Hypertext Jeopardy Protocol (HTJP/1.0)
RFC 8565

Document Type RFC - Informational (April 2019; No errata)
Last updated 2019-04-01
Stream ISE
Formats plain text html pdf htmlized bibtex
Stream ISE state (None)
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 8565 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Independent Submission                                     E. Fokschaner
Request for Comments: 8565                                  1 April 2019
Category: Informational
ISSN: 2070-1721

                 Hypertext Jeopardy Protocol (HTJP/1.0)

Abstract

   The Hypertext Jeopardy Protocol (HTJP) inverts the request/response
   semantics of the Hypertext Transfer Protocol (HTTP).  Using
   conventional HTTP, one connects to a server, asks a question, and
   expects a correct answer.  Using HTJP, one connects to a server,
   sends an answer, and expects a correct question.  This document
   specifies the semantics of HTJP.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not candidates for any level of Internet Standard;
   see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8565.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Fokschaner                    Informational                     [Page 1]
RFC 8565             Hypertext Jeopardy Protocol 1.0        1 April 2019

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Used in This Document . . . . . . . . . . . . . .   3
   3.  Comparison with HTTP  . . . . . . . . . . . . . . . . . . . .   3
   4.  Response and Request Semantics  . . . . . . . . . . . . . . .   4
     4.1.  Applicability of Postel's Robustness Principle  . . . . .   4
     4.2.  Identifying the Server Associated with an HTJP Response .   5
     4.3.  Temporal Considerations . . . . . . . . . . . . . . . . .   5
     4.4.  Pseudo-Valid HTJP Messages  . . . . . . . . . . . . . . .   6
     4.5.  HTTP Responses That Are Not Requestable . . . . . . . . .   6
   5.  Caches and Proxies  . . . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
     7.1.  Securing HTTP against HTJP  . . . . . . . . . . . . . . .   7
       7.1.1.  Anti-HTJP-Nonce Header  . . . . . . . . . . . . . . .   8
     7.2.  HTJPS . . . . . . . . . . . . . . . . . . . . . . . . . .   8
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Appendix A.  Hypertext Double Jeopardy Protocol . . . . . . . . .  11
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  11
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   The Hypertext Jeopardy Protocol (HTJP) 1.0 is a stateless
   application-level response/request protocol that functions as the
   semantic inverse of the Hypertext Transfer Protocol (HTTP) 1.1 .

   It can roughly be specified in relation to HTTP by the following
   rules:

   o  Where an HTTP client would send an HTTP request message, an HTJP
      client would send an HTTP response message.

   o  Where an HTTP server would send an HTTP response message, an HTJP
      server would send an HTTP request message.

   o  The HTTP request sent as an HTJP response should be an HTTP
      request that (if sent to the appropriate HTTP server) would elicit
      the HTTP response sent in the HTJP request.

   HTJP is compatible with the HTTP/1.1 specification, at least in
   spirit, if not in letter.

Fokschaner                    Informational                     [Page 2]
RFC 8565             Hypertext Jeopardy Protocol 1.0        1 April 2019

   HTJP has novel applications in all the following areas:

   o  Generative automated testing of HTTP implementations and HTTP-
      based applications.

   o  Monitoring of HTTP-based applications in production.

   o  Forensic and diagnostic reconstruction of HTTP requests from HTTP
      response logs.

   o  Discovery of first-party and third-party security vulnerabilities.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
Show full document text