draft-ietf-httpbis-rfc7838bis-00.txt | draft-ietf-httpbis-rfc7838bis-latest.txt | |||
---|---|---|---|---|
HTTP Working Group M. Bishop, Ed. | HTTP Working Group M. Bishop, Ed. | |||
Internet-Draft Akamai Technologies | Internet-Draft Akamai Technologies | |||
Intended status: Standards Track M. Thomson, Ed. | Intended status: Standards Track M. Thomson, Ed. | |||
Expires: March 5, 2022 Mozilla | Expires: May 24, 2025 Mozilla | |||
September 01, 2021 | November 20, 2024 | |||
HTTP Alternative Services | HTTP Alternative Services | |||
draft-ietf-httpbis-rfc7838bis-00 | draft-ietf-httpbis-rfc7838bis-latest | |||
Abstract | Abstract | |||
This document specifies "Alternative Services" for HTTP, which allow | This document specifies "Alternative Services" for HTTP, which allow | |||
an origin's resources to be authoritatively available at a separate | an origin's resources to be authoritatively available at a separate | |||
network location, possibly accessed with a different protocol | network location, possibly accessed with a different protocol | |||
configuration. | configuration. | |||
About This Document | ||||
This note is to be removed before publishing as an RFC. | ||||
Status information for this document may be found at | ||||
<https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc7838bis/>. | ||||
Discussion of this document takes place on the HTTP Working Group | ||||
mailing list (<mailto:ietf-http-wg@w3.org>), which is archived at | ||||
<https://lists.w3.org/Archives/Public/ietf-http-wg/>. Working Group | ||||
information can be found at <https://httpwg.org/>. | ||||
Source for this draft and an issue tracker can be found at | ||||
<https://github.com/httpwg/http-extensions/labels/alt-svc>. | ||||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on March 5, 2022. | This Internet-Draft will expire on May 24, 2025. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
1.1. Changes from RFC 7838 . . . . . . . . . . . . . . . . . . 3 | 1.1. Changes from RFC 7838 . . . . . . . . . . . . . . . . . . 3 | |||
1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3 | 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3 | |||
2. Alternative Services Concepts . . . . . . . . . . . . . . . . 4 | 2. Alternative Services Concepts . . . . . . . . . . . . . . . . 4 | |||
2.1. Host Authentication . . . . . . . . . . . . . . . . . . . 5 | 2.1. Host Authentication . . . . . . . . . . . . . . . . . . . 6 | |||
2.2. Alternative Service Caching . . . . . . . . . . . . . . . 6 | 2.2. Alternative Service Caching . . . . . . . . . . . . . . . 6 | |||
2.3. Requiring Server Name Indication . . . . . . . . . . . . 6 | 2.3. Requiring Server Name Indication . . . . . . . . . . . . 7 | |||
2.4. Using Alternative Services . . . . . . . . . . . . . . . 7 | 2.4. Using Alternative Services . . . . . . . . . . . . . . . 7 | |||
3. The Alt-Svc HTTP Header Field . . . . . . . . . . . . . . . . 8 | 3. The Alt-Svc HTTP Header Field . . . . . . . . . . . . . . . . 8 | |||
3.1. Caching Alt-Svc Header Field Values . . . . . . . . . . . 10 | 3.1. Caching Alt-Svc Header Field Values . . . . . . . . . . . 10 | |||
4. The ALTSVC HTTP/2 Frame . . . . . . . . . . . . . . . . . . . 11 | 4. The ALTSVC Extension Frame . . . . . . . . . . . . . . . . . 11 | |||
5. The Alt-Used HTTP Header Field . . . . . . . . . . . . . . . 13 | 5. The Alt-Used HTTP Header Field . . . . . . . . . . . . . . . 13 | |||
6. The 421 (Misdirected Request) HTTP Status Code . . . . . . . 13 | 6. The 421 (Misdirected Request) HTTP Status Code . . . . . . . 13 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
7.1. Header Field Registrations . . . . . . . . . . . . . . . 13 | 7.1. Header Field Registrations . . . . . . . . . . . . . . . 14 | |||
7.2. The ALTSVC HTTP/2 Frame Type . . . . . . . . . . . . . . 14 | 7.2. The ALTSVC HTTP/2 Frame Type . . . . . . . . . . . . . . 14 | |||
7.3. Alt-Svc Parameter Registry . . . . . . . . . . . . . . . 14 | 7.3. The ALTSVC HTTP/3 Frame Type . . . . . . . . . . . . . . 14 | |||
7.3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 14 | 7.4. Alt-Svc Parameter Registry . . . . . . . . . . . . . . . 15 | |||
7.3.2. Registrations . . . . . . . . . . . . . . . . . . . . 15 | 7.4.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 15 | |||
7.4.2. Registrations . . . . . . . . . . . . . . . . . . . . 15 | ||||
8. Internationalization Considerations . . . . . . . . . . . . . 15 | 8. Internationalization Considerations . . . . . . . . . . . . . 15 | |||
9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | |||
9.1. Changing Ports . . . . . . . . . . . . . . . . . . . . . 15 | 9.1. Changing Ports . . . . . . . . . . . . . . . . . . . . . 15 | |||
9.2. Changing Hosts . . . . . . . . . . . . . . . . . . . . . 15 | 9.2. Changing Hosts . . . . . . . . . . . . . . . . . . . . . 16 | |||
9.3. Changing Protocols . . . . . . . . . . . . . . . . . . . 16 | 9.3. Changing Protocols . . . . . . . . . . . . . . . . . . . 17 | |||
9.4. Tracking Clients Using Alternative Services . . . . . . . 17 | 9.4. Tracking Clients Using Alternative Services . . . . . . . 17 | |||
9.5. Confusion regarding Request Scheme . . . . . . . . . . . 17 | 9.5. Confusion regarding Request Scheme . . . . . . . . . . . 17 | |||
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
10.1. Normative References . . . . . . . . . . . . . . . . . . 18 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 18 | |||
10.2. Informative References . . . . . . . . . . . . . . . . . 19 | 10.2. Informative References . . . . . . . . . . . . . . . . . 19 | |||
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 20 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
1. Introduction | 1. Introduction | |||
HTTP [RFC7230] conflates the identification of resources with their | HTTP [HTTP] conflates the identification of resources with their | |||
location. In other words, "http://" and "https://" URIs are used to | location. In other words, "http://" and "https://" URIs are used to | |||
