datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

HTTP/2.0 Intra-Connection Negotiation
draft-snell-httpbis-keynego-02

Document type: Active Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2013-11-25
Intended RFC status: Unknown
Other versions: plain text, xml, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: I-D Exists
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                           J. Snell
Internet-Draft
Intended status: Informational                         November 25, 2013
Expires: May 29, 2014

                 HTTP/2.0 Intra-Connection Negotiation
                     draft-snell-httpbis-keynego-02

Abstract

   This memo describes a proposed modification to HTTP/2.0 that
   introduces the concepts of Intra-Connection Negotiation and Secure
   Framing.

Status of This Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 29, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Snell                     Expires May 29, 2014                  [Page 1]
Internet-Draft    HTTP/2.0 Intra-Connection Negotiation    November 2013

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Agreement Negotiation . . . . . . . . . . . . . . . . . . . .   2
     2.1.  Example: Pre-Shared Key . . . . . . . . . . . . . . . . .   3
     2.2.  Example: Multi-step Negotiation . . . . . . . . . . . . .   3
   3.  Secure Framing (Option 1) . . . . . . . . . . . . . . . . . .   4
   4.  Secure Framing (Option 2) . . . . . . . . . . . . . . . . . .   5
   5.  Renegotiation of Agreements . . . . . . . . . . . . . . . . .   5
   6.  Explicit Termination of Agreements  . . . . . . . . . . . . .   5
   7.  The INTEGRITY frame type  . . . . . . . . . . . . . . . . . .   6
   8.  Secure Tunneling with CONNECT . . . . . . . . . . . . . . . .   6
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   10. Normative References  . . . . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   HTTP/2.0 Intra-Connection Negotiation allows peers to dynamically
   negotiate agreements (e.g. for cryptographic keys) with an origin (as
   defined by [RFC6454]) from within an established HTTP/2.0 connection.

   This mechanism would provide a number of important benefits,
   including:

   1.  The ability to negotiate multiple agreements for one or more
       origins within a single HTTP/2.0 connection;

   2.  The ability to revoke and renegotiate agreements on the fly
       without tearing down and reestablishing the HTTP/2.0 connection;

   3.  Support for multiple negotiation mechanisms, including pre-shared
       key, etc;

2.  Agreement Negotiation

   Intra-Connection Negotiation is facilitated through the use of a new
   "NEGOTIATE" HTTP pseudo-method.  The HTTP header field mapping for
   the NEGOTIATE method works similarly to that of CONNECT methods, with
   a few notable exceptions:

   o  The ":method" header field is set to "NEGOTIATE".

   o  The ":scheme" and ":path" header fields MUST be omitted.

   o  The ":authority" header field contains the host and port of the
      origin for which an agreement is being negotiated.

Snell                     Expires May 29, 2014                  [Page 2]
Internet-Draft    HTTP/2.0 Intra-Connection Negotiation    November 2013

   o  An ":id" header field MUST be given specifying the 31-bit numeric
      identifier of the agreement being negotiated.

   o  An ":algorithm" header field MUST be given specifying the IRI
      identifier of the negotiation / agreement algorithm being
      utilized.

   A complete negotiation consumes a single stream within a connection
   and may consist of one or more distinct "messages" exchanged within
   that stream.  The number of messages required for a negotiation
   depends on the specific algorithm being used.  On HEADERS and DATA

[include full document text]