| draft-ietf-httpbis-immutable-03.txt | draft-ietf-httpbis-immutable-latest.txt | |||
|---|---|---|---|---|
| HTTP Working Group P. McManus | HTTP Working Group P. McManus | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Intended status: Standards Track July 3, 2017 | Intended status: Standards Track October 28, 2018 | |||
| Expires: January 4, 2018 | Expires: May 1, 2026 | |||
| HTTP Immutable Responses | HTTP Immutable Responses | |||
| draft-ietf-httpbis-immutable-03 | draft-ietf-httpbis-immutable-03 | |||
| Abstract | Abstract | |||
| The immutable HTTP response Cache-Control extension allows servers to | The immutable HTTP response Cache-Control extension allows servers to | |||
| identify resources that will not be updated during their freshness | identify resources that will not be updated during their freshness | |||
| lifetime. This assures that a client never needs to revalidate a | lifetime. This ensures that a client never needs to revalidate a | |||
| cached fresh resource to be certain it has not been modified. | cached fresh resource to be certain it has not been modified. | |||
| Note to Readers | Note to Readers | |||
| Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
| mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
| https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. | https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. | |||
| Working Group information can be found at http://httpwg.github.io/ | Working Group information can be found at http://httpwg.github.io/ | |||
| [2]; source code and issues list for this draft can be found at | [2]; source code and issues list for this draft can be found at | |||
| https://github.com/httpwg/http-extensions/labels/immutable [3]. | https://github.com/httpwg/http-extensions/labels/immutable [3]. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 4, 2018. | This Internet-Draft will expire on May 1, 2026. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | ||||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | ||||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 | ||||
| 2. The Immutable Cache-Control Extension . . . . . . . . . . . . 3 | ||||
| 2.1. About Intermediaries . . . . . . . . . . . . . . . . . . 4 | ||||
| 2.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4 | ||||
| 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | ||||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | ||||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | ||||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . 5 | ||||
| 5.2. Informative References . . . . . . . . . . . . . . . . . 5 | ||||
| 5.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | ||||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| HTTP's freshness lifetime mechanism [RFC7234] allows a client to | HTTP's freshness lifetime mechanism [RFC7234] allows a client to | |||
| safely reuse a stored response to satisfy future requests for a | safely reuse a stored response to satisfy future requests for a | |||
| specified period of time. However, it is still possible that the | specified period of time. However, it is still possible that the | |||
| resource will be modified during that period. | resource will be modified during that period. | |||
| For instance, a front page newspaper photo with a freshness lifetime | For instance, a front-page newspaper photo with a freshness lifetime | |||
| of one hour would mean that no user would see a cached photo more | of one hour would mean that no user would see a cached photo more | |||
| than one hour old. However, the photo could be updated at any time | than one hour old. However, the photo could be updated at any time, | |||
| resulting in different users seeing different photos depending on the | resulting in different users seeing different photos depending on the | |||
| contents of their caches for up to one hour. This is compliant with | contents of their caches for up to one hour. This is compliant with | |||
| the caching mechanism defined in [RFC7234]. | the caching mechanism defined in [RFC7234]. | |||
| Users that need to confirm there have been no updates to their cached | Users that need to confirm there have been no updates to their cached | |||
| responses typically use the reload (or refresh) mechanism in their | responses typically use the reload (or refresh) mechanism in their | |||
| user agents. This in turn generates a conditional request [RFC7232] | user agents. This in turn generates a conditional request [RFC7232], | |||
| and either a new representation or, if unmodified, a 304 (Not | and either a new representation or, if unmodified, a 304 (Not | |||
| Modified) response [RFC7232] is returned. A user agent that | Modified) response [RFC7232] is returned. A user agent that | |||
| understands HTML and fetches its dependent sub-resources might issue | understands HTML and fetches its dependent sub-resources might issue | |||
| hundreds of conditional requests to refresh all portions of a common | hundreds of conditional requests to refresh all portions of a common | |||
| page [REQPERPAGE]. | page [REQPERPAGE]. | |||
| However some content providers never create more than one variant of | However, some content providers never create more than one variant of | |||
| a sub-resource, because they use "versioned" URLs. When these | a sub-resource, because they use "versioned" URLs. When these | |||