both name and find things to interact with. | both name and find things to interact with. | |||
In some cases, it is desirable to separate identification and | In some cases, it is desirable to separate identification and | |||
location in HTTP; keeping the same identifier for a resource, but | location in HTTP; keeping the same identifier for a resource, but | |||
interacting with it at a different location on the network. | interacting with it at a different location on the network. | |||
For example: | For example: | |||
o An origin server might wish to redirect a client to a different | o An origin server might wish to redirect a client to a different | |||
server when it is under load, or it has found a server in a | server when it is under load, or it has found a server in a | |||
location that is more local to the client. | location that is more local to the client. | |||
o An origin server might wish to offer access to its resources using | o An origin server might wish to offer access to its resources using | |||
a new protocol, such as HTTP/2 [RFC7540], or one using improved | a new protocol, such as HTTP/3 [HTTP3], or one using improved | |||
security, such as Transport Layer Security (TLS) [RFC5246]. | security, such as Transport Layer Security (TLS) [RFC8446]. | |||
o An origin server might wish to segment its clients into groups of | o An origin server might wish to segment its clients into groups of | |||
capabilities, such as those supporting Server Name Indication | capabilities, such as those supporting Server Name Indication | |||
(SNI) (Section 3 of [RFC6066]), for operational purposes. | (SNI) (Section 3 of [RFC6066]), for operational purposes. | |||
This specification defines a new concept in HTTP, "Alternative | This specification defines a new concept in HTTP, "Alternative | |||
Services", that allows an origin server to nominate additional means | Services", that allows an origin server to nominate additional means | |||
of interacting with it on the network. It defines a general | of interacting with it on the network. It defines a general | |||
framework for this in Section 2, along with specific mechanisms for | framework for this in Section 2, along with specific mechanisms for | |||
advertising their existence using HTTP header fields (Section 3) or | advertising their existence using HTTP header fields (Section 3) or | |||
HTTP/2 frames (Section 4), plus a way to indicate that an alternative | HTTP/2 frames (Section 4), plus a way to indicate that an alternative | |||
service was used (Section 5). | service was used (Section 5). | |||
It also endorses the status code 421 (Misdirected Request) | It also endorses the status code 421 (Misdirected Request) | |||
(Section 6) that origin servers or their nominated alternatives can | (Section 6) that origin servers or their nominated alternatives can | |||
use to indicate that they are not authoritative for a given origin, | use to indicate that they are not authoritative for a given origin, | |||
in cases where the wrong location is used. | in cases where the wrong location is used. | |||
1.1. Changes from RFC 7838 | 1.1. Changes from RFC 7838 | |||
No substantive changes. | o Added an ALTSVC frame for HTTP/3. | |||
1.2. Notational Conventions | 1.2. Notational Conventions | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
This document uses the Augmented BNF defined in [RFC5234] and updated | This document uses the Augmented BNF defined in [RFC5234] and updated | |||
by [RFC7405] along with the "#rule" extension defined in Section 7 of | by [RFC7405] along with the "#rule" extension defined in | |||
[RFC7230]. The rules below are defined in [RFC5234], [RFC7230], and | Section 5.6.1 of [HTTP]. The rules below are defined in [RFC5234], | |||
[RFC7234]: | [HTTP], and [Caching]: | |||
OWS = <OWS, see [RFC7230], Section 3.2.3> | OWS = <OWS, see [HTTP], Section 5.6.3> | |||
delta-seconds = <delta-seconds; see [RFC7234], Section 1.2.1> | delta-seconds = <delta-seconds; see [Caching], Section 1.2.2> | |||
port = <port, see [RFC7230], Section 2.7> | port = <port, see [HTTP], Section 4.1> | |||
quoted-string = <quoted-string, see [RFC7230], Section 3.2.6> | quoted-string = <quoted-string, see [HTTP], Section 5.6.4> | |||
token = <token, see [RFC7230], Section 3.2.6> | token = <token, see [HTTP], Section 5.6.2> | |||
uri-host = <uri-host, see [RFC7230], Section 2.7> | uri-host = <uri-host, see [HTTP], Section 4.1> | |||
2. Alternative Services Concepts | 2. Alternative Services Concepts | |||
This specification defines a new concept in HTTP, the "Alternative | This specification defines a new concept in HTTP, the "Alternative | |||
Service". When an origin [RFC6454] has resources that are accessible | Service". When an origin [RFC6454] has resources that are accessible | |||
through a different protocol/host/port combination, it is said to | through a different protocol/host/port combination, it is said to | |||
have an alternative service available. | have an alternative service available. | |||
An alternative service can be used to interact with the resources on | An alternative service can be used to interact with the resources on | |||
an origin server at a separate location on the network, possibly | an origin server at a separate location on the network, possibly | |||
using a different protocol configuration. Alternative services are | using a different protocol configuration. Alternative services are | |||
considered authoritative for an origin's resources, in the sense of | considered authoritative for an origin's resources, in the sense of | |||
Section 9.1 of [RFC7230]. | Section 4.3 of [HTTP]. | |||
For example, an origin: | For example, an origin: | |||
("http", "www.example.com", "80") | ("http", "www.example.com", "80") | |||
might declare that its resources are also accessible at the | might declare that its resources are also accessible at the | |||
alternative service: | alternative service: | |||
