Skip to content

Instantly share code, notes, and snippets.

@kazuho

kazuho/index.txt

Last active January 27, 2016 06:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kazuho/238de4ab8a964c9c927c to your computer and use it in GitHub Desktop.
Save kazuho/238de4ab8a964c9c927c to your computer and use it in GitHub Desktop.
Download ZIP
private draft for the Cache Digests for HTTP/2 I-D
Raw
index.txt
Network Working Group K. Oku
Internet-Draft DeNA Co, Ltd.
Intended status: Informational M. Nottingham
Expires: July 29, 2016
January 26, 2016
Cache Digests for HTTP/2
draft-kazuho-h2-cache-digest-00
Abstract
This specification defines a HTTP request header to allow clients to
inform the server of their cache's contents. Servers can then use
this to inform their choices of what to push to clients.
Note to Readers
The issues list for this draft can be found at https://github.com/
mnot/I-D/labels/h2-cache-digest [1].
The most recent (often, unpublished) draft is at https://
mnot.github.io/I-D/h2-cache-digest/ [2].
Recent changes are listed at https://github.com/mnot/I-D/commits/gh-
pages/h2-cache-digest [3].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 29, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
Oku & Nottingham Expires July 29, 2016 [Page 1]
Internet-Draft Cache Digests for HTTP/2 January 2016
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Cache-Digest Header Field . . . . . . . . . . . . . . . . 3
2.1. The Host Parameter . . . . . . . . . . . . . . . . . . . 4
2.2. The Path Parameter . . . . . . . . . . . . . . . . . . . 4
2.3. Computing the Digest-Value . . . . . . . . . . . . . . . 5
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Normative References . . . . . . . . . . . . . . . . . . 7
5.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 8
A.1. Since draft-kazuho-h2-cache-digest-00 . . . . . . . . . . 8
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
HTTP/2 [RFC7540] allows a server to "push" synthetic request/response
pairs into a client's cache optimistically. While there is strong
interest in using this facility to improve perceived Web browsing
performance, it is sometimes counterproductive because the client
might already have cached the "pushed" response.
When this is the case, the bandwidth used to "push" the response is
effectively wasted, and represents opportunity cost, because it could
be used by other, more relevant responses. HTTP/2 allows a stream to
be cancelled by a client using a RST_STREAM frame in this situation,
but there is still at least one round trip of potentially wasted
capacity even then.
This specification defines a HTTP request header to allow clients to
inform the server of their cache's contents using a Golumb-Rice Coded
Set. Servers can then use this to inform their choices of what to
push to clients.
Oku & Nottingham Expires July 29, 2016 [Page 2]
Internet-Draft Cache Digests for HTTP/2 January 2016
1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. The Cache-Digest Header Field
The Cache-Digest HTTP request header field conveys a digest of the
contents of the cache associated with that request, as explained in
Section 2.3.
In typical use, a server will use the value of the request header to
determine which associated assets (e.g., CSS, JavaScript and images)
should be pushed to the client along with the response to the
request.
cache-digest = 1#digest-element
digest-element = digest-value *(OWS ";" OWS digest-parameter)
digest-value = unreserved
digest-parameter = token "=" (token / quoted-string)
Digest-value contains a digest of the contents of the cache
associated with the request as computed in Section 2.3. Scope and
Role of the value is defined by the four parameters defined by this
specification: "type", "codec", "host", "path". A server MUST ignore
unknown parameters.
The only value of the "type" parameter defined in this specification
is "fresh". The only value of the "codec" parameter defined in this
specification is "gcs-sha256". A client MAY omit the parameters; if
not present, the values are assumed to be "fresh" and "gcs-sha256".
A server MUST ignore a digest-element with unknown "type" or "codec".
As an example, the cache-digest header of the HTTP request below
contains a cache digest of resources obtained from "example.com",
indicating that the "https://example.com/style.css" and "https://
example.com/script.js" exist as fresh entries in the cache.
GET / HTTP/1.1
Host: example.com
Cache-Digest: CgRSlw
A client MAY express its cache digest using more than one digest-
element. When HPACK [RFC7541] is used, it is possible for a client
to achieve better compression ratio by resubmitting the Cache-Digest
header included in the previous requests at the same time storing the
Oku & Nottingham Expires July 29, 2016 [Page 3]
Internet-Draft Cache Digests for HTTP/2 January 2016
digests for recently-obtained resources in a separate cache-digest
header.
The example below uses two "Cache-Digest" headers to indicate that
the client is in possesion of three fresh resources: "https://
example.com/style.css", "https://example.com/script.js", "https://
example.com/icon.ico".
GET / HTTP/1.1
Host: example.com
Cache-Digest: CgRSlw
Cache-Digest: Chxf
2.1. The Host Parameter
The "host" parameter modifies the scope of the digest-value.
If present, the scope of the digest-value is the resources belonging
to the specified host. If "https" scheme is used, the parameter MAY
contain a wildcard character "*". In such case, the scope of the
digest-value is the resources belonging to all the hosts that match
against the value of the parameter as defined in [RFC2818],
Section 3. The value SHOULD be a subset of the hosts the server is
authoritative of.
If not present, the scope of the digest-value is the authority of the
target URI.
Typically, a client can use the field to specify that it is sending a
