draft-ietf-httpbis-immutable-03.txt   draft-ietf-httpbis-immutable-latest.txt 
HTTP Working Group P. McManus HTTP Working Group P. McManus
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Standards Track July 3, 2017 Intended status: Standards Track July 6, 2018
Expires: January 4, 2018 Expires: January 7, 2025
HTTP Immutable Responses HTTP Immutable Responses
draft-ietf-httpbis-immutable-03 draft-ietf-httpbis-immutable-03
Abstract Abstract
The immutable HTTP response Cache-Control extension allows servers to The immutable HTTP response Cache-Control extension allows servers to
identify resources that will not be updated during their freshness identify resources that will not be updated during their freshness
lifetime. This assures that a client never needs to revalidate a lifetime. This ensures that a client never needs to revalidate a
cached fresh resource to be certain it has not been modified. cached fresh resource to be certain it has not been modified.
Note to Readers Note to Readers
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. https://lists.w3.org/Archives/Public/ietf-http-wg/ [1].
Working Group information can be found at http://httpwg.github.io/ Working Group information can be found at http://httpwg.github.io/
[2]; source code and issues list for this draft can be found at [2]; source code and issues list for this draft can be found at
https://github.com/httpwg/http-extensions/labels/immutable [3]. https://github.com/httpwg/http-extensions/labels/immutable [3].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018. This Internet-Draft will expire on January 7, 2025.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Immutable Cache-Control Extension . . . . . . . . . . . . 3
2.1. About Intermediaries . . . . . . . . . . . . . . . . . . 4
2.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Normative References . . . . . . . . . . . . . . . . . . 5
5.2. Informative References . . . . . . . . . . . . . . . . . 5
5.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
HTTP's freshness lifetime mechanism [RFC7234] allows a client to HTTP's freshness lifetime mechanism [RFC7234] allows a client to
safely reuse a stored response to satisfy future requests for a safely reuse a stored response to satisfy future requests for a
specified period of time. However, it is still possible that the specified period of time. However, it is still possible that the
resource will be modified during that period. resource will be modified during that period.
For instance, a front page newspaper photo with a freshness lifetime For instance, a front-page newspaper photo with a freshness lifetime
of one hour would mean that no user would see a cached photo more of one hour would mean that no user would see a cached photo more
than one hour old. However, the photo could be updated at any time than one hour old. However, the photo could be updated at any time,
resulting in different users seeing different photos depending on the resulting in different users seeing different photos depending on the
contents of their caches for up to one hour. This is compliant with contents of their caches for up to one hour. This is compliant with
the caching mechanism defined in [RFC7234]. the caching mechanism defined in [RFC7234].
Users that need to confirm there have been no updates to their cached Users that need to confirm there have been no updates to their cached
responses typically use the reload (or refresh) mechanism in their responses typically use the reload (or refresh) mechanism in their
user agents. This in turn generates a conditional request [RFC7232] user agents. This in turn generates a conditional request [RFC7232],
and either a new representation or, if unmodified, a 304 (Not and either a new representation or, if unmodified, a 304 (Not
Modified) response [RFC7232] is returned. A user agent that Modified) response [RFC7232] is returned. A user agent that
understands HTML and fetches its dependent sub-resources might issue understands HTML and fetches its dependent sub-resources might issue
hundreds of conditional requests to refresh all portions of a common hundreds of conditional requests to refresh all portions of a common
page [REQPERPAGE]. page [REQPERPAGE].
However some content providers never create more than one variant of However, some content providers never create more than one variant of
a sub-resource, because they use "versioned" URLs. When these a sub-resource, because they use "versioned" URLs. When these
resources need an update they are simply published under a new URL, resources need an update, they are simply published under a new URL,
typically embedding an identifier unique to that version of the typically embedding an identifier unique to that version of the
resource in the path, and references to the sub-resource are updated resource in the path, and references to the sub-resource are updated
with the new path information. with the new path information.