("h2", "new.example.com", "81") | ("h2", "new.example.com", "81") | |||
skipping to change at page 5, line 6 ¶ | skipping to change at page 5, line 19 ¶ | |||
options for that protocol as well. | options for that protocol as well. | |||
This means that clients using an alternative service can change the | This means that clients using an alternative service can change the | |||
host, port, and protocol that they are using to fetch resources, but | host, port, and protocol that they are using to fetch resources, but | |||
these changes MUST NOT be propagated to the application that is using | these changes MUST NOT be propagated to the application that is using | |||
HTTP; from that standpoint, the URI being accessed and all | HTTP; from that standpoint, the URI being accessed and all | |||
information derived from it (scheme, host, and port) are the same as | information derived from it (scheme, host, and port) are the same as | |||
before. | before. | |||
Importantly, this includes its security context; in particular, when | Importantly, this includes its security context; in particular, when | |||
TLS [RFC5246] is used to authenticate, the alternative service will | TLS [RFC8446] is used to authenticate, the alternative service will | |||
need to present a certificate for the origin's host name, not that of | need to present a certificate for the origin's host name, not that of | |||
the alternative. Likewise, the Host header field ([RFC7230], | the alternative. Likewise, the Host header field (Section 7.2 of | |||
Section 5.4) is still derived from the origin, not the alternative | [HTTP]) is still derived from the origin, not the alternative service | |||
service (just as it would if a CNAME were being used). | (just as it would if a CNAME were being used). | |||
The changes MAY, however, be made visible in debugging tools, | The changes MAY, however, be made visible in debugging tools, | |||
consoles, etc. | consoles, etc. | |||
Formally, an alternative service is identified by the combination of: | Formally, an alternative service is identified by the combination of: | |||
o An Application Layer Protocol Negotiation (ALPN) protocol name, as | o An Application-Layer Protocol Negotiation (ALPN) protocol name, as | |||
per [RFC7301] | per [RFC7301] | |||
o A host, as per Section 3.2.2 of [RFC3986] | o A host, as per Section 3.2.2 of [RFC3986] | |||
o A port, as per Section 3.2.3 of [RFC3986] | o A port, as per Section 3.2.3 of [RFC3986] | |||
The ALPN protocol name is used to identify the application protocol | The ALPN protocol name is used to identify the application protocol | |||
or suite of protocols used by the alternative service. Note that for | or suite of protocols used by the alternative service. Note that for | |||
the purpose of this specification, an ALPN protocol name implicitly | the purpose of this specification, an ALPN protocol name implicitly | |||
includes TLS in the suite of protocols it identifies, unless | includes TLS in the suite of protocols it identifies, unless | |||
specified otherwise in its definition. In particular, the ALPN name | specified otherwise in its definition. In particular, the ALPN name | |||
"http/1.1", registered by Section 6 of [RFC7301], identifies HTTP/1.1 | "http/1.1", registered by Section 6 of [RFC7301], identifies HTTP/1.1 | |||
over TLS. | over TLS. | |||
Additionally, each alternative service MUST have a freshness | Additionally, each alternative service MUST have a freshness | |||
lifetime, expressed in seconds (see Section 2.2). | lifetime, expressed in seconds (see Section 2.2). | |||
There are many ways that a client could discover the alternative | There are many ways that a client could discover the alternative | |||
service(s) associated with an origin. This document describes two | service(s) associated with an origin. This document describes two | |||
such mechanisms: the "Alt-Svc" HTTP header field (Section 3) and the | such mechanisms: the "Alt-Svc" HTTP header field (Section 3) and the | |||
"ALTSVC" HTTP/2 frame type (Section 4). | "ALTSVC" frame type for HTTP/2 and HTTP/3 (Section 4). | |||
The remainder of this section describes requirements that are common | The remainder of this section describes requirements that are common | |||
to alternative services, regardless of how they are discovered. | to alternative services, regardless of how they are discovered. | |||
2.1. Host Authentication | 2.1. Host Authentication | |||
Clients MUST have reasonable assurances that the alternative service | Clients MUST have reasonable assurances that the alternative service | |||
is under control of and valid for the whole origin. This mitigates | is under control of and valid for the whole origin. This mitigates | |||
the attack described in Section 9.2. | the attack described in Section 9.2. | |||
skipping to change at page 8, line 28 ¶ | skipping to change at page 8, line 40 ¶ | |||
The field value consists either of a list of values, each of which | The field value consists either of a list of values, each of which | |||
indicates one alternative service, or the keyword "clear". | indicates one alternative service, or the keyword "clear". | |||
A field value containing the special value "clear" indicates that the | A field value containing the special value "clear" indicates that the | |||
origin requests all alternatives for that origin to be invalidated | origin requests all alternatives for that origin to be invalidated | |||
(including those specified in the same response, in case of an | (including those specified in the same response, in case of an | |||
invalid reply containing both "clear" and alternative services). | invalid reply containing both "clear" and alternative services). | |||
ALPN protocol names are octet sequences with no additional | ALPN protocol names are octet sequences with no additional | |||
constraints on format. Octets not allowed in tokens ([RFC7230], | constraints on format. Octets not allowed in tokens (Section 5.6.2 | |||