cache digest for entire host, or for multiple hosts that match
against a wildcard certificate provided by a server.
2.2. The Path Parameter
The "path" parameter narrows the scope of the digest-value.
If present, the scope of the digest-value is the resources matching
to at least one of the following conditions:
o the parameter is identical to the path of the resource
o the paramater is a prefix of the path of the resource, and the
parameter ends with "/"
o the parameter is a prefix of the path of the resource, and the
first character of the path not included in the parameter is "/"
Oku & Nottingham Expires July 29, 2016 [Page 4]
Internet-Draft Cache Digests for HTTP/2 January 2016
If not present, the scope is solely governed by the rules described
for the "host" parameter.
2.3. Computing the Digest-Value
The set of URLs that is used to compute digest-value MUST only
include URLs that share the scheme with the target URI, fall into the
scopes defined by both of the "host" and "path" parameters, and they
MUST be fresh [RFC7234].
A client MAY choose a subset of the available stored responses to
include in the set. Additionally, it MUST choose a parameter, "P",
that indicates the probability of a false positive it is willing to
tolerate, expressed as "1/P".
"P" MUST be a power of 2, smaller than 2**32.
To compute a digest-value for the set "URLs" and "P":
1. Let N be the count of "URLs"' members, rounded up to power of 2.
If N is above 2*32, then let N be 2*31.
2. Let "hash-values" be an empty array of integers.
3. Append 0 to "hash-values".
4. For each "URL" in URLs, follow these steps:
1. Convert "URL" to an ASCII string by percent-encoding as
appropriate [RFC3986].
2. Let "key" be the SHA-256 message digest [RFC6234] of URL,
expressed as an integer.
3. Truncate "key" to log2( "N" * "P" ) bits.
4. Append "key" to "hash-values".
5. Sort "hash-values" in ascending order.
6. Let "digest" be an empty array of bits.
7. Write log base 2 of "N" to "digest" using 5 bits.
8. Write log base 2 of "P" to "digest" using 5 bits.
9. For each "V" in "hash-values":
Oku & Nottingham Expires July 29, 2016 [Page 5]
Internet-Draft Cache Digests for HTTP/2 January 2016
1. Let "W" be the value following "V" in "hash-values".
2. If "W" and "V" are equal, continue to the next "V".
3. Let "D" be the result of "W - V - 1".
4. Let "Q" be the integer result of "D / P".
5. Let "R" be the result of "D modulo P".
6. Write "Q" '1' bits to "digest".
7. Write 1 '0' bit to "digest".
8. Write "R" to "digest" as binary, using log2(P) bits.
9. If "V" is the second-to-last member of "hash-values", stop
iterating through "hash-values" and continue to the next
step.
10. If the length of "digest" is not a multiple of 8, pad it with 1s
until it is.
11. Encode the value of the "digest" using base64url [RFC4648]
encoding.
3. IANA Considerations
This draft currently has no requirements for IANA. If the Cache-
Digest header is standardised, it will need to be registered to the
"Message Headers" registry.
4. Security Considerations
The contents of a User Agent's cache can be used to re-identify or
"fingerprint" the user over time, even when other identifiers (e.g.,
Cookies [RFC6265]) are cleared.
Cache-Digest header allows such cache-based fingerprinting to become
passive, since it allows the server to discover the state of the
client's cache without any visible change in server behaviour.
As a result, clients MUST mitigate for this threat when the user
attempts to remove identifiers (e.g., "clearing cookies"). This
could be achieved in a number of ways; for example: by clearing the
cache, by changing one or both of N and P, or by adding new,
synthetic entries to the digest to change its contents.
Oku & Nottingham Expires July 29, 2016 [Page 6]
Internet-Draft Cache Digests for HTTP/2 January 2016
TODO: discuss how effective the suggested mitigations actually would
be.
Additionally, User Agents SHOULD NOT send Cache-Digest header when in
"privacy mode."
5. References
5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/
RFC2818, May 2000,
<http://www.rfc-editor.org/info/rfc2818>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<http://www.rfc-editor.org/info/rfc4648>.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487
/RFC6234, May 2011,
<http://www.rfc-editor.org/info/rfc6234>.
[RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, DOI
10.17487/RFC6454, December 2011,
<http://www.rfc-editor.org/info/rfc6454>.
[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
RFC 7234, DOI 10.17487/RFC7234, June 2014,
<http://www.rfc-editor.org/info/rfc7234>.
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI
10.17487/RFC7540, May 2015,
<http://www.rfc-editor.org/info/rfc7540>.
Oku & Nottingham Expires July 29, 2016 [Page 7]
Internet-Draft Cache Digests for HTTP/2 January 2016
5.2. Informative References
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
DOI 10.17487/RFC6265, April 2011,
<http://www.rfc-editor.org/info/rfc6265>.
[RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for
HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015,
<http://www.rfc-editor.org/info/rfc7541>.
Appendix A. Change Log
A.1. Since draft-kazuho-h2-cache-digest-00
Use a HTTP request header (instead of a HTTP/2 frame) to express the
digest.
Change the number of bits required for encoding "N" and "P".
Appendix B. Acknowledgements
Thanks to Adam Langley and Giovanni Bajo for their explorations of
Golumb-coded sets. In particular, see http://giovanni.bajo.it/post/
47119962313/golomb-coded-sets-smaller-than-bloom-filters [4], which
refers to sample code.
Authors' Addresses
Kazuho Oku
DeNA Co, Ltd.
Email: kazuhooku@gmail.com
Mark Nottingham
Email: mnot@mnot.net
URI: https://www.mnot.net/
Oku & Nottingham Expires July 29, 2016 [Page 8]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment