draft-ietf-quic-http.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 40a78f66fb..cc0d0e468e 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -2423,33 +2423,33 @@ settings are reserved, and their receipt is an error. See Below is a listing of how each HTTP/2 SETTINGS parameter is mapped: -SETTINGS_HEADER_TABLE_SIZE: +SETTINGS_HEADER_TABLE_SIZE (0x1): : See [QPACK]. -SETTINGS_ENABLE_PUSH: +SETTINGS_ENABLE_PUSH (0x2): : This is removed in favor of the MAX_PUSH_ID frame, which provides a more granular control over server push. Specifying a setting with the identifier 0x2 (corresponding to the SETTINGS_ENABLE_PUSH parameter) in the HTTP/3 SETTINGS frame is an error. -SETTINGS_MAX_CONCURRENT_STREAMS: +SETTINGS_MAX_CONCURRENT_STREAMS (0x3): : QUIC controls the largest open Stream ID as part of its flow control logic. Specifying a setting with the identifier 0x3 (corresponding to the SETTINGS_MAX_CONCURRENT_STREAMS parameter) in the HTTP/3 SETTINGS frame is an error. -SETTINGS_INITIAL_WINDOW_SIZE: +SETTINGS_INITIAL_WINDOW_SIZE (0x4): : QUIC requires both stream and connection flow control window sizes to be specified in the initial transport handshake. Specifying a setting with the identifier 0x4 (corresponding to the SETTINGS_INITIAL_WINDOW_SIZE parameter) in the HTTP/3 SETTINGS frame is an error. -SETTINGS_MAX_FRAME_SIZE: +SETTINGS_MAX_FRAME_SIZE (0x5): : This setting has no equivalent in HTTP/3. Specifying a setting with the identifier 0x5 (corresponding to the SETTINGS_MAX_FRAME_SIZE parameter) in the HTTP/3 SETTINGS frame is an error. -SETTINGS_MAX_HEADER_LIST_SIZE: +SETTINGS_MAX_HEADER_LIST_SIZE (0x6): : This setting identifier has been renamed SETTINGS_MAX_FIELD_SECTION_SIZE. In HTTP/3, setting values are variable-length integers (6, 14, 30, or 62 bits From cc0bec66bed34e7097a92e6d52457bf571870f80 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 22 Jan 2021 15:27:26 -0500 Subject: [PATCH 10/13] Abort reading, not discard --- draft-ietf-quic-http.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index cc0d0e468e..299c0dc7b1 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -582,6 +582,8 @@ The following pseudo-header fields are defined for requests: gateway can translate requests for non-HTTP schemes, enabling the use of HTTP to interact with non-HTTP services. + : See {{other-schemes}} for guidance on using a scheme other than "https". + ":authority": : Contains the authority portion of the target URI (Section 3.2 of @@ -1767,13 +1769,13 @@ managing these extension points: frame types ({{iana-frames}}), settings ({{iana-stream-types}}). Implementations MUST ignore unknown or unsupported values in all extensible -protocol elements. Implementations MUST discard frames and unidirectional -streams that have unknown or unsupported types. This means that any of these -extension points can be safely used by extensions without prior arrangement or -negotiation. However, where a known frame type is required to be in a specific -location, such as the SETTINGS frame as the first frame of the control stream -(see {{control-streams}}), an unknown frame type does not satisfy that -requirement and SHOULD be treated as an error. +protocol elements. Implementations MUST discard frames and abort reading on +unidirectional streams that have unknown or unsupported types. This means that +any of these extension points can be safely used by extensions without prior +arrangement or negotiation. However, where a known frame type is required to be +in a specific location, such as the SETTINGS frame as the first frame of the +control stream (see {{control-streams}}), an unknown frame type does not satisfy +that requirement and SHOULD be treated as an error. Extensions that could change the semantics of existing protocol components MUST be negotiated before being used. For example, an extension that changes the From d2cc6824b14d227bd52caa18fc6299637f05ff1c Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Tue, 26 Jan 2021 10:28:23 -0500 Subject: [PATCH 11/13] Apply suggestions from code review Co-authored-by: Martin Thomson --- draft-ietf-quic-http.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index fa832e5002..579a2211f3 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -2286,7 +2286,7 @@ of time. HTTP/3 servers might choose to permit a larger number of concurrent client-initiated bidirectional streams to achieve equivalent concurrency to HTTP/2, depending on the expected usage patterns. -In HTTP/2, only request and response bodies (DATA frames) are subject to flow +In HTTP/2, only request and response bodies (the frame payload of DATA frames) are subject to flow control. All HTTP/3 frames are sent on QUIC streams, so all frames on all streams are flow-controlled in HTTP/3. From 3c60c7ef174f7a903c06d15c3654c8130a0b8485 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Tue, 26 Jan 2021 10:33:23 -0500 Subject: [PATCH 12/13] More conservative about resources --- draft-ietf-quic-http.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 579a2211f3..86a1606ff9 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1925,8 +1925,9 @@ stream creation is relatively inexpensive when compared to the creation and maintenance of a TCP connection. A proxy might also maintain some resources for a TCP connection beyond the closing of the stream that carries the CONNECT request, since the outgoing TCP connection remains in the TIME_WAIT state. -Therefore, a proxy might delay increasing the QUIC stream limits to account for -the resources consumed by CONNECT requests. +Therefore, a proxy that supports CONNECT might be more conservative in the +number of simultaneous requests it accepts or might delay increasing the QUIC +stream limits after a TCP connection terminates. ## Use of Compression @@ -2286,9 +2287,9 @@ of time. HTTP/3 servers might choose to permit a larger number of concurrent client-initiated bidirectional streams to achieve equivalent concurrency to HTTP/2, depending on the expected usage patterns. -In HTTP/2, only request and response bodies (the frame payload of DATA frames) are subject to flow -control. All HTTP/3 frames are sent on QUIC streams, so all frames on all -streams are flow-controlled in HTTP/3. +In HTTP/2, only request and response bodies (the frame payload of DATA frames) +are subject to flow control. All HTTP/3 frames are sent on QUIC streams, so all +frames on all streams are flow-controlled in HTTP/3. Due to the presence of other unidirectional stream types, HTTP/3 does not rely exclusively on the number of concurrent unidirectional streams to control the From c04b41398c88f676190b6ecb63285dbb694336b6 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Tue, 26 Jan 2021 18:09:10 -0500 Subject: [PATCH 13/13] Split CONNECT paragraph --- draft-ietf-quic-http.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 86a1606ff9..eaea303c7b 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1922,12 +1922,14 @@ A client can discard responses that it cannot process. The CONNECT method can be used to create disproportionate load on a proxy, since stream creation is relatively inexpensive when compared to the creation and -maintenance of a TCP connection. A proxy might also maintain some resources for -a TCP connection beyond the closing of the stream that carries the CONNECT -request, since the outgoing TCP connection remains in the TIME_WAIT state. -Therefore, a proxy that supports CONNECT might be more conservative in the -number of simultaneous requests it accepts or might delay increasing the QUIC -stream limits after a TCP connection terminates. +maintenance of a TCP connection. Therefore, a proxy that supports CONNECT might +be more conservative in the number of simultaneous requests it accepts. + +A proxy might also maintain some resources for a TCP connection beyond the +closing of the stream that carries the CONNECT request, since the outgoing TCP +connection remains in the TIME_WAIT state. To account for this, a proxy might +delay increasing the QUIC stream limits for some time after a TCP connection +terminates. ## Use of Compression