Section 3.2.6) MUST be percent-encoded as per Section 2.1 of | of [HTTP]) MUST be percent-encoded as per Section 2.1 of [RFC3986]. | |||
[RFC3986]. Consequently, the octet representing the percent | Consequently, the octet representing the percent character "%" (hex | |||
character "%" (hex 25) MUST be percent-encoded as well. | 25) MUST be percent-encoded as well. | |||
In order to have precisely one way to represent any ALPN protocol | In order to have precisely one way to represent any ALPN protocol | |||
name, the following additional constraints apply: | name, the following additional constraints apply: | |||
1. Octets in the ALPN protocol name MUST NOT be percent-encoded if | 1. Octets in the ALPN protocol name MUST NOT be percent-encoded if | |||
they are valid token characters except "%", and | they are valid token characters except "%", and | |||
2. When using percent-encoding, uppercase hex digits MUST be used. | 2. When using percent-encoding, uppercase hex digits MUST be used. | |||
With these constraints, recipients can apply simple string comparison | With these constraints, recipients can apply simple string comparison | |||
to match protocol identifiers. | to match protocol identifiers. | |||
The "alt-authority" component consists of an OPTIONAL uri-host | The "alt-authority" component consists of an OPTIONAL uri-host | |||
("host" in Section 3.2.2 of [RFC3986]), a colon (":"), and a port | ("host" in Section 3.2.2 of [RFC3986]), a colon (":"), and a port | |||
number. | number. | |||
For example: | For example: | |||
Alt-Svc: h2=":8000" | Alt-Svc: h2=":8000" | |||
This indicates the "h2" protocol ([RFC7540]) on the same host using | ||||
the indicated port 8000. | This indicates the "h2" protocol ([HTTP2]) on the same host using the | |||
indicated port 8000. | ||||
An example involving a change of host: | An example involving a change of host: | |||
Alt-Svc: h2="new.example.org:80" | Alt-Svc: h2="new.example.org:80" | |||
This indicates the "h2" protocol on the host "new.example.org", | This indicates the "h2" protocol on the host "new.example.org", | |||
running on port 80. Note that the "quoted-string" syntax needs to be | running on port 80. Note that the "quoted-string" syntax needs to be | |||
used because ":" is not an allowed character in "token". | used because ":" is not an allowed character in "token". | |||
Examples for protocol name escaping: | Examples for protocol name escaping: | |||
skipping to change at page 9, line 29 ¶ | skipping to change at page 9, line 41 ¶ | |||
+--------------------+-------------+---------------------+ | +--------------------+-------------+---------------------+ | |||
| h2 | h2 | No escaping needed | | | h2 | h2 | No escaping needed | | |||
| | | | | | | | | | |||
| w=x:y#z | w%3Dx%3Ay#z | "=" and ":" escaped | | | w=x:y#z | w%3Dx%3Ay#z | "=" and ":" escaped | | |||
| | | | | | | | | | |||
| x%y | x%25y | "%" needs escaping | | | x%y | x%25y | "%" needs escaping | | |||
+--------------------+-------------+---------------------+ | +--------------------+-------------+---------------------+ | |||
Alt-Svc MAY occur in any HTTP response message, regardless of the | Alt-Svc MAY occur in any HTTP response message, regardless of the | |||
status code. Note that recipients of Alt-Svc can ignore the header | status code. Note that recipients of Alt-Svc can ignore the header | |||
field (and are required to in some situations; see Sections 2.1 and | field (and are required to in some situations; see Section 2.1 and | |||
6). | Section 6). | |||
The Alt-Svc field value can have multiple values: | The Alt-Svc field value can have multiple values: | |||
Alt-Svc: h2="alt.example.com:8000", h2=":443" | Alt-Svc: h2="alt.example.com:8000", h2=":443" | |||
When multiple values are present, the order of the values reflects | When multiple values are present, the order of the values reflects | |||
the server's preference (with the first value being the most | the server's preference (with the first value being the most | |||
preferred alternative). | preferred alternative). | |||
The value(s) advertised by Alt-Svc can be used by clients to open a | The value(s) advertised by Alt-Svc can be used by clients to open a | |||
new connection to an alternative service. Subsequent requests can | new connection to an alternative service. Subsequent requests can | |||
start using this new connection immediately or can continue using the | start using this new connection immediately or can continue using the | |||
existing connection while the new connection is created. | existing connection while the new connection is created. | |||
When using HTTP/2 ([RFC7540]), servers SHOULD instead send an ALTSVC | When using HTTP/2 ([HTTP2]), servers SHOULD instead send an ALTSVC | |||
frame (Section 4). A single ALTSVC frame can be sent for a | frame (Section 4). A single ALTSVC frame can be sent for a | |||
connection; a new frame is not needed for every request. Note that, | connection; a new frame is not needed for every request. Note that, | |||
despite this recommendation, Alt-Svc header fields remain valid in | despite this recommendation, Alt-Svc header fields remain valid in | |||
responses delivered over HTTP/2. | responses delivered over HTTP/2. | |||
Each "alt-value" is followed by an OPTIONAL semicolon-separated list | Each "alt-value" is followed by an OPTIONAL semicolon-separated list | |||
of additional parameters, each such "parameter" comprising a name and | of additional parameters, each such "parameter" comprising a name and | |||
a value. | a value. | |||
This specification defines two parameters: "ma" and "persist", | This specification defines two parameters: "ma" and "persist", | |||
defined in Section 3.1. Unknown parameters MUST be ignored. That | defined in Section 3.1. Unknown parameters MUST be ignored. That | |||
is, the values (alt-value) they appear in MUST be processed as if the | is, the values (alt-value) they appear in MUST be processed as if the | |||