| resources need an update they are simply published under a new URL, | resources need an update, they are simply published under a new URL, | |||
| typically embedding an identifier unique to that version of the | typically embedding an identifier unique to that version of the | |||
| resource in the path, and references to the sub-resource are updated | resource in the path, and references to the sub-resource are updated | |||
| with the new path information. | with the new path information. | |||
| For example, "https://www.example.com/101016/main.css" might be | For example, "https://www.example.com/101016/main.css" might be | |||
| updated and republished as "https://www.example.com/102026/main.css", | updated and republished as "https://www.example.com/102026/main.css", | |||
| with any links that reference it being changed at the same time. | with any links that reference it being changed at the same time. | |||
| This design pattern allows a very large freshness lifetime to be used | This design pattern allows a very large freshness lifetime to be used | |||
| for the sub-resource without guessing when it will be updated in the | for the sub-resource without guessing when it will be updated in the | |||
| future. | future. | |||
| Unfortunately, the user agent does not know when this versioned URL | Unfortunately, the user agent does not know when this versioned URL | |||
| design pattern is used. As a result, user-driven refreshes still | design pattern is used. As a result, user-driven refreshes still | |||
| translate into wasted conditional requests for each sub-resource as | translate into wasted conditional requests for each sub-resource as | |||
| each will return 304 responses. | each will return 304 responses. | |||
| The "immutable" HTTP response Cache-Control extension allows servers | The immutable HTTP response Cache-Control extension allows servers to | |||
| to identify responses that will not be updated during their freshness | identify responses that will not be updated during their freshness | |||
| lifetimes. | lifetimes. | |||
| This effectively informs clients that any conditional request for | This effectively informs clients that any conditional request for | |||
| that response can be safely skipped without worrying that it has been | that response can be safely skipped without worrying that it has been | |||
| updated. | updated. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| document are to be interpreted as described in [RFC2119]. | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
| capitals, as shown here. | ||||
| 2. The immutable Cache-Control extension | 2. The Immutable Cache-Control Extension | |||
| When present in an HTTP response, the "immutable" Cache-Control | When present in an HTTP response, the immutable Cache-Control | |||
| extension indicates that the origin server will not update the | extension indicates that the origin server will not update the | |||
| representation of that resource during the freshness lifetime of the | representation of that resource during the freshness lifetime of the | |||
| response. | response. | |||
| Clients SHOULD NOT issue a conditional request during the response's | Clients SHOULD NOT issue a conditional request during the response's | |||
| freshness lifetime (e.g. upon a reload) unless explicitly overridden | freshness lifetime (e.g., upon a reload) unless explicitly overridden | |||
| by the user (e.g. a force reload). | by the user (e.g., a force reload). | |||
| The immutable extension only applies during the freshness lifetime of | The immutable extension only applies during the freshness lifetime of | |||
| the stored response. Stale responses SHOULD be revalidated as they | the stored response. Stale responses SHOULD be revalidated as they | |||
| normally would be in the absence of immutable. | normally would be in the absence of the immutable extension. | |||
| The immutable extension takes no arguments. If any arguments are | The immutable extension takes no arguments. If any arguments are | |||
| present, they have no meaning, and MUST be ignored. Multiple | present, they have no meaning and MUST be ignored. Multiple | |||
| instances of the immutable extension are equivalent to one instance. | instances of the immutable extension are equivalent to one instance. | |||
| The presence of an immutable Cache-Control extension in a request has | The presence of an immutable Cache-Control extension in a request has | |||
| no effect. | no effect. | |||
| 2.1. About Intermediaries | 2.1. About Intermediaries | |||
| An immutable response has the same semantic meaning when received by | An immutable response has the same semantic meaning when received by | |||
| proxy clients as it does when received by User-Agent based clients. | proxy clients as it does when received by user-agent-based clients. | |||
| Therefore proxies SHOULD skip conditionally revalidating fresh | Therefore, proxies SHOULD skip conditionally revalidating fresh | |||
| responses containing the immutable extension unless there is a signal | responses containing the immutable extension unless there is a signal | |||
| from the client that a validation is necessary (e.g. a no-cache | from the client that a validation is necessary (e.g., a no-cache | |||
| Cache-Control request directive defined by Section 5.2.1.4 of | Cache-Control request directive defined in Section 5.2.1.4 of | |||
