Skip to main content

HTTP Alternative Services
RFC 7838

Revision differences

Document history

Date Rev. By Action
2021-03-16
14 (System) Received changes through RFC Editor sync (added Errata tag)
2016-04-08
14 (System) IANA registries were updated to include RFC7838
2016-04-07
14 (System) RFC published
2016-04-06
14 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2016-04-01
14 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2016-03-23
14 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2016-03-21
14 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2016-03-20
14 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2016-03-18
14 (System) IANA Action state changed to Waiting on Authors
2016-03-08
14 (System) RFC Editor state changed to EDIT
2016-03-08
14 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2016-03-08
14 (System) Announcement was received by RFC Editor
2016-03-08
14 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'No Response'
2016-03-08
14 Julian Reschke IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2016-03-08
14 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-14.txt
2016-03-08
13 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2016-03-08
13 Amy Vezza IESG has approved the document
2016-03-08
13 Amy Vezza Closed "Approve" ballot
2016-03-08
13 Amy Vezza Ballot approval text was generated
2016-03-08
13 Barry Leiba IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed
2016-03-03
13 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Benoit Claise
2016-03-03
13 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Benoit Claise
2016-03-03
13 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'Withdrawn'
2016-03-03
13 Cindy Morgan IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2016-03-03
13 Michelle Cotton IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2016-03-03
13 Benoît Claise
[Ballot comment]
A clear sentence such as this one would have helped me:
OLD:
  This specification defines a new concept in HTTP, "Alternative
  …
[Ballot comment]
A clear sentence such as this one would have helped me:
OLD:
  This specification defines a new concept in HTTP, "Alternative
  Services", that allows an origin server to nominate additional means
  of interacting with it on the network. 
NEW:
  This specification defines a new concept in HTTP, "Alternative
  Services", applicable to both HTTP 1.1 and HTTP 2.0, that allows
  an origin server to nominate additional means of interacting with
  it on the network. 

I overlooked this info in the following sentence, i.e. the fact that HTTP header = HTTP 1.1:

  It defines a general
  framework for this in Section 2, along with specific mechanisms for
  advertising their existence using HTTP header fields (Section 3) or
  HTTP/2 frames (Section 4), plus a way to indicate that an alternative
  service was used (Section 5).
2016-03-03
13 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2016-03-02
13 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2016-03-02
13 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2016-03-02
13 Spencer Dawkins
[Ballot comment]
A couple of very nitty nits.

In this text

  When the protocol does not explicitly carry the scheme (e.g., as is
  …
[Ballot comment]
A couple of very nitty nits.

In this text

  When the protocol does not explicitly carry the scheme (e.g., as is
  usually the case for HTTP/1.1 over TLS, servers can mitigate this
                                        ^
I think there's a missing closing parenthesis right around here.

If there's not, I'm having trouble parsing the sentence.
                                       
  risk by either assuming that all requests have an insecure context,
  or by refraining from advertising alternative services for insecure
  schemes (such as HTTP).
 
If there was an obvious reference for SPDY in this text

  The Alt-Svc header field was influenced by the design of the
  Alternate-Protocol header field in SPDY.
 
that might be useful to include.
2016-03-02
13 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2016-03-02
13 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2016-03-01
13 Ben Campbell
[Ballot comment]
Just a few minor comments:

= Substantive =

- 2.2, last paragraph:

Why might a client choose not to to remove non-persistent alternatives …
[Ballot comment]
Just a few minor comments:

= Substantive =

- 2.2, last paragraph:

Why might a client choose not to to remove non-persistent alternatives from cache on a network change? (i.e., why not MUST)?

- 2.4, first 2 paragraphs:

These paragraphs seem to be equivalent to saying “Clients MAY use alternative services; also they SHOULD.”  Or is the intent that, if a client uses alternative services, it SHOULD do so under these conditions?

= Editorial =

- 2.3, first paragraph:
I find "MUST only" constructions to be confusing and sometimes ambiguous due to the implied NOT. I suggest making that explicit:
OLD
  A client MUST only use a TLS-based alternative service if the client also supports TLS Server Name Indication (SNI).
NEW
  A client MUST NOT use a TLS-based alternative service unless the client supports TLS Server Name Indication (SNI).
2016-03-01
13 Ben Campbell [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell
2016-03-01
13 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2016-03-01
13 Barry Leiba IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2016-03-01
13 (System) Sub state has been changed to AD Followup from Revised ID Needed
2016-03-01
13 Julian Reschke IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2016-03-01
13 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-13.txt
2016-03-01
12 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2016-03-01
12 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2016-03-01
12 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2016-03-01
12 Stephen Farrell
[Ballot comment]

- If TLS1.3 continues to have 0rtt replayable early-data,
could that interact badly with Alt-Svc? Or what about
false-start? For example, if such …
[Ballot comment]

- If TLS1.3 continues to have 0rtt replayable early-data,
could that interact badly with Alt-Svc? Or what about
false-start? For example, if such a combination meant that an
otherwise functional replay detection scheme would fail to
spot a replay that would be bad. This is not a DISCUSS, as
neither TLS1.3 nor false-start are formally "done" so blocking
this for that reason would be "odd";-) However, both are
implemented or will be, so I would love to chat about it and
that might lead to some new security considerations text, here
or in a TLS document.

- Does this still all work for opportunistic security for
HTTP? If not, why not? Note: I'm not asking if the WG have
reached consensus on oppo, rather I'd like to be reassured
that if they do, this will still work for that. I think that's
all ok, though, right?

- section 3: with "clear" you say alternatives are to be
invalidated. Does that mean anything about cached resources? I
assume not, but just checking.

- section 5: I wondered why you didn't include the ALPN
identifier here?

- 9.2: What does "might also choose" mean and which "other
requirements" have you in mind? That's very vague.

- 9.5: What are you telling me with the last para?
2016-03-01
12 Stephen Farrell [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell
2016-03-01
12 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2016-02-29
12 Francis Dupont Request for Last Call review by GENART Completed: Ready. Reviewer: Francis Dupont.
2016-02-25
12 Sabrina Tanamal IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2016-02-25
12 Alissa Cooper
[Ballot comment]
Couple of places where the language used was confusing for me:

= Sec 2.4 =

s/it can be used until the alternative connection …
[Ballot comment]
Couple of places where the language used was confusing for me:

= Sec 2.4 =

s/it can be used until the alternative connection is established./the existing connection can be used until the alternative connection is established./

= Sec 3.1 =

OLD
Unknown parameters MUST be ignored, that is
  the values (alt-value) they appear in MUST be processed as if the
  unknown parameter was not present.

NEW
Unknown parameters MUST be ignored. That is,
  the values (alt-value) in which they appear MUST be processed as if the
  unknown parameters were not present.
2016-02-25
12 Alissa Cooper [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper
2016-02-25
12 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Chris Lonvick.
2016-02-24
12 Barry Leiba Ballot has been issued
2016-02-24
12 Barry Leiba [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba
2016-02-24
12 Barry Leiba Created "Approve" ballot
2016-02-24
12 Barry Leiba IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2016-02-24
12 Barry Leiba Changed consensus to Yes from Unknown
2016-02-24
12 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2016-02-23
12 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2016-02-23
12 Sabrina Tanamal
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-httpbis-alt-svc-12.txt. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-httpbis-alt-svc-12.txt. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are three actions which IANA needs to complete.