unknown parameter was not present. | unknown parameter was not present. | |||
New parameters can be defined in extension specifications (see | New parameters can be defined in extension specifications (see | |||
Section 7.3 for registration details). | Section 7.4 for registration details). | |||
Note that all field elements that allow "quoted-string" syntax MUST | Note that all field elements that allow "quoted-string" syntax MUST | |||
be processed as per Section 3.2.6 of [RFC7230]. | be processed as per Section 5.6.4 of [HTTP]. | |||
3.1. Caching Alt-Svc Header Field Values | 3.1. Caching Alt-Svc Header Field Values | |||
When an alternative service is advertised using Alt-Svc, it is | When an alternative service is advertised using Alt-Svc, it is | |||
considered fresh for 24 hours from generation of the message. This | considered fresh for 24 hours from generation of the message. This | |||
can be modified with the "ma" (max-age) parameter. | can be modified with the "ma" (max-age) parameter. | |||
Syntax: | Syntax: | |||
ma = delta-seconds; see [RFC7234], Section 1.2.1 | ma = delta-seconds; see [Caching], Section 1.2.2 | |||
The delta-seconds value indicates the number of seconds since the | The delta-seconds value indicates the number of seconds since the | |||
response was generated for which the alternative service is | response was generated for which the alternative service is | |||
considered fresh. | considered fresh. | |||
Alt-Svc: h2=":443"; ma=3600 | Alt-Svc: h2=":443"; ma=3600 | |||
See Section 4.2.3 of [RFC7234] for details on determining the | See Section 4.2.3 of [Caching] for details on determining the | |||
response age. | response age. | |||
For example, a response: | For example, a response: | |||
HTTP/1.1 200 OK | HTTP/1.1 200 OK | |||
Content-Type: text/html | Content-Type: text/html | |||
Cache-Control: max-age=600 | Cache-Control: max-age=600 | |||
Age: 30 | Age: 30 | |||
Alt-Svc: h2=":8000"; ma=60 | Alt-Svc: h2=":8000"; ma=60 | |||
skipping to change at page 11, line 33 ¶ | skipping to change at page 11, line 45 ¶ | |||
For example: | For example: | |||
Alt-Svc: h2=":443"; ma=2592000; persist=1 | Alt-Svc: h2=":443"; ma=2592000; persist=1 | |||
This specification only defines a single value for "persist". | This specification only defines a single value for "persist". | |||
Clients MUST ignore "persist" parameters with values other than "1". | Clients MUST ignore "persist" parameters with values other than "1". | |||
See Section 2.2 for general requirements on caching alternative | See Section 2.2 for general requirements on caching alternative | |||
services. | services. | |||
4. The ALTSVC HTTP/2 Frame | 4. The ALTSVC Extension Frame | |||
The ALTSVC HTTP/2 frame (Section 4 of [RFC7540]) advertises the | The ALTSVC frame advertises the availability of an alternative | |||
availability of an alternative service to an HTTP/2 client. | service to an HTTP/2 or HTTP/3 client. | |||
The ALTSVC frame is a non-critical extension to HTTP/2. Endpoints | The ALTSVC frame is a separate non-critical extension in each | |||
that do not support this frame will ignore it (as per the | protocol. Endpoints that do not support this frame will ignore it | |||
extensibility rules defined in Section 4.1 of [RFC7540]). | (as per the extensibility rules defined in Section 4.1 of [HTTP2] and | |||
Section 4.1 of [HTTP3]). | ||||
An ALTSVC frame from a server to a client on a stream other than | An ALTSVC frame from a server to a client on a request stream or a | |||
stream 0 indicates that the conveyed alternative service is | push stream indicates that the conveyed alternative service is | |||
associated with the origin of that stream. | associated with the origin of that stream. | |||
An ALTSVC frame from a server to a client on stream 0 indicates that | An ALTSVC frame from a server to a client on the control stream | |||
(stream 0 in HTTP/2 or a stream of type 0 in HTTP/3) indicates that | ||||
the conveyed alternative service is associated with the origin | the conveyed alternative service is associated with the origin | |||
contained in the Origin field of the frame. An association with an | contained in the Origin field of the frame. An association with an | |||
origin that the client does not consider authoritative for the | origin that the client does not consider authoritative for the | |||
current connection MUST be ignored. | current connection MUST be ignored. | |||
The ALTSVC frame type is 0xa (decimal 10). | The ALTSVC frame type is 0xa (decimal 10) in both protocols. | |||
+-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| Origin-Len (16) | Origin? (*) ... | | Origin-Len (16) | Origin? (*) ... | |||
+-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| Alt-Svc-Field-Value (*) ... | | Alt-Svc-Field-Value (*) ... | |||
+---------------------------------------------------------------+ | +---------------------------------------------------------------+ | |||
ALTSVC Frame Payload | ALTSVC Frame Payload | |||
The ALTSVC frame contains the following fields: | The ALTSVC frame contains the following fields: | |||
skipping to change at page 12, line 27 ¶ | skipping to change at page 12, line 42 ¶ | |||
Origin: An OPTIONAL sequence of characters containing the ASCII | Origin: An OPTIONAL sequence of characters containing the ASCII | |||
serialization of an origin (Section 6.2 of [RFC6454]) to which the | serialization of an origin (Section 6.2 of [RFC6454]) to which the | |||
alternative service is applicable. | alternative service is applicable. | |||
Alt-Svc-Field-Value: A sequence of octets (length determined by | Alt-Svc-Field-Value: A sequence of octets (length determined by | |||
subtracting the length of all preceding fields from the frame | subtracting the length of all preceding fields from the frame | |||
length) containing a value identical to the Alt-Svc field value | length) containing a value identical to the Alt-Svc field value | |||
