Internet DRAFT - draft-ruellan-headerdiff

draft-ruellan-headerdiff







Network Working Group                                         H. Ruellan
Internet-Draft                                               J. Fujisawa
Expires: September 12, 2013                                  Canon, Inc.
                                                           R. Bellessort
                                                               Y. Fablet
                                                          March 11, 2013


     Header Diff: A compact HTTP header representation for HTTP/2.0
                      draft-ruellan-headerdiff-00

Abstract

   This document describes a format adapted to efficiently represent
   HTTP headers in the context of HTTP/2.0.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 12, 2013.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Ruellan, et al.        Expires September 12, 2013               [Page 1]

Documentation               HTTP Header Diff                  March 2013


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Design Principles . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Outline . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.3.  Integration within HTTP/2.0 . . . . . . . . . . . . . . .   4
       2.3.1.  Deflate Usage . . . . . . . . . . . . . . . . . . . .   5
   3.  Indexing Strategies . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Indexing Tables . . . . . . . . . . . . . . . . . . . . .   6
       3.1.1.  Header Table  . . . . . . . . . . . . . . . . . . . .   6
       3.1.2.  Name Table  . . . . . . . . . . . . . . . . . . . . .   6
     3.2.  Header Representation . . . . . . . . . . . . . . . . . .   7
       3.2.1.  Literal Representation  . . . . . . . . . . . . . . .   7
       3.2.2.  Indexed Representation  . . . . . . . . . . . . . . .   7
       3.2.3.  Delta Representation  . . . . . . . . . . . . . . . .   7
   4.  Detailed Format . . . . . . . . . . . . . . . . . . . . . . .   8
     4.1.  Low-level representations . . . . . . . . . . . . . . . .   8
       4.1.1.  Integer representation  . . . . . . . . . . . . . . .   8
       4.1.2.  String literal representation . . . . . . . . . . . .  10
     4.2.  Indexed Header Representation . . . . . . . . . . . . . .  10
       4.2.1.  Short Indexed Header  . . . . . . . . . . . . . . . .  10
       4.2.2.  Long Indexed Header . . . . . . . . . . . . . . . . .  11
     4.3.  Literal Header Representation . . . . . . . . . . . . . .  11
       4.3.1.  Literal Header without Indexing . . . . . . . . . . .  11
       4.3.2.  Literal Header with Indexing  . . . . . . . . . . . .  12
     4.4.  Delta Header Representation . . . . . . . . . . . . . . .  12
       4.4.1.  Delta Header without Indexing . . . . . . . . . . . .  12
       4.4.2.  Delta Header with Indexing  . . . . . . . . . . . . .  13
   5.  Parameter Negotiation . . . . . . . . . . . . . . . . . . . .  13
   6.  Open Questions  . . . . . . . . . . . . . . . . . . . . . . .  14
     6.1.  Typed Codecs  . . . . . . . . . . . . . . . . . . . . . .  14
     6.2.  Specific header processing  . . . . . . . . . . . . . . .  14
     6.3.  Security Issues . . . . . . . . . . . . . . . . . . . . .  15
     6.4.  Deflate Partial Usage . . . . . . . . . . . . . . . . . .  15
     6.5.  Max length and entry numbers  . . . . . . . . . . . . . .  15
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  16
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
   Appendix A.  Initial header names . . . . . . . . . . . . . . . .  16
     A.1.  Requests  . . . . . . . . . . . . . . . . . . . . . . . .  16
     A.2.  Responses . . . . . . . . . . . . . . . . . . . . . . . .  18
     A.3.  Example . . . . . . . . . . . . . . . . . . . . . . . . .  19
       A.3.1.  First header set  . . . . . . . . . . . . . . . . . .  19
       A.3.2.  Second header set . . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  22





Ruellan, et al.        Expires September 12, 2013               [Page 2]

Documentation               HTTP Header Diff                  March 2013


1.  Introduction

   This document describes a format adapted to efficiently represent
   HTTP headers in the context of HTTP/2.0.

2.  Overview

2.1.  Design Principles

   HTTP headers can be represented in various ways.  As shown by SPDY,
   Deflate compresses very well HTTP headers.  But the use of Deflate
   has been found to cause security issues.  In particular, the
   compression of sensitive data, together with other data controlled by
   an attacker, may lead to leakage of the sensitive data.  The
   processing and memory costs may also be too high for some classes of
   devices.

   Having a lightweight compact HTTP header representation is therefore
   useful.  To design this representation, the focus was put on the
   following points:

   o  Simplicity: the representation should have a small number of
      options that allow handling any kind of headers; in particular,
      the use of dedicated codecs for each type of header value is not
      considered here.

   o  Efficiency: the representation should provide good compression at
      a small encoding/decoding cost for both processing and memory.

   o  Flexibility: the representation should be compatible with
      constrained devices, but also provide improved efficiency when
      more capable devices are used.

   o  Deflate-friendly: Deflate has proven its efficiency for encoding
      HTTP headers.  A good HTTP header representation should be
      efficient as a pre-compression step prior to applying Deflate.

2.2.  Outline

   The HTTP header representation described in this document is based on
   indexing tables that store (name,value) pairs, called header tables
   in the remainder of this document.  Header tables are incrementally
   updated during the whole HTTP/2.0 session.  Two independent header
   tables are used during a HTTP/2.0 session, one for HTTP request
   headers and one for HTTP response headers.

   The encoder is responsible for deciding which headers to insert as
   (name,value) pairs in the header table.  The decoder follows exactly



Ruellan, et al.        Expires September 12, 2013               [Page 3]

Documentation               HTTP Header Diff                  March 2013


   what the encoder prescribes.  This enables decoders to remain simple
   and understand a wide variety of encoders.

   A header may be represented as a literal, an index or a delta.  If
   represented as a literal or a delta, the representation specifies
   whether this header is used to update the indexing table.  The
   different representations are described in Section 3.2.

   To improve literal headers representation compactness, header names
   are indexed in a specific name table.  Two independent name tables
   are used during a HTTP/2.0 session, one for HTTP request headers and
   another for HTTP response headers.

   An example illustrating the use of the different tables to represent
   headers is available in Appendix A.3.  Once a set of header is
   represented using the available representations, it can optionally be
   compressed with Deflate.

2.3.  Integration within HTTP/2.0

   The headers are inserted in the HTTP/2.0 frames at the same place as
   defined in SPDY (next chart was adapted from draft-ietf-httpbis-
   http2-00).

   +------------------------------------+
   |1|    version    |         1        |
   +------------------------------------+
   |  Flags (8)  |  Length (24 bits)    |
   +------------------------------------+
   |X|           Stream-ID (31bits)     |
   +------------------------------------+
   |X| Associated-To-Stream-ID (31bits) |
   +------------------------------------+
   | Pri|Unused | Slot |                |
   +-------------------+                |
   | Number of Name/Value pairs (int32) |
   +------------------------------------+
   |     Encoded name/value pair        |   <+
   +------------------------------------+    | (*)
   |           (repeats)                |   <+

   (*) This section is the "Name/Value Header Block",
       and may be compressed.


   The modifications to SPDY are the following:





Ruellan, et al.        Expires September 12, 2013               [Page 4]

Documentation               HTTP Header Diff                  March 2013


   o  The headers are not represented as string tokens but using one of
      the possible representation described in Section 4.

   o  The Deflate step is made optional.

2.3.1.  Deflate Usage

   The header representation described in Section 4 is amenable to
   Deflate compression.  The Deflate algorithm improves the compression
   at the expense of additional processing.

   At least two potential drawbacks have been identified when using
   Deflate.  First, security issues may arise when using Deflate, like
   the CRIME attack [1].  Second, it may increase the workload of
   network intermediaries: they may need to uncompress and recompress
   the headers of all messages, even though they only need to process a
   few of them.

   The use of Deflate may still be envisioned if properly set up.
   Several approaches are available and should be studied:

      Restricting Deflate to Huffman-only coding is an option.  This is
      supported by many Deflate implementations such as zlib.  It may be
      used in the environments subject to CRIME attacks.  This approach
      should be compared to the direct use of hand-tailored Huffman
      coding.

      The use of indexing mechanisms prior Deflate may solve some
      security issues.  More precise analysis of the security impact of
      using indexing mechanisms prior Deflate should be studied as
      described in Section 6.3.

      Partial use of Deflate on a selected subset of headers may also be
      an option as described in Section 6.4.

      Restricting the use of Deflate to safe cases, such as controlled
      environments (widgets, native applications), anonymous connections
      and so on can be envisioned.  For instance, restricting the use of
      Deflate to HTTP response headers should not enable CRIME-like
      attacks.

3.  Indexing Strategies









Ruellan, et al.        Expires September 12, 2013               [Page 5]

Documentation               HTTP Header Diff                  March 2013


3.1.  Indexing Tables

3.1.1.  Header Table

   A header table consists in an ordered list of (name, value) pairs.
   Once a header pair is inserted in the header table, its index does
   not change until the pair gets removed.  A pair is either inserted at
   the end of the table or replaces an existing pair depending on the
   chosen representation.

   Header names should be represented as lower-case strings.  A header
   name is matching with a pair name if they are equal using a
   character-based, _case insensitive_ comparison.  A header value is
   matching with a pair value if they are equal using a character-based,
   _case sensitive_ comparison.  A header is matching with a
   (name,value) pair if both name and value are matching.

   The header table is progressively updated based on headers
   represented as literal (as defined in Section 3.2.1) or delta (as
   defined in Section 3.2.3).  Two update mechanisms are defined:

   o  Incremental indexing: the represented header is inserted at the
      end of the header table as a (name, value) pair.  The inserted
      pair index is set to the next free index in the table: it is equal
      to the number of headers in the table before its insertion.

   o  Substitution indexing: the represented header contains an index to
      an existing (name,value) pair.  The existing pair value is
      replaced by the header value.

   Incremental and substitution indexing are optional.  If none of them
   is selected in a header representation, the header table is not
   updated.  In particular, no update happens on the header table when
   processing an indexed representation.

   The header table size can be bounded so as to limit the memory
   requirements.  The header table size is defined as the sum of the
   length (as defined in Section 4.1.2) of the values of all header
   table pairs.  Header names are not counted in the header table size.

3.1.2.  Name Table

   A name table is an ordered list of name entries that is used to
   efficiently represent header names.  A header name is matching a name
   table entry if they are equal using a character-based, _case
   insensitive_ comparison.





Ruellan, et al.        Expires September 12, 2013               [Page 6]

Documentation               HTTP Header Diff                  March 2013


   If a header name is matching a name table entry, it is represented as
   an integer based on the index of the entry, as described in
   Section 4.1.1.  If a header name is not matching any of the name
   table entry, it is represented as a string, as described in
   Section 4.1.2.  A new entry containing the name is then inserted at
   the end of the name table.  Once inserted in the name table, a header
   name is never removed and its index is never changing.

   To optimize the representation of the headers exchanged at the
   beginning of the HTTP/2.0 session, the header name table is initally
   populated with common header names.  The initial header names list is
   provided in Appendix A.

3.2.  Header Representation

3.2.1.  Literal Representation

   The literal representation defines a header independentently of the
   header table.  A literal header is represented as:

   o  A header name, represented using the name table, as described in
      Section 3.1.2.

   o  The header value, represented as a literal string, as described in
      Section 4.1.2.

3.2.2.  Indexed Representation

   The indexed representation defines a header as a match to a
   (name,value) pair in the header table.  An indexed header is
   represented as:

   o  An integer representing the index of the matching (name,value)
      pair, as described in Section 4.1.1.

3.2.3.  Delta Representation

   The delta representation defines a header as a reference to a
   (name,value) pair contained in the header table.  The names must
   match between the represented header and the reference pair.  The
   values should start by a common substring between the represented
   header and the reference pair.

   A delta header is represented as:

   o  An integer representing the index of the reference (name, value)
      pair, as described in Section 4.1.1.  The pair name must match the
      name of the header.