First, in the Permanent Message Header Field Names subregistry of the Message Headers registry located at:

https://www.iana.org/assignments/message-headers/

two new message header fields will be added as follows:

Header Field Name: Alt=Svc
Template:
Protocol: http
Status: standard
Reference: [ RFC-to-be ]

Header Field Name: Alt-Used
Template:
Protocol: http
Status: standard
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 5226) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

Second, in the HTTP/2 Frame Type subregistry of the Hypertext Transfer Protocol version 2 (HTTP/2) Parameters registry located at:

https://www.iana.org/assignments/http2-parameters/

a single, new frame type will be registered as follows:

Code: [ TBD-at-Registratio ]
Frame Type: ALTSVC
Reference: [RFC-to-be, Section 4 ]

IANA notes that the draft requests that the value '0xa' be used for the code in this registration.

Third, a new top-level registry will be created at the IANA Matrix located at:

https://www.iana.org/protocols

named the HTTP Alt-Svc Parameter Registry. This new registry is to be maintained through Expert Review as defined in RFC 5226.

There are initial registrations in the new registry as follows:

+-------------------+----------------------------+
| Alt-Svc Parameter | Reference |
+-------------------+----------------------------+
| ma | [ REC-to-be, Section 3.1 ] |
| persist | [ REC-to-be, Section 3.1 ] |
+-------------------+----------------------------+

IANA understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. 


Thank you,

Sabrina Tanamal
IANA Specialist
ICANN
2016-02-13
12 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Susan Hares
2016-02-13
12 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Susan Hares
2016-02-11
12 Jean Mahoney Request for Last Call review by GENART is assigned to Francis Dupont
2016-02-11
12 Jean Mahoney Request for Last Call review by GENART is assigned to Francis Dupont
2016-02-11
12 Tero Kivinen Request for Last Call review by SECDIR is assigned to Chris Lonvick
2016-02-11
12 Tero Kivinen Request for Last Call review by SECDIR is assigned to Chris Lonvick
2016-02-10
12 Amy Vezza IANA Review state changed to IANA - Review Needed
2016-02-10
12 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: httpbis-chairs@ietf.org, michael.bishop@microsoft.com, draft-ietf-httpbis-alt-svc@ietf.org, "Mike Bishop" , ietf-http-wg@w3.org, …
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: httpbis-chairs@ietf.org, michael.bishop@microsoft.com, draft-ietf-httpbis-alt-svc@ietf.org, "Mike Bishop" , ietf-http-wg@w3.org, barryleiba@gmail.com
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (HTTP Alternative Services) to Proposed Standard


The IESG has received a request from the Hypertext Transfer Protocol WG
(httpbis) to consider the following document:
- 'HTTP Alternative Services'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-02-24. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document specifies "Alternative Services" for HTTP, which allow
  an origin's resources to be authoritatively available at a separate
  network location, possibly accessed with a different protocol
  configuration.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-httpbis-alt-svc/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-httpbis-alt-svc/ballot/


No IPR declarations have been submitted directly on this I-D.


2016-02-10
12 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2016-02-10
12 Amy Vezza Last call announcement was changed
2016-02-09
12 Barry Leiba Placed on agenda for telechat - 2016-03-03
2016-02-09
12 Barry Leiba Last call was requested
2016-02-09
12 Barry Leiba Last call announcement was generated
2016-02-09
12 Barry Leiba Ballot approval text was generated
2016-02-09
12 Barry Leiba IESG state changed to Last Call Requested from AD Evaluation::Point Raised - writeup needed
2016-02-08
12 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-12.txt
2016-02-03
11 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-11.txt
2015-12-31
10 Barry Leiba IESG state changed to AD Evaluation::Point Raised - writeup needed from AD Evaluation
2015-12-30
10 Barry Leiba IESG state changed to AD Evaluation from Publication Requested
2015-12-30
10 Barry Leiba Ballot writeup was changed
2015-12-30
10 Barry Leiba Ballot writeup was generated
2015-12-29
10 Mark Nottingham
# Shepherd Writeup for Alt-Svc

## 1. Summary

Mike Bishop is the document shepherd; Barry Leiba is the responsible
Area Director.