| [RFC7234]). | [RFC7234]). | |||
| A proxy that uses immutable to bypass a conditional revalidation can | A proxy that uses the immutable extension to bypass a conditional | |||
| choose whether to reply with a 304 or 200 to its requesting client | revalidation can choose whether to reply with a 304 or 200 response | |||
| based on the request headers the proxy received. | to its requesting client based on the request headers the proxy | |||
| received. | ||||
| 2.2. Example | 2.2. Example | |||
| Cache-Control: max-age=31536000, immutable | Cache-Control: max-age=31536000, immutable | |||
| 3. Security Considerations | 3. Security Considerations | |||
| The immutable mechanism acts as form of soft pinning and, as with all | The immutable mechanism acts as form of soft pinning and, as with all | |||
| pinning mechanisms, creates a vector for amplification of cache | pinning mechanisms, creates a vector for amplification of cache | |||
| corruption incidents. These incidents include cache poisoning | corruption incidents. These incidents include cache-poisoning | |||
| attacks. Three mechanisms are suggested for mitigation of this risk: | attacks. Three mechanisms are suggested for mitigation of this risk: | |||
| o Clients SHOULD ignore immutable from resources that are not part | o Clients SHOULD ignore the immutable extension from resources that | |||
| of an authenticated context such as HTTPS. Authenticated | are not part of an authenticated context such as HTTPS. | |||
| resources are less vulnerable to cache poisoning. | Authenticated resources are less vulnerable to cache poisoning. | |||
| o User-Agents often provide two different refresh mechanisms: reload | o User agents often provide two different refresh mechanisms: reload | |||
| and some form of force-reload. The latter is used to rectify | and some form of force-reload. The latter is used to rectify | |||
| interrupted loads and other corruption. These reloads, typically | interrupted loads and other corruption. These reloads, typically | |||
| indicated through no-cache request attributes, SHOULD ignore | indicated through no-cache request attributes, SHOULD ignore the | |||
| immutable as well. | immutable extension as well. | |||
| o Clients SHOULD ignore immutable for resources that do not provide | o Clients SHOULD ignore the immutable extension for resources that | |||
| a strong indication that the stored response size is the correct | do not provide a strong indication that the stored response size | |||
| response size such as responses delimited by connection close. | is the correct response size such as responses delimited by | |||
| connection close. | ||||
| 4. IANA Considerations | 4. IANA Considerations | |||
| Section 7.1 of [RFC7234] requires registration of the immutable | The immutable extension has been registered in the "Hypertext | |||
| extension in the "Hypertext Transfer Protocol (HTTP) Cache Directive | Transfer Protocol (HTTP) Cache Directive Registry" per the guidelines | |||
| Registry" with IETF Review. | described in Section 7.1 of [RFC7234]. | |||
| o Cache-Directive: immutable | ||||
| o Pointer to specification text: [this document] | ||||
| 5. Acknowledgments | o Cache Directive: immutable | |||
| Thank you to Ben Maurer for partnership in developing and testing | o Reference: RFC 8246 | |||
| this idea. Thank you to Amos Jeffries for help with proxy | ||||
| interactions and to Mark Nottingham for help with the documentation. | ||||
| 6. References | 5. References | |||
| 6.1. Normative References | 5.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Conditional Requests", RFC 7232, | Protocol (HTTP/1.1): Conditional Requests", RFC 7232, | |||
| DOI 10.17487/RFC7232, June 2014, | DOI 10.17487/RFC7232, June 2014, | |||
| <https://www.rfc-editor.org/info/rfc7232>. | <https://www.rfc-editor.org/info/rfc7232>. | |||
| [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | |||
| RFC 7234, DOI 10.17487/RFC7234, June 2014, | RFC 7234, DOI 10.17487/RFC7234, June 2014, | |||
| <https://www.rfc-editor.org/info/rfc7234>. | <https://www.rfc-editor.org/info/rfc7234>. | |||
| 6.2. Informative References | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| 5.2. Informative References | ||||
| [REQPERPAGE] | [REQPERPAGE] | |||
| "HTTP Archive", n.d., | HTTP Archive, "Total Requests per Page", | |||
| <http://httparchive.org/interesting.php#reqTotal>. | <http://httparchive.org/interesting.php#reqTotal>. | |||
| 6.3. URIs | 5.3. URIs | |||
| [1] https://lists.w3.org/Archives/Public/ietf-http-wg/ | [1] https://lists.w3.org/Archives/Public/ietf-http-wg/ | |||
| [2] http://httpwg.github.io/ | [2] http://httpwg.github.io/ | |||
| [3] https://github.com/httpwg/http-extensions/labels/immutable | [3] https://github.com/httpwg/http-extensions/labels/immutable | |||
| Acknowledgments | ||||
| Thank you to Ben Maurer for partnership in developing and testing | ||||
| this idea. Thank you to Amos Jeffries for help with proxy | ||||
| interactions and to Mark Nottingham for help with the documentation. | ||||
| Author's Address | Author's Address | |||
| Patrick McManus | Patrick McManus | |||
| Mozilla | Mozilla | |||
| Email: pmcmanus@mozilla.com | Email: mcmanus@ducksong.com | |||
| End of changes. 37 change blocks. | ||||
| 55 lines changed or deleted | 79 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||