defined in Section 3 (ABNF production "Alt-Svc"). | defined in Section 3 (ABNF production "Alt-Svc"). | |||
The ALTSVC frame does not define any flags. | The ALTSVC frame does not define any flags in HTTP/2; there is no | |||
generic flag field for HTTP/3 frames. | ||||
The ALTSVC frame is intended for receipt by clients. A device acting | The ALTSVC frame is intended for receipt by clients. A device acting | |||
as a server MUST ignore it. | as a server MUST ignore it. | |||
An ALTSVC frame on stream 0 with empty (length 0) "Origin" | An ALTSVC frame on the control stream with empty (length 0) "Origin" | |||
information is invalid and MUST be ignored. An ALTSVC frame on a | information is invalid and MUST be ignored. An ALTSVC frame on a | |||
stream other than stream 0 containing non-empty "Origin" information | request or push stream containing non-empty "Origin" information is | |||
is invalid and MUST be ignored. | invalid and MUST be ignored. | |||
The ALTSVC frame is processed hop-by-hop. An intermediary MUST NOT | The ALTSVC frame is processed hop-by-hop. An intermediary MUST NOT | |||
forward ALTSVC frames, though it can use the information contained in | forward ALTSVC frames, though it can use the information contained in | |||
ALTSVC frames in forming new ALTSVC frames to send to its own | ALTSVC frames in forming new ALTSVC frames to send to its own | |||
clients. | clients. | |||
Receiving an ALTSVC frame is semantically equivalent to receiving an | Receiving an ALTSVC frame is semantically equivalent to receiving an | |||
Alt-Svc header field. As a result, the ALTSVC frame causes | Alt-Svc header field. As a result, the ALTSVC frame causes | |||
alternative services for the corresponding origin to be replaced. | alternative services for the corresponding origin to be replaced. | |||
Note that it would be unwise to mix the use of Alt-Svc header fields | Note that it would be unwise to mix the use of Alt-Svc header fields | |||
with the use of ALTSVC frames, as the sequence of receipt might be | with the use of ALTSVC frames, as the sequence of receipt might be | |||
hard to predict. | hard to predict. | |||
5. The Alt-Used HTTP Header Field | 5. The Alt-Used HTTP Header Field | |||
The Alt-Used header field is used in requests to identify the | The Alt-Used header field is used in requests to identify the | |||
alternative service in use, just as the Host header field | alternative service in use, just as the Host header field | |||
(Section 5.4 of [RFC7230]) identifies the host and port of the | (Section 7.2 of [HTTP]) identifies the host and port of the origin. | |||
origin. | ||||
Alt-Used = uri-host [ ":" port ] | Alt-Used = uri-host [ ":" port ] | |||
Alt-Used is intended to allow alternative services to detect loops, | Alt-Used is intended to allow alternative services to detect loops, | |||
differentiate traffic for purposes of load balancing, and generally | differentiate traffic for purposes of load balancing, and generally | |||
to ensure that it is possible to identify the intended destination of | to ensure that it is possible to identify the intended destination of | |||
traffic, since introducing this information after a protocol is in | traffic, since introducing this information after a protocol is in | |||
use has proven to be problematic. | use has proven to be problematic. | |||
When using an alternative service, clients SHOULD include an Alt-Used | When using an alternative service, clients SHOULD include an Alt-Used | |||
header field in all requests. | header field in all requests. | |||
For example: | For example: | |||
GET /thing HTTP/1.1 | GET /thing HTTP/1.1 | |||
Host: origin.example.com | Host: origin.example.com | |||
Alt-Used: alternate.example.net | Alt-Used: alternate.example.net | |||
6. The 421 (Misdirected Request) HTTP Status Code | 6. The 421 (Misdirected Request) HTTP Status Code | |||
The 421 (Misdirected Request) status code is defined in Section 9.1.2 | The 421 (Misdirected Request) status code is defined in | |||
of [RFC7540] to indicate that the current server instance is not | Section 15.5.20 of [HTTP] to indicate that the current server | |||
authoritative for the requested resource. This can be used to | instance is not authoritative for the requested resource. This can | |||
indicate that an alternative service is not authoritative; see | be used to indicate that an alternative service is not authoritative; | |||
Section 2). | see Section 2). | |||
Clients receiving 421 (Misdirected Request) from an alternative | Clients receiving 421 (Misdirected Request) from an alternative | |||
service MUST remove the corresponding entry from its alternative | service MUST remove the corresponding entry from its alternative | |||
service cache (see Section 2.2) for that origin. Regardless of the | service cache (see Section 2.2) for that origin. Regardless of the | |||
idempotency of the request method, they MAY retry the request, either | idempotency of the request method, they MAY retry the request, either | |||
at another alternative server, or at the origin. | at another alternative server, or at the origin. | |||
An Alt-Svc header field in a 421 (Misdirected Request) response MUST | An Alt-Svc header field in a 421 (Misdirected Request) response MUST | |||
be ignored. | be ignored. | |||
skipping to change at page 14, line 9 ¶ | skipping to change at page 14, line 20 ¶ | |||
7.1. Header Field Registrations | 7.1. Header Field Registrations | |||
HTTP header fields are registered within the "Message Headers" | HTTP header fields are registered within the "Message Headers" | |||
registry maintained at <https://www.iana.org/assignments/message- | registry maintained at <https://www.iana.org/assignments/message- | |||
headers/>. | headers/>. | |||
This document defines the following HTTP header fields, so their | This document defines the following HTTP header fields, so their | |||
