Hypertext Jeopardy Protocol (HTJP/1.0)
RFC 8565
|
Document |
Type |
|
RFC - Informational
(April 2019; No errata)
|
|
Authors |
|
|
|
Last updated |
|
2019-04-01
|
|
Stream |
|
ISE
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
Stream |
ISE state
|
|
(None)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Document shepherd |
|
No shepherd assigned
|
IESG |
IESG state |
|
RFC 8565 (Informational)
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Independent Submission E. Fokschaner
Request for Comments: 8565 1 April 2019
Category: Informational
ISSN: 2070-1721
Hypertext Jeopardy Protocol (HTJP/1.0)
Abstract
The Hypertext Jeopardy Protocol (HTJP) inverts the request/response
semantics of the Hypertext Transfer Protocol (HTTP). Using
conventional HTTP, one connects to a server, asks a question, and
expects a correct answer. Using HTJP, one connects to a server,
sends an answer, and expects a correct question. This document
specifies the semantics of HTJP.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8565.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Fokschaner Informational [Page 1]
RFC 8565 Hypertext Jeopardy Protocol 1.0 1 April 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. Comparison with HTTP . . . . . . . . . . . . . . . . . . . . 3
4. Response and Request Semantics . . . . . . . . . . . . . . . 4
4.1. Applicability of Postel's Robustness Principle . . . . . 4
4.2. Identifying the Server Associated with an HTJP Response . 5
4.3. Temporal Considerations . . . . . . . . . . . . . . . . . 5
4.4. Pseudo-Valid HTJP Messages . . . . . . . . . . . . . . . 6
4.5. HTTP Responses That Are Not Requestable . . . . . . . . . 6
5. Caches and Proxies . . . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7.1. Securing HTTP against HTJP . . . . . . . . . . . . . . . 7
7.1.1. Anti-HTJP-Nonce Header . . . . . . . . . . . . . . . 8
7.2. HTJPS . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . 9
8.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Hypertext Double Jeopardy Protocol . . . . . . . . . 11
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
The Hypertext Jeopardy Protocol (HTJP) 1.0 is a stateless
application-level response/request protocol that functions as the
semantic inverse of the Hypertext Transfer Protocol (HTTP) 1.1 .
It can roughly be specified in relation to HTTP by the following
rules:
o Where an HTTP client would send an HTTP request message, an HTJP
client would send an HTTP response message.
o Where an HTTP server would send an HTTP response message, an HTJP
server would send an HTTP request message.
o The HTTP request sent as an HTJP response should be an HTTP
request that (if sent to the appropriate HTTP server) would elicit
the HTTP response sent in the HTJP request.
HTJP is compatible with the HTTP/1.1 specification, at least in
spirit, if not in letter.
Fokschaner Informational [Page 2]
RFC 8565 Hypertext Jeopardy Protocol 1.0 1 April 2019
HTJP has novel applications in all the following areas:
o Generative automated testing of HTTP implementations and HTTP-
based applications.
o Monitoring of HTTP-based applications in production.
o Forensic and diagnostic reconstruction of HTTP requests from HTTP
response logs.
o Discovery of first-party and third-party security vulnerabilities.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
Show full document text