HTTP (httpbis) Internet Drafts

      
 Cookies: HTTP State Management Mechanism
 
 draft-ietf-httpbis-rfc6265bis-15.txt
 Date: 21/07/2024
 Authors: Steven Bingler, Mike West, John Wilander
 Working Group: HTTP (httpbis)
 This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265.
 The HTTP QUERY Method
 
 draft-ietf-httpbis-safe-method-w-body-06.txt
 Date: 21/10/2024
 Authors: Julian Reschke, Ashok Malhotra, James Snell, Mike Bishop
 Working Group: HTTP (httpbis)
 This specification defines a new HTTP method, QUERY, as a safe, idempotent request method that can carry request content.
 Resumable Uploads for HTTP
 
 draft-ietf-httpbis-resumable-upload-05.txt
 Date: 21/10/2024
 Authors: Marius Kleidl, Guoye Zhang, Lucas Pardue
 Working Group: HTTP (httpbis)
 HTTP clients often encounter interrupted data transfers as a result of canceled requests or dropped connections. Prior to interruption, part of a representation may have been exchanged. To complete the data transfer of the entire representation, it is often desirable to issue subsequent requests that transfer only the remainder of the representation. HTTP range requests support this concept of resumable downloads from server to client. This document describes a mechanism that supports resumable uploads from client to server using HTTP.
 The Concealed HTTP Authentication Scheme
 
 draft-ietf-httpbis-unprompted-auth-12.txt
 Date: 19/09/2024
 Authors: David Schinazi, David Oliver, Jonathan Hoyland
 Working Group: HTTP (httpbis)
 Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed. Prior to this document, there was no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document defines a new non-probeable cryptographic authentication scheme.
 Template-Driven HTTP CONNECT Proxying for TCP
 
 draft-ietf-httpbis-connect-tcp-06.txt
 Date: 21/10/2024
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
 TCP proxying using HTTP CONNECT has long been part of the core HTTP specification. However, this proxying functionality has several important deficiencies in modern HTTP environments. This specification defines an alternative HTTP proxy service configuration for TCP connections. This configuration is described by a URI Template, similar to the CONNECT-UDP and CONNECT-IP protocols.
 Compression Dictionary Transport
 
 draft-ietf-httpbis-compression-dictionary-19.txt
 Date: 28/08/2024
 Authors: Patrick Meenan, Yoav Weiss
 Working Group: HTTP (httpbis)
 This document specifies a mechanism for dictionary-based compression in the Hypertext Transfer Protocol (HTTP). By utilizing this technique, clients and servers can reduce the size of transmitted data, leading to improved performance and reduced bandwidth consumption. This document extends existing HTTP compression methods and provides guidelines for the delivery and use of compression dictionaries within the HTTP protocol.
 HTTP Cache Groups
 
 draft-ietf-httpbis-cache-groups-02.txt
 Date: 17/06/2024
 Authors: Mark Nottingham
 Working Group: HTTP (httpbis)
 This specification introduces a means of describing the relationships between stored responses in HTTP caches, "grouping" them by associating a stored response with one or more opaque strings.
 Secondary Certificate Authentication of HTTP Servers
 
 draft-ietf-httpbis-secondary-server-certs-01.txt
 Date: 12/10/2024
 Authors: Eric Gorbaty, Mike Bishop
 Working Group: HTTP (httpbis)
 This document defines a way for HTTP/2 and HTTP/3 servers to send additional certificate-based credentials after a TLS connection is established, based on TLS Exported Authenticators.
 Security Considerations for Optimistic Protocol Transitions in HTTP/1.1
 
 draft-ietf-httpbis-optimistic-upgrade-01.txt
 Date: 21/10/2024
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
 In HTTP/1.1, the client can request a change to a new protocol on the existing connection. This document discusses the security considerations that apply to data sent by the client before this request is confirmed, and updates RFC 9298 to avoid related security issues.
 No-Vary-Search
 
 draft-ietf-httpbis-no-vary-search-00.txt
 Date: 27/09/2024
 Authors: Domenic Denicola, Jeremy Roman
 Working Group: HTTP (httpbis)
 A proposed HTTP header field for changing how URL search parameters impact caching.

data-group-menu-data-url="/group/groupmenu.json">

HTTP (httpbis)

WG Name HTTP
Acronym httpbis
Area Web and Internet Transport (wit)
State Active
Charter charter-ietf-httpbis-08 Approved
Document dependencies
Additional resources Zulip stream
alternate list archives
home page
repositories
Personnel Chairs Mark Nottingham, Tommy Pauly
Area Director Francesca Palombini
Mailing list Address ietf-http-wg@w3.org
To subscribe ietf-http-wg-request@w3.org
Archive http://lists.w3.org/Archives/Public/ietf-http-wg/
Chat Room address https://zulip.ietf.org/#narrow/stream/httpbis

Charter for Working Group

This Working Group is charged with maintaining and developing the "core" specifications for HTTP, and generic extensions to it (i.e., those that are not specific to one application).