associated registry entries have been added according to the | associated registry entries have been added according to the | |||
permanent registrations below (see [BCP90]): | permanent registrations below (see [BCP90]): | |||
+-------------------+----------+----------+-----------+ | +-------------------+----------+----------+------------+ | |||
| Header Field Name | Protocol | Status | Reference | | | Header Field Name | Protocol | Status | Reference | | |||
+-------------------+----------+----------+-----------+ | +-------------------+----------+----------+------------+ | |||
| Alt-Svc | http | standard | Section 3 | | | Alt-Svc | http | standard | Section 3 | | |||
| | | | | | | | | | | | |||
| Alt-Used | http | standard | Section 5 | | | Alt-Used | http | standard | Section 5 | | |||
+-------------------+----------+----------+-----------+ | +-------------------+----------+----------+------------+ | |||
The change controller is: "IETF (iesg@ietf.org) -- Internet | The change controller is: "IETF (iesg@ietf.org) -- Internet | |||
Engineering Task Force". | Engineering Task Force". | |||
7.2. The ALTSVC HTTP/2 Frame Type | 7.2. The ALTSVC HTTP/2 Frame Type | |||
This document registers the ALTSVC frame type in the "HTTP/2 Frame | This document registers the ALTSVC frame type in the "HTTP/2 Frame | |||
Type" registry (Section 11.2 of [RFC7540]). | Type" registry (Section 11.2 of [HTTP2]). | |||
Frame Type: ALTSVC | Frame Type: ALTSVC | |||
Code: 0xa | Code: 0xa | |||
Specification: Section 4 of this document | Specification: Section 4 of this document | |||
7.3. Alt-Svc Parameter Registry | 7.3. The ALTSVC HTTP/3 Frame Type | |||
This document registers the ALTSVC frame type in the "HTTP/3 Frame | ||||
Type" registry (Section 11.2.1 of [HTTP3]). | ||||
Frame Type: ALTSVC | ||||
Value: 0xa | ||||
Specification: Section 4 of this document | ||||
7.4. Alt-Svc Parameter Registry | ||||
The "Hypertext Transfer Protocol (HTTP) Alt-Svc Parameter Registry" | The "Hypertext Transfer Protocol (HTTP) Alt-Svc Parameter Registry" | |||
defines the name space for parameters. It has been created and will | defines the name space for parameters. It has been created and will | |||
be maintained at <http://www.iana.org/assignments/http-alt-svc- | be maintained at <http://www.iana.org/assignments/http-alt-svc- | |||
parameters>. | parameters>. | |||
7.3.1. Procedure | 7.4.1. Procedure | |||
A registration MUST include the following fields: | A registration MUST include the following fields: | |||
o Parameter Name | o Parameter Name | |||
o Pointer to specification text | o Pointer to specification text | |||
Values to be added to this name space require Expert Review (see | Values to be added to this name space require Expert Review (see | |||
Section 4.1 of [RFC5226]). | Section 4.1 of [RFC5226]). | |||
7.3.2. Registrations | 7.4.2. Registrations | |||
The "Hypertext Transfer Protocol (HTTP) Alt-Svc Parameter Registry" | The "Hypertext Transfer Protocol (HTTP) Alt-Svc Parameter Registry" | |||
has been populated with the registrations below: | has been populated with the registrations below: | |||
+-------------------+-------------+ | +-------------------+--------------+ | |||
| Alt-Svc Parameter | Reference | | | Alt-Svc Parameter | Reference | | |||
+-------------------+-------------+ | +-------------------+--------------+ | |||
| ma | Section 3.1 | | | ma | Section 3.1 | | |||
| | | | | | | | |||
| persist | Section 3.1 | | | persist | Section 3.1 | | |||
+-------------------+-------------+ | +-------------------+--------------+ | |||
8. Internationalization Considerations | 8. Internationalization Considerations | |||
An internationalized domain name that appears in either the header | An internationalized domain name that appears in either the header | |||
field (Section 3) or the HTTP/2 frame (Section 4) MUST be expressed | field (Section 3) or the HTTP/2 frame (Section 4) MUST be expressed | |||
using A-labels (Section 2.3.2.1 of [RFC5890]). | using A-labels (Section 2.3.2.1 of [RFC5890]). | |||
9. Security Considerations | 9. Security Considerations | |||
9.1. Changing Ports | 9.1. Changing Ports | |||
skipping to change at page 17, line 44 ¶ | skipping to change at page 18, line 11 ¶ | |||
connection to be migrated to a different protocol and port, these | connection to be migrated to a different protocol and port, these | |||
applications can become confused about the security properties of a | applications can become confused about the security properties of a | |||
given connection, sending information (for example, cookies and | given connection, sending information (for example, cookies and | |||
content) that is intended for a secure context (such as an "https://" | content) that is intended for a secure context (such as an "https://" | |||
URI) to a client that is not treating it as one. | URI) to a client that is not treating it as one. | |||
This risk can be mitigated in servers by using the URI scheme | This risk can be mitigated in servers by using the URI scheme | |||
explicitly carried by the protocol (such as ":scheme" in HTTP/2 or | explicitly carried by the protocol (such as ":scheme" in HTTP/2 or | |||
the "absolute form" of the request target in HTTP/1.1) as an | the "absolute form" of the request target in HTTP/1.1) as an | |||
indication of security context, instead of other connection | indication of security context, instead of other connection | |||
properties (Section 8.1.2.3 of [RFC7540] and Section 5.3.2 of | properties (Section 8.3.1 of [HTTP2] and Section 3.2.2 of [HTTP11]). | |||
[RFC7230]). | ||||
When the protocol does not explicitly carry the scheme (as is usually | When the protocol does not explicitly carry the scheme (as is usually | |||
the case for HTTP/1.1 over TLS), servers can mitigate this risk by | the case for HTTP/1.1 over TLS), servers can mitigate this risk by | |||
either assuming that all requests have an insecure context, or by | either assuming that all requests have an insecure context, or by | |||