For example, "https://www.example.com/101016/main.css" might be For example, "https://www.example.com/101016/main.css" might be
updated and republished as "https://www.example.com/102026/main.css", updated and republished as "https://www.example.com/102026/main.css",
with any links that reference it being changed at the same time. with any links that reference it being changed at the same time.
This design pattern allows a very large freshness lifetime to be used This design pattern allows a very large freshness lifetime to be used
for the sub-resource without guessing when it will be updated in the for the sub-resource without guessing when it will be updated in the
future. future.
Unfortunately, the user agent does not know when this versioned URL Unfortunately, the user agent does not know when this versioned URL
design pattern is used. As a result, user-driven refreshes still design pattern is used. As a result, user-driven refreshes still
translate into wasted conditional requests for each sub-resource as translate into wasted conditional requests for each sub-resource as
each will return 304 responses. each will return 304 responses.
The "immutable" HTTP response Cache-Control extension allows servers The immutable HTTP response Cache-Control extension allows servers to
to identify responses that will not be updated during their freshness identify responses that will not be updated during their freshness
lifetimes. lifetimes.
This effectively informs clients that any conditional request for This effectively informs clients that any conditional request for
that response can be safely skipped without worrying that it has been that response can be safely skipped without worrying that it has been
updated. updated.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. The immutable Cache-Control extension 2. The Immutable Cache-Control Extension
When present in an HTTP response, the "immutable" Cache-Control When present in an HTTP response, the immutable Cache-Control
extension indicates that the origin server will not update the extension indicates that the origin server will not update the
representation of that resource during the freshness lifetime of the representation of that resource during the freshness lifetime of the
response. response.
Clients SHOULD NOT issue a conditional request during the response's Clients SHOULD NOT issue a conditional request during the response's
freshness lifetime (e.g. upon a reload) unless explicitly overridden freshness lifetime (e.g., upon a reload) unless explicitly overridden
by the user (e.g. a force reload). by the user (e.g., a force reload).
The immutable extension only applies during the freshness lifetime of The immutable extension only applies during the freshness lifetime of
the stored response. Stale responses SHOULD be revalidated as they the stored response. Stale responses SHOULD be revalidated as they
normally would be in the absence of immutable. normally would be in the absence of the immutable extension.
The immutable extension takes no arguments. If any arguments are The immutable extension takes no arguments. If any arguments are
present, they have no meaning, and MUST be ignored. Multiple present, they have no meaning and MUST be ignored. Multiple
instances of the immutable extension are equivalent to one instance. instances of the immutable extension are equivalent to one instance.
The presence of an immutable Cache-Control extension in a request has The presence of an immutable Cache-Control extension in a request has
no effect. no effect.
2.1. About Intermediaries 2.1. About Intermediaries
An immutable response has the same semantic meaning when received by An immutable response has the same semantic meaning when received by
proxy clients as it does when received by User-Agent based clients. proxy clients as it does when received by user-agent-based clients.
Therefore proxies SHOULD skip conditionally revalidating fresh Therefore, proxies SHOULD skip conditionally revalidating fresh
responses containing the immutable extension unless there is a signal responses containing the immutable extension unless there is a signal
from the client that a validation is necessary (e.g. a no-cache from the client that a validation is necessary (e.g., a no-cache
Cache-Control request directive defined by Section 5.2.1.4 of Cache-Control request directive defined in Section 5.2.1.4 of
[RFC7234]). [RFC7234]).
A proxy that uses immutable to bypass a conditional revalidation can A proxy that uses the immutable extension to bypass a conditional
choose whether to reply with a 304 or 200 to its requesting client revalidation can choose whether to reply with a 304 or 200 response
based on the request headers the proxy received. to its requesting client based on the request headers the proxy
received.