Its current work items are:

HTTP/1.1 Revision

After the revision of the core HTTP document set in the RFC723x series, the Working Group published HTTP/2, which defines an alternative mapping of HTTP's semantics to TCP, and introduced new capabilities, like Server Push.

Additionally, several ambiguities, interoperability issues and errata have been identified since their publication.

The Working Group will revise the "core" HTTP document set (RFC 7230-RFC 7235) to:

  • Incorporate errata

  • Address ambiguities

  • Fix editorial problems which have led to misunderstandings of the specification

  • Clarify conformance requirements

  • Remove known ambiguities where they affect interoperability

  • Clarify existing methods of extensibility

  • Remove or deprecate those features that are not widely implemented and also unduly affect interoperability

  • Where necessary, add implementation advice

In doing so, it should consider:

  • Implementer experience

  • Demonstrated use of HTTP

  • Impact on existing implementations and deployments

HTTP and QUIC

Upon request from the QUIC Working Group, the HTTPBIS Working Group will review the QUIC Working Group's documents regarding the use of HTTP over the transport protocol they define, providing feedback and collaborating where necessary.

Once the QUIC Working Group publishes the expression of HTTP semantics in QUIC (HTTP/3), the HTTPBIS Working Group will maintain and develop extensions for HTTP/3 as necessary. This includes ancillary specifications (e.g. QPACK).

Other HTTP-Related Work

The Working Group may define extensions and other documents related to HTTP as work items, provided that:

  • They are generic; i.e., not specific to one application using HTTP. Note that Web browsing by definition is a generic use.

  • The Working Group Chairs judge that there is consensus to take on the item and believe that it will not interfere with the work described above, and

  • The Area Director approves the addition and add corresponding milestones.

Milestones

Order Milestone Associated documents
Last Submit Secondary Server Certs draft-ietf-httpbis-secondary-server-certs
Submit Resumable Uploads draft-ietf-httpbis-resumable-upload
Submit Compression Dictionaries draft-ietf-httpbis-compression-dictionary
Submit Unprompted Auth draft-ietf-httpbis-unprompted-auth
Submit Cache Groups draft-ietf-httpbis-cache-groups
Submit Client-Cert Header rfc9440 (was draft-ietf-httpbis-client-cert-field)
Submit The HTTP QUERY Method draft-ietf-httpbis-safe-method-w-body
Submit Retrofit Structured Fields draft-ietf-httpbis-retrofit
Next Submit RFC6265bis (Cookies) draft-ietf-httpbis-rfc6265bis

Done milestones

Order Milestone Associated documents
Done Submit HTTP Message Signatures rfc9421 (was draft-ietf-httpbis-message-signatures)
Done Submit ORIGIN in HTTP/3 rfc9412 (was draft-ietf-httpbis-origin-h3)
Done Submit Binary Representation of HTTP Messages rfc9292 (was draft-ietf-httpbis-binary-message)
Done Submit Digest Headers rfc9530 (was draft-ietf-httpbis-digest-headers)
Done Submit Proxy-Status Header rfc9209 (was draft-ietf-httpbis-proxy-status)
Done Submit Cache-Status Header rfc9211 (was draft-ietf-httpbis-cache-header)
Done Submit Building Protocols with HTTP (BCP56bis) rfc9205 (was draft-ietf-httpbis-bcp56bis)
Done Submit Structured Headers rfc8941 (was draft-ietf-httpbis-header-structure)
Done Submit Client Hints rfc8942 (was draft-ietf-httpbis-client-hints)
Done Submit the "core" HTTP documents for consideration as Internet Standards rfc9110 (was draft-ietf-httpbis-semantics)
rfc9111 (was draft-ietf-httpbis-cache)
rfc9112 (was draft-ietf-httpbis-messaging)

Parked milestones

Order Milestone Associated documents
Parked Submit HTTP Alternative Services draft-ietf-httpbis-rfc7838bis
Parked Submit HTTP Representation Variants draft-ietf-httpbis-variants