This document specifies a …
# Shepherd Writeup for Alt-Svc

## 1. Summary

Mike Bishop is the document shepherd; Barry Leiba is the responsible
Area Director.

This document specifies a method to provide clients authoritative access
to HTTP origins at a different network location and/or using a different
protocol stack.

The requested publication type is Proposed Standard.

## 2. Review and Consensus

The document started as an individual draft which provided a potential
solution to several related problems in the HTTP space, helping clients
become aware of multiple network or protocol endpoints for an origin
that could serve the same content in different ways. It drew inspiration
from an existing proprietary solution, Alternate-Protocol, used by
Chromium during SPDY development.

There was implementation interest from Mozilla Firefox and Akamai, along
with willingness from Google Chrome to migrate from Alternate-Protocol
to Alt-Svc. Other implementers were less interested, but as the behavior
is fully optional for clients, the consensus was to adopt the document.
During the HTTP/2 standardization process, the Alt-Svc document was
discussed and worked on in parallel; HTTP/2-specific pieces were
originally added to the HTTP/2 specification at the time of adoption,
but were moved into this document after HTTP/2's extension story was
agreed upon.

There has been some interest in defining additional ways to discover
Alternative Services, and this document intentionally does not close the
door on that. It discusses client behavior when dealing with
Alternatives of which it is aware, and defines two possible ways a
client can learn about Alternatives. Future drafts may define additional
ways, such as DNS.

Technical discussions involved a broad section of the working group,
with the most focus from a few client and proxy implementers. There has
been some back and forth about the right balance between utility and
security, but the document now reflects general consensus. This is
reflected by a thoroughly-discussed Security Considerations section,
which covers ways in which Alt-Svc could be used to track clients or
persist attacks, and gives guidance to implementations on ways to
minimize the potential impacts.

## 3. Intellectual Property

Each author has stated that their direct, personal knowledge of any IPR
related to this document has already been disclosed, in conformance with
BCPs 78 and 79.

No disclosures have been submitted regarding prior work in this space.

## 4. Other Points

There are no downward references. The IANA Considerations are clear, and
the Expert Reviewers for the existing registries have been actively
involved in the draft process. A new registry is also created for
parameters modifying properties of Alt-Svc listings.

There was some discussion over whether parameters would be
mandatory-to-understand (ignoring the entire entry otherwise), or always
optional. In the end, parameters were made optional-to-understand in all
cases, to avoid exploding the list of alternatives when multiple
optional parameters were used.
2015-12-29
10 Mark Nottingham Responsible AD changed to Barry Leiba
2015-12-29
10 Mark Nottingham IETF WG state changed to Submitted to IESG for Publication from In WG Last Call
2015-12-29
10 Mark Nottingham IESG state changed to Publication Requested
2015-12-29
10 Mark Nottingham IESG process started in state Publication Requested
2015-12-29
10 Mark Nottingham Changed document writeup
2015-12-20
10 Mark Nottingham Notification list changed to "Mike Bishop" <michael.bishop@microsoft.com>
2015-12-20
10 Mark Nottingham Document shepherd changed to Mike Bishop
2015-12-14
10 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-10.txt
2015-12-06
09 Mark Nottingham Document shepherd changed to (None)
2015-11-18
09 Mark Nottingham IETF WG state changed to In WG Last Call from WG Document
2015-11-17
09 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-09.txt
2015-09-20
08 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-08.txt
2015-05-15
07 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-07.txt
2015-02-10
06 Mark Nottingham Intended Status changed to Proposed Standard from None
2015-02-05
06 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-06.txt
2014-12-01
05 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-05.txt
2014-10-27
04 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-04.txt
2014-09-30
03 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-03.txt
2014-07-04
02 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-02.txt
2014-04-01
01 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-01.txt
2014-03-28
00 Mark Nottingham Document shepherd changed to Mark Nottingham
2014-03-28
00 Julian Reschke New version available: draft-ietf-httpbis-alt-svc-00.txt