2.2. Example 2.2. Example
Cache-Control: max-age=31536000, immutable Cache-Control: max-age=31536000, immutable
3. Security Considerations 3. Security Considerations
The immutable mechanism acts as form of soft pinning and, as with all The immutable mechanism acts as form of soft pinning and, as with all
pinning mechanisms, creates a vector for amplification of cache pinning mechanisms, creates a vector for amplification of cache
corruption incidents. These incidents include cache poisoning corruption incidents. These incidents include cache-poisoning
attacks. Three mechanisms are suggested for mitigation of this risk: attacks. Three mechanisms are suggested for mitigation of this risk:
o Clients SHOULD ignore immutable from resources that are not part o Clients SHOULD ignore the immutable extension from resources that
of an authenticated context such as HTTPS. Authenticated are not part of an authenticated context such as HTTPS.
resources are less vulnerable to cache poisoning. Authenticated resources are less vulnerable to cache poisoning.
o User-Agents often provide two different refresh mechanisms: reload o User agents often provide two different refresh mechanisms: reload
and some form of force-reload. The latter is used to rectify and some form of force-reload. The latter is used to rectify
interrupted loads and other corruption. These reloads, typically interrupted loads and other corruption. These reloads, typically
indicated through no-cache request attributes, SHOULD ignore indicated through no-cache request attributes, SHOULD ignore the
immutable as well. immutable extension as well.
o Clients SHOULD ignore immutable for resources that do not provide o Clients SHOULD ignore the immutable extension for resources that
a strong indication that the stored response size is the correct do not provide a strong indication that the stored response size
response size such as responses delimited by connection close. is the correct response size such as responses delimited by
connection close.
4. IANA Considerations 4. IANA Considerations
Section 7.1 of [RFC7234] requires registration of the immutable The immutable extension has been registered in the "Hypertext
extension in the "Hypertext Transfer Protocol (HTTP) Cache Directive Transfer Protocol (HTTP) Cache Directive Registry" per the guidelines
Registry" with IETF Review. described in Section 7.1 of [RFC7234].
o Cache-Directive: immutable
o Pointer to specification text: [this document]
5. Acknowledgments o Cache Directive: immutable
Thank you to Ben Maurer for partnership in developing and testing o Reference: RFC 8246
this idea. Thank you to Amos Jeffries for help with proxy
interactions and to Mark Nottingham for help with the documentation.
6. References 5. References
6.1. Normative References 5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Conditional Requests", RFC 7232, Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
DOI 10.17487/RFC7232, June 2014, DOI 10.17487/RFC7232, June 2014,
<https://www.rfc-editor.org/info/rfc7232>. <https://www.rfc-editor.org/info/rfc7232>.
[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
RFC 7234, DOI 10.17487/RFC7234, June 2014, RFC 7234, DOI 10.17487/RFC7234, June 2014,
<https://www.rfc-editor.org/info/rfc7234>. <https://www.rfc-editor.org/info/rfc7234>.
6.2. Informative References [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
5.2. Informative References
[REQPERPAGE] [REQPERPAGE]
"HTTP Archive", n.d., HTTP Archive, "Total Requests per Page",
<http://httparchive.org/interesting.php#reqTotal>. <http://httparchive.org/interesting.php#reqTotal>.
6.3. URIs 5.3. URIs
[1] https://lists.w3.org/Archives/Public/ietf-http-wg/ [1] https://lists.w3.org/Archives/Public/ietf-http-wg/
[2] http://httpwg.github.io/ [2] http://httpwg.github.io/
[3] https://github.com/httpwg/http-extensions/labels/immutable [3] https://github.com/httpwg/http-extensions/labels/immutable
Acknowledgments
Thank you to Ben Maurer for partnership in developing and testing
this idea. Thank you to Amos Jeffries for help with proxy
interactions and to Mark Nottingham for help with the documentation.
Author's Address Author's Address
Patrick McManus Patrick McManus
Mozilla Mozilla
Email: pmcmanus@mozilla.com Email: mcmanus@ducksong.com
 End of changes. 37 change blocks. 
55 lines changed or deleted 79 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/