Internet-Draft | QSTV TLS extension | September 2023 |
Hewitt | Expires 28 March 2024 | [Page] |
This document specifies a new "qpack_static_table_version" TLS extension to enable clients and servers to agree upon the version of the HTTP/3 QPACK Static Table to use for communications between them.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 28 March 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
HTTP/3 uses QPACK [RFC9204] for compression of the header and trailer sections.¶
QPACK reuses core concepts from the HPACK algorithm used for HTTP/2, but as noted in its design "[...]is redesigned to allow correctness in the presence of out-of-order delivery, with flexibility for implementations to balance between resilience against head-of-line blocking and optimal compression ratio."¶
A core feature of QPACK is the use of a 'static table' which contains a predefined list of frequently-used field lines, each of which is identified by a unique, unchanging index in the table, enabling excellent compression of these field lines. Each entry in the static table may contain a field name or a field name/value combination. Less frequently-used fields or field name/value combinations are passed in the QPACK 'dynamic table'. Because of the optimal compression, defining field lines in the static table is significantly desirable over passing them in the dynamic table.¶
When the static table was originally defined, the field line entries it contained were calculated by determining the relative frequency with which each field line was found in a representative sampling of web traffic. However, as new HTTP fields become more frequently-used over time, it makes sense that they be added as additional entries to the static table to retain the high level of compression.¶
When clients and servers communicate using HTTP/3, they each need to be aware of how many static table entries the other is using, so there is no mismatch where one refers to a static table entry that the other does not recognize. As a result, clients and servers must agree upon the size of the static table they will both use. Because the size of the static table must be known prior to any HTTP requests passing between the client and server, this information must be passed during the TLS handshake.¶
This specification defines a new TLS extension which can be passed by both client and server to identify the version (size) of the static table that they will both use.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The following terms are used in this document:¶
Note that QPACK is a name, not an abbreviation.¶
The original QPACK static table [RFC9204] contains 99 entries (starting at entry 0, ending at entry 98), as follows:¶
Entry | Value | Notes |
---|---|---|
0 (first entry) | :authority | Field name only |
1 | :path / | Field name and value combination |
2 | Age 0 | Field name and value combination |
...2 - 97... | ||
98 (last entry) | x-frame-options sameorigin | Field name and value combination |
The table was generated by analyzing actual Internet traffic in 2018 and including the most common header fields, after filtering out some unsupported and non-standard values. Due to this methodology, some of the entries may be inconsistent or appear multiple times with similar but not identical values. The order of the entries is optimized to encode the most common header fields with the smallest number of bytes.¶
Over time, the IANA will re-sample actual internet traffic and as new field names or field name/value combinations become more prevalent, they will be appended as new entries to the static table and a new version of the static table will be published by IANA.¶
To maintain backwards-compatibility, new static table entries MUST be appended to the end of the current published version of the static table. Once added, entries MUST NOT be removed from a published version of the static table. As new versions of the static table are published, they can be implemented by both clients and servers. It is assumed that clients and servers will support only a single version of the static table.¶
The qpack_static_table_version TLS extension is an integer value which represents the number of entries in the static table supported by the sender.¶
The extension_data for the qpack_static_table_version extension is StaticTableLength, described below using the syntax defined in [RFC8446]:¶
The default value of the qpack_static_table_version extension is 99 - the size of the original QPACK static table.¶
The qpack_static_table_version extension has a minimum allowed value equal to the default value. Any value lower than the minimum allowed value, including a negative value, is invalid.¶
The qpack_static_table_version extension is OPTIONAL and MAY be passed by a client to a server in the ClientHello, to indicate the version of the static table that the client supports - that is, the number of static table entries that the client supports. If the qpack_static_table_version extension is not present in the ClientHello, the server MUST assume that the client is using the default value.¶
If the ClientHello includes the qpack_static_table_version extension, the server MAY respond in the ServerHello with its own version of the static table.¶
If either the ClientHello or the ServerHello do not include the qpack_static_table_version extension, or if an invalid value is specified, then both client and server must fall back to use the default value.¶
If both the client and the server pass the qpack_static_table_version extension, the lower version MUST be used by both client and server, thus ensuring that both client and server only reference entries in their static table up to the shared lowest version number.¶
Sample pseudocode processing:¶
Examples (assuming that multiple versions, including versions 114 and 126, have been published by IANA):¶
Client value | Server value | Value used |
---|---|---|
empty | empty | Version 99 |
empty | 114 | Version 99 |
114 | empty | Version 99 |
114 | 126 | Version 114 |
126 | 114 | Version 114 |
This memo requests that IANA, on an ongoing basis (suggested once per year), performs an analysis of a representative sample of web traffic to determine whether any fields or field/value combinations not currently present in the latest published version of the static table are found more frequently in HTTP/3 web traffic requests than the last entry in the current version of the static table.¶
In that case, these fields and field/value combinations should be appended as entries to the static table and a new version of the static table published.¶
This publishing by IANA will ensure that all clients and servers that wish to use a more recent version of the static table can be sure that the new entries are added in the same order for both client and server.¶
This document should not affect the security of the Internet.¶
Many thanks to Rich Salz and Mike Bishop at Akamai for their invaluable help.¶