refraining from advertising alternative services for insecure schemes | refraining from advertising alternative services for insecure schemes | |||
(for example, HTTP). | (for example, HTTP). | |||
10. References | 10. References | |||
10.1. Normative References | 10.1. Normative References | |||
[Caching] Fielding, R., Nottingham, M., and J. Reschke, "HTTP | ||||
Caching", draft-ietf-httpbis-cache-19 (work in progress), | ||||
September 2021. | ||||
[HTTP] Fielding, R., Nottingham, M., and J. Reschke, "HTTP | ||||
Semantics", draft-ietf-httpbis-semantics-19 (work in | ||||
progress), September 2021. | ||||
[HTTP11] Fielding, R., Nottingham, M., and J. Reschke, "HTTP/1.1", | ||||
draft-ietf-httpbis-messaging-19 (work in progress), | ||||
September 2021. | ||||
[HTTP2] Belshe, M., Peon, R., and M. Thomson, "Hypertext Transfer | ||||
Protocol Version 2 (HTTP/2)", draft-ietf-httpbis-http2-17 | ||||
(work in progress), February 2015. | ||||
[HTTP3] Bishop, M., "HTTP/3", draft-ietf-quic-http-34 (work in | ||||
progress), February 2021. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | |||
DOI 10.17487/RFC2818, May 2000, | DOI 10.17487/RFC2818, May 2000, | |||
<https://www.rfc-editor.org/info/rfc2818>. | <https://www.rfc-editor.org/info/rfc2818>. | |||
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
skipping to change at page 18, line 47 ¶ | skipping to change at page 19, line 34 ¶ | |||
[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | |||
Extensions: Extension Definitions", RFC 6066, | Extensions: Extension Definitions", RFC 6066, | |||
DOI 10.17487/RFC6066, January 2011, | DOI 10.17487/RFC6066, January 2011, | |||
<https://www.rfc-editor.org/info/rfc6066>. | <https://www.rfc-editor.org/info/rfc6066>. | |||
[RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, | [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, | |||
DOI 10.17487/RFC6454, December 2011, | DOI 10.17487/RFC6454, December 2011, | |||
<https://www.rfc-editor.org/info/rfc6454>. | <https://www.rfc-editor.org/info/rfc6454>. | |||
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
Protocol (HTTP/1.1): Message Syntax and Routing", | ||||
RFC 7230, DOI 10.17487/RFC7230, June 2014, | ||||
<https://www.rfc-editor.org/info/rfc7230>. | ||||
[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | ||||
Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | ||||
RFC 7234, DOI 10.17487/RFC7234, June 2014, | ||||
<https://www.rfc-editor.org/info/rfc7234>. | ||||
[RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | |||
"Transport Layer Security (TLS) Application-Layer Protocol | "Transport Layer Security (TLS) Application-Layer Protocol | |||
Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | |||
July 2014, <https://www.rfc-editor.org/info/rfc7301>. | July 2014, <https://www.rfc-editor.org/info/rfc7301>. | |||
[RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF", | [RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF", | |||
RFC 7405, DOI 10.17487/RFC7405, December 2014, | RFC 7405, DOI 10.17487/RFC7405, December 2014, | |||
<https://www.rfc-editor.org/info/rfc7405>. | <https://www.rfc-editor.org/info/rfc7405>. | |||
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | ||||
Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | ||||
DOI 10.17487/RFC7540, May 2015, | ||||
<https://www.rfc-editor.org/info/rfc7540>. | ||||
10.2. Informative References | 10.2. Informative References | |||
[BCP90] Consisting of: [RFC3864], | [BCP90] Consisting of: [RFC3864], | |||
<https://www.rfc-editor.org/info/bcp90>. | <https://www.rfc-editor.org/info/bcp90>. | |||
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration | [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration | |||
Procedures for Message Header Fields", BCP 90, RFC 3864, | Procedures for Message Header Fields", BCP 90, RFC 3864, | |||
DOI 10.17487/RFC3864, September 2004, | DOI 10.17487/RFC3864, September 2004, | |||
<https://www.rfc-editor.org/info/rfc3864>. | <https://www.rfc-editor.org/info/rfc3864>. | |||
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | ||||
(TLS) Protocol Version 1.2", RFC 5246, | ||||
DOI 10.17487/RFC5246, August 2008, | ||||
<https://www.rfc-editor.org/info/rfc5246>. | ||||
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, | [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, | |||
DOI 10.17487/RFC6265, April 2011, | DOI 10.17487/RFC6265, April 2011, | |||
<https://www.rfc-editor.org/info/rfc6265>. | <https://www.rfc-editor.org/info/rfc6265>. | |||
[RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning | [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning | |||
Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April | Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April | |||
2015, <https://www.rfc-editor.org/info/rfc7469>. | 2015, <https://www.rfc-editor.org/info/rfc7469>. | |||
[RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | |||
Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | |||
April 2016, <https://www.rfc-editor.org/info/rfc7838>. | April 2016, <https://www.rfc-editor.org/info/rfc7838>. | |||
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | ||||
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | ||||
<https://www.rfc-editor.org/info/rfc8446>. | ||||
Acknowledgments | Acknowledgments | |||
The previous version of this document was authored by Mark | The previous version of this document was authored by Mark | |||
Nottingham, Patrick McManus, and Julian F. Reschke. [RFC7838] | Nottingham, Patrick McManus, and Julian F. Reschke. [RFC7838] | |||
contains a more extensive list of people who contributed to that | contains a more extensive list of people who contributed to that | |||
document. | document. | |||
Authors' Addresses | Authors' Addresses | |||
Mike Bishop (editor) | Mike Bishop (editor) | |||
End of changes. 53 change blocks. | ||||
110 lines changed or deleted | 142 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |