The Cache-Status HTTP Response Header Field
draft-ietf-httpbis-cache-header-10

[Ballot comment]
Nicely done.  Just a couple of things to note:

The shepherd writeup doesn't fully answer questions (1) or (7).

A suggestion in Section 2:

OLD:
  The Cache-Status HTTP response header field indicates caches'
  handling of the request corresponding to the response it occurs
  within.
NEW:
  The Cache-Status HTTP response header field indicates caches'
  handling of the request corresponding to the response within which
  it occurs.

[Ballot comment]
** Is there further guidance that can be provided to inform the tradeoff between operational and security considerations?

(a) Section 2 says “While these parameters are OPTIONAL, caches are encouraged to provide as much information as possible.”

(b) Section 6 says “Attackers can use the information in Cache-Status to probe the
  behaviour of the cache (and other components), and infer the activity
  of those using the cache.  The Cache-Status header field may not
  create these risks on its own, but can assist attackers in exploiting
  them. 

  For example, knowing if a cache has stored a response can help an
  attacker execute a timing attack on sensitive data.  Exposing the
  cache key can help an attacker understand modifications to the cache
  key, which may assist cache poisoning attacks.  See [ENTANGLE] for
  details.”

On the one hand, the operational guidance in (a) seems to be saying share as much as you can to support debugging.  However, the security considerations of (b) reminds the reader that the presence these parameters can be exploited.  Is there any additional guidance that can be provided on how this tradeoff could or should be made?

[Ballot comment]
I made a pull request with a few editorial suggestions, at
https://github.com/httpwg/http-extensions/pull/1595

Section 2

  The Cache-Status header field is only applicable to responses that
  have been generated by an origin server.  An intermediary SHOULD NOT
  append a Cache-Status member to responses that it generates, even if
  that intermediary contains a cache, except when the generated
  response is based upon a stored response (e.g., a 304 Not Modified or
  206 Partial Content).

Is the 304/206 supposed to be an example of what the stored response was
or what the generated response is?  (Some similar text appears in §2.1
as well, though there is more context in the latter location to clarify
the intended meaning.)

  Caches determine when it is appropriate to add the Cache-Status
  header field to a response.  Some might add it to all responses,
  whereas others might only do so when specifically configured to, or
  when the request contains a header field that activates a debugging
  mode.

In light of the security considerations, we might want to put more
caveats here (e.g., on "add it to all responses").

Section 2.2

  The most specific reason that the cache is aware of SHOULD be used.
  See also [I-D.ietf-httpbis-semantics], Section 4.

I'm not entirely sure which parts of Section 4 of -semantics are
supposed to be of note in this scenario.

Section 4

  The Expert(s) should consider the following factors when evaluating
  requests:

  *  Community feedback

Where is community feedback to occur if the registration request is sent
to IANA?  (The link to https://iana.org/assignments/http-cache-status is
not currently active and thus has no preview of what the instructions to
new registrants are.)

Section 6

As the genart reviewer notes, what we describe here seems to include
giving a lot of information to potential attackers!  That said, since
this is largely codifying existing practice into a more interoperable
form, it seems better to publish than to not publish.  I do wonder if we
could give more guidance (or references) on reliable ways to determine
whether a client is authorized to receive sensitive cache-status
information.

Is rate-limiting the generation of this header field to a single
(unauthenticated/unauthorized) source likely to be of use in mitigating
attacks?  I can think of some scenarios where it does *not* help, but am
not sure if there are cases where it actually would help...

  For example, knowing if a cache has stored a response can help an
  attacker execute a timing attack on sensitive data.  Exposing the

(nit) The next sentence is a different example, and might benefit from
some additional transition text.

Also, knowing how long a cached response will be stored ("ttl") can help
an attacker in similar ways.

  cache key can help an attacker understand modifications to the cache
  key, which may assist cache poisoning attacks.  See [ENTANGLE] for
  details.

A naive reader might read this text and think that obfuscating the
"representation of the cache key" in the "key" parameter (e.g., so as to
return the same representation for cache keys that are actually
different in some subtle edge case) would be a useful countermeasure
against such attacks.  I think it would be helpful for us to make a
statement about that idea (AFAICT, it doesn't meaningfully help security
and hinders the utility of the header field, so would be
disrecommended).

[Ballot comment]
All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Document references draft-ietf-httpbis-semantics-16, but -17 is the latest
available revision.

Document references draft-ietf-httpbis-cache-16, but -17 is the latest
available revision.

[Ballot comment]
Thank you for the work put into this document.

Special thanks to Tommy Pauly for his shepherd's write-up, which contains a good summary of the WG consensus and the doc reviews.

Please find below some non-blocking COMMENT points (but replies would be appreciated), and one nit.

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

-- Abstract --
I am puzzled by the use of "updates it" where the "it" is rather undefined... especially as this document 'codifies' it, hence, this is the first time it is documented so no need to update it. If I am wrong, perhaps good to add a reference to the updated document ?

Also wondering about the use of 'codifies' in a standard track document, i.e., I was expected a 'specifies'. But, as a non-English speaker, the subtle differences among the English in different continents probably escape me :-)


-- Section 2 --

Out of curiosity, why do all parameters start with "sf-" ?

How is the IP address specified ? Should RFC 5952 be referenced ?

"The Cache-Status header field is only applicable to responses that have been generated by an origin server." but how can a cache know whether it connected to the 'actual origin' and not another level of CDN ? (possibly a very naive question)

-- Section 2.2 --
Should there be a "other" value to catch up any other cases ?

== NITS ==

-- Section 2 --
Just wondering about the capitalized 'List' in 'Its value is a List' when the rest of the section uses lowercase 'list'.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-httpbis-cache-header-08. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

A new registry will be created called the HTTP Cache-Status registry. We're using the title "HTTP Cache-Status" rather than "HTTP Cache-Status Parameters." Wherever possible, we're trying to leave the word "Parameters" and "Registry" out of titles, except where doing so causes confusion. The new registry will be on a new registry page located at:

https://iana.org/assignments/http-cache-status

There are eight initial registrations in the new registry as follows:

Name: hit
Description: The request was satisfied by the cache; i.e., it was not forwarded, and the response was obtained from the cache.
Reference: [ RFC-to-be ]

Name: fwd
Description: The request went forward towards the origin, and the reason why.
Reference: [ RFC-to-be ]

Name: fwd-status
Description: The status code the next hop server returned in response to the request.
Reference: [ RFC-to-be ]

Name: ttl
Description: the response's remaining freshness lifetime as calculated by the cache, as an integer number of seconds, measured when the response header section is sent by the cache.
Reference: [ RFC-to-be ]

Name: stored
Description: Whether the cache stored the response; a true value indicates that it did.
Reference: [ RFC-to-be ]

Name: collapsed
Description: Whether this request was collapsed together with one or more other forward requests; if true, the response was successfully reused; if not, a new request had to be made.
Reference: [ RFC-to-be ]

Name: key
Description: A representation of the cache key used for the response.
Reference: [ RFC-to-be ]

Name: detail
Description: Conveys additional information not captured in other parameters; for example, implementation-specific states, or other caching-related metrics.
Reference: [ RFC-to-be ]

The registration procedure for the new registry will be Expert Review as defined by RFC 8126.

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-07-07):

From: The IESG
To: IETF-Announce
CC: draft-ietf-httpbis-cache-header@ietf.org, francesca.palombini@ericsson.com, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (The Cache-Status HTTP Response Header Field) to Proposed Standard


The IESG has received a request from the HTTP WG (httpbis) to consider the
following document: - 'The Cache-Status HTTP Response Header Field'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-07-07. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  To aid debugging, HTTP caches often append header fields to a
  response explaining how they handled the request.  This specification
  codifies that practice and updates it to align with HTTP's current
  caching model.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-httpbis-cache-header/



No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

Proposed Standard, as indicated in the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This straightforward document defines a new header that HTTP caches can add to indicate details about how a request was handled with respect to caching. This is a standardization and unification of existing practices across the industry.

Working Group Summary:

This document went through WG adoption and review quite smoothly. It mainly engaged those members of the WG that work a lot on caching server deployments, who provided input with respect to how this could unify their implementations.

Document Quality:

Several different vendors in the working group have been engaged with this document, and plan to deploy. The document is of good quality, and seems ready for publication.

Personnel:

Document Shepherd: Tommy Pauly
Responsible AD: Francesca Palombini

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

I reviewed this document and requested that some minor editorial issues be cleaned up, which was done in version -08.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The reviews for this document have been appropriate for the relatively narrow scope of the topic; they have been mainly from a few contributors in the WG, but thorough.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

None specifically.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

No IPR disclosures have been filed.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

No IPR disclosures have been filed.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

WG consensus seems clear; the document received less feedback than some of our larger documents, but was supported by the individuals engaged with this document (who also have the expertise in the topic).

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No discontent has been raised.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

No nits found.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

Not applicable.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No changes to existing RFCs.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

The document is largely about defining a new header, which comes along with a new IANA registry to contain cache-status fields. This is well written and clear.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

HTTP Cache-Status Parameters registry

The HTTPbis WG should likely be consulted for selection of experts; having these experts be consistent with existing registries, such as the HTTP Cache Directive registry, would make sense.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

ABNF rules are valid.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

No YANG

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

Proposed Standard, as indicated in the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This straightforward document defines a new header that HTTP caches can add to indicate details about how a request was handled with respect to caching. This is a standardization and unification of existing practices across the industry.

Working Group Summary:

This document went through WG adoption and review quite smoothly. It mainly engaged those members of the WG that work a lot on caching server deployments, who provided input with respect to how this could unify their implementations.

Document Quality:

Several different vendors in the working group have been engaged with this document, and plan to deploy. The document is of good quality, and seems ready for publication.

Personnel:

Document Shepherd: Tommy Pauly
Responsible AD: Francesca Palombini

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

I reviewed this document and requested that some minor editorial issues be cleaned up, which was done in version -08.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The reviews for this document have been appropriate for the relatively narrow scope of the topic; they have been mainly from a few contributors in the WG, but thorough.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

None specifically.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

No IPR disclosures have been filed.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

No IPR disclosures have been filed.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

WG consensus seems clear; the document received less feedback than some of our larger documents, but was supported by the individuals engaged with this document (who also have the expertise in the topic).

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No discontent has been raised.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

No nits found.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

Not applicable.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No changes to existing RFCs.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

The document is largely about defining a new header, which comes along with a new IANA registry to contain cache-status fields. This is well written and clear.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

HTTP Cache-Status Parameters registry

The HTTPbis WG should likely be consulted for selection of experts; having these experts be consistent with existing registries, such as the HTTP Cache Directive registry, would make sense.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

ABNF rules are valid.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

No YANG