Ruellan, et al.        Expires September 12, 2013               [Page 7]

Documentation               HTTP Header Diff                  March 2013


   o  An integer representing the length of the common prefix shared
      between the header value and the pair value, as described in
      Section 4.1.1.

   o  A string representing the suffix value to append to the common
      prefix to obtain the header value, as defined in Section 4.1.2.

4.  Detailed Format

4.1.  Low-level representations

4.1.1.  Integer representation

   Integers are used to represent name indexes, pair indexes or string
   lengths.  The integer representation keeps byte-alignment as much as
   possible as this allows various processing optimizations as well as
   efficient use of DEFLATE.  For that purpose, an integer
   representation always finishes at the end of a byte.

   An integer is represented in two parts: a prefix that fills the
   current byte and an optional list of bytes that are used if the
   integer value does not fit in the prefix.  The number of bits of the
   prefix (called N) is a parameter of the integer representation.

   The N-bit prefix allows filling the current byte.  If the value is
   small enough (strictly less than 2^N-1), it is encoded within the
   N-bit prefix.  Otherwise all the bits of the prefix are set to 1 and
   the value is encoded using an unsigned variable length integer [2]
   representation.

   The algorithm to represent an integer I is as follows:

   1.  If I < 2^N - 1, encode I on N bits

   2.  Else, encode 2^N - 1 on N bits and do the following steps:

   3.

       1.  Set I to (I - 2^N - 1) and Q to 1

       2.  While Q > 0

       3.

           1.  Compute Q and R, quotient and remainder of I divided by
               2^7





Ruellan, et al.        Expires September 12, 2013               [Page 8]

Documentation               HTTP Header Diff                  March 2013


           2.  If Q is strictly greater than 0, write one 1 bit;
               otherwise, write one 0 bit

           3.  Encode R on the next 7 bits

           4.  I = Q

4.1.1.1.  Example 1: Encoding 10 using a 5-bit prefix

   The value 10 is to be encoded with a 5-bit prefix.

   o  10 is less than 31 (= 2^5 - 1) and is represented using the 5-bit
      prefix.

   +-----+-----+-----+-----+-----+-----+-----+-----+
   |  0  |  1  |  2  |  3  |  4  |  5  |  6  |  7  |
   +-----+-----+-----+-----+-----+-----+-----+-----+
   |  X  |  X  |  X  |  0  |  1  |  0  |  1  |  0  | 10 stored on 5 bits
   +-----+-----+-----+-----+-----+-----+-----+-----+


4.1.1.2.  Example 2: Encoding 1337 using a 5-bit prefix

   The value I=1337 is to be encoded with a 5-bit prefix.

   o  1337 is greater than 31 (= 2^5 - 1).

   o

      *  The 5-bit prefix is filled with its max value (31).

   o  The value to represent on next bytes is I = 1337 - 2^5 = 1305.

   o

      *  1305 = 128*10 + 25, i.e.  Q=10 and R=25.

      *  Q is greater than 1, bit 8 is set to 1.

      *  The remainder R=25 is encoded on next 7 bits.

      *  I is replaced by the quotient Q=10.

   o  The value to represent on next bytes is I = 10.

   o

      *  10 = 128*0 + 10, i.e.  Q=0 and R=10.



Ruellan, et al.        Expires September 12, 2013               [Page 9]

Documentation               HTTP Header Diff                  March 2013


      *  Q is equal to 0, bit 16 is set to 0.

      *  The remainder R=10 is encoded on next 7 bits.

      *  I is replaced by the quotient Q=0.

   o  The process ends.

    +----+-----+-----+-----+-----+-----+-----+-----+
   |  0  |  1  |  2  |  3  |  4  |  5  |  6  |  7  |
   +-----+-----+-----+-----+-----+-----+-----+-----+
   |  X  |  X  |  X  |  1  |  1  |  1  |  1  |  1  |  Prefix = 31
   |  1  |  0  |  0  |  1  |  1  |  0  |  0  |  1  |  Q>=1, R=25
   |  0  |  0  |  0  |  0  |  1  |  0  |  1  |  0  |  Q=0 , R=10
   +-----+-----+-----+-----+-----+-----+-----+-----+


4.1.2.  String literal representation

   Literal strings can represent header names, header values or header
   values suffix in the case of delta coding.  They are encoded in two
   parts:

   1.  The string length, defined as the number of bytes needed to store
       its UTF-8 representation, is represented as an integer with a
       zero bits prefix.  If the string length is strictly less than
       128, it is represented as one byte.

   2.  The string value represented as a list of UTF-8 characters.

4.2.  Indexed Header Representation

   Indexed headers can be represented as short indexed header if the
   matching pair index is strictly below 64.  Otherwise it is
   represented as a long indexed header.

4.2.1.  Short Indexed Header

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |   4   |   5   |   6   |   7   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   1   |   0   |             00 0000 - 11 1111                 |
   |       |       |            Matching pair index                |
   |       |       |         (if strictly lower than 64)           |
   +-------+-------+-------+-------+-------+-------+-------+-------+






Ruellan, et al.        Expires September 12, 2013              [Page 10]

Documentation               HTTP Header Diff                  March 2013


   This representation starts with the '10' 2-bit pattern, followed by
   the index of the matching pair, represented on 6 bits.  A short
   indexed header is always coded in one byte.

4.2.2.  Long Indexed Header

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |  ...  |  ...  |   e   |   f   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   1   |   1   |  00  0000 0000 0000 - 11 1111 1111 1111 1111  |
   |       |       |                Matching pair index            |
   |       |       |        (if equal to or greater than 64)       |
   +-------+-------+-------+-------+-------+-------+-------+-------+


   This representation starts with the '11' 2-bit pattern, followed by
   the value of the index of the matching pair minus 64, represented as
   an integer with a 14-bit prefix A long indexed header is coded in two
   bytes if the index minus 64 is strictly below 16383.

4.3.  Literal Header Representation

4.3.1.  Literal Header without Indexing

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |   4   |   5   |   6   |   7   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |       |       |       |                0 0000                 |
   |       |       |       |         New header name symbol        |
   |   0   |   0   |   0   |---------------------------------------|
   |       |       |       |             0 0001 - 1 1111           |
   |       |       |       |    Index of matching header name      |
   +-------+-------+-------+-------+-------+-------+-------+-------+


   This representation, which does not involve updating the header
   table, starts with the '000' 3-bit pattern.

   If the header name matches a header name entry whose index is IN, the
   value (IN+1) is represented as an integer with a 5-bit prefix.  Note
   that if the index is strictly below 30, one byte is used.

   If the header name does not match a header name entry, the value 0 is
   represented on 5 bits followed by the header name, represented as a
   literal string.

   Header name representation is followed by the header value
   represented as a literal string.



Ruellan, et al.        Expires September 12, 2013              [Page 11]

Documentation               HTTP Header Diff                  March 2013


4.3.2.  Literal Header with Indexing

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |   4   |   5   |   6   |   7   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |       |       |       |       |             0000              |
   |       |       |       |Indexing|     New header name symbol    |
   |   0   |   0   |   1   |       |-------------------------------|
   |       |       |       | Mode  |           0001 - 1111         |
   |       |       |       |       | Index of matching header name |
   +-------+-------+-------+-------+-------+-------+-------+-------+


   This representation starts with the '001' 3-bit pattern.  The fourth
   bit sets the indexing mode: 0 for incremental indexing, 1 for
   substitution indexing.

   If the header name matches a header name entry whose index is IN, the
   value (IN+1) is represented as an integer with a 4-bit prefix.  Note
   that if the index is strictly below 14, one byte is used.

   If the header name does not match a header name entry, the value 0 is
   represented on 4 bits followed by the header name, represented as a
   literal string.

   Header name representation is followed by the header value
   represented as a string as described in Section 4.1.2.  In the case
   of substitution indexing, the substituted (name,value) pair index is
   inserted before the header value as a zero-bit prefix integer.  The
   header value is represented as a literal string.

4.4.  Delta Header Representation

4.4.1.  Delta Header without Indexing

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |   4   |   5   |   6   |   7   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   0   |           0 0000 - 1 1111             |
   |       |       |       |        Index of reference pair        |
   +-------+-------+-------+-------+-------+-------+-------+-------+


   This representation starts with the '010' 3-bit pattern.

   It continues with the index IR of the reference header pair.  The
   value IR is represented as an integer with a 5-bit prefix.  Note that
   if the index is strictly below 31, one byte is used.



Ruellan, et al.        Expires September 12, 2013              [Page 12]

Documentation               HTTP Header Diff                  March 2013


   Index value is followed by:

   1.  the length of the common prefix shared between the header value
       and the pair value, represented as an integer with a zero-bit
       prefix.

   2.  the header value suffix represented as a literal string.

4.4.2.  Delta Header with Indexing

   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   2   |   3   |   4   |   5   |   6   |   7   |
   +-------+-------+-------+-------+-------+-------+-------+-------+
   |   0   |   1   |   1   |Indexing|       0000 - 1111            |
   |       |       |       |  Mode |  Index of reference pair      |
   +-------+-------+-------+-------+-------+-------+-------+-------+


   This representation starts with the '011' 3-bit pattern.  The fourth
   bit sets the indexing mode, 0 for incremental indexing and 1 for
   substitution indexing.

   It continues with the index IR of the reference header pair.  The
   value IR is represented as an integer with a 4-bit prefix.  Note that
   if the index is strictly below 15, one byte is used.

   Index value is followed by:

   1.  the length of the common prefix shared between the header value
       and the pair value, represented as an integer with a zero-bit
       prefix.

   2.  the header value suffix, represented as a literal string.

5.  Parameter Negotiation

   Two parameters may be used to accomodate the client and server
   processing and memory requirements:

   o  A parameter Nh that configures the size of the header table.  The
      size can be computed as 2^Nh.  Nh is exchanged as an unsigned
      integer.

   o  A parameter Nd that configures the Deflate step.  If Nd is equal
      to zero, no Deflate step is used.  Otherwise, Deflate is used with
      a sliding window equal to 2^Nd.  Huffman-only coding is advertised
      using the Deflate block initial bits.  Nd is exchanged as an
      unsigned integer.



Ruellan, et al.        Expires September 12, 2013              [Page 13]

Documentation               HTTP Header Diff                  March 2013


   This section should be further completed, including but not limited
   to the following points:

   o  Define default values?

   o  Define when negotiation happens: at the beginning only, any time
      during the session...

   o  Define how are exchanged these parameters, probably using SETTINGS
      frames, through the definition of 4 settings (outgoing-Nd,
      outgoing-Nh, preferred-incomingNd, preferred-incoming-Nh).

6.  Open Questions

6.1.  Typed Codecs

   Typed codecs may be useful to represent header values, especially on
   response side.  An additional typed header representation could be
   defined, adding support for a small number of codecs such as:

   o  An Integer codec: may be useful for headers such as 'Age' and
      'Content-Length'.

   o  A Date codec: may be useful for headers such as 'Date', 'Expires',
      'If-Modified-Since', 'Last-Modified'.

6.2.  Specific header processing

   Some (name,value) pairs may be singled out to improve network nodes
   processing, such as:

   o  The request line (verb, version and URL) for HTTP requests.

   o  The response line (status and version) for HTTP responses.

   For those headers, the specification may define specific rules that
   can improve the processing cost, at the expense of some compression
   loss:

   o  All those headers are placed as the first headers in the
      SYN_STREAM frame, with a predefined order.

   o  Verb, version and status are represented as integers with zero-bit
      prefix.

   o  Indexed, delta or literal representation may be used for URL
      values.  In the case of delta and literal representation, only the
      substitution mode is used so that a processor only needs to store



Ruellan, et al.        Expires September 12, 2013              [Page 14]

Documentation               HTTP Header Diff                  March 2013


      the URL of the previous message to compute the URL of the current
      message.

6.3.  Security Issues

   Adequate use of delta and indexed representation before using of
   Deflate are supposed to solve security issues such as the CRIME
   attack.  For instance, if cookie headers are represented as indexed
   headers as much as possible, attackers may be prevented from
   progressively learning its value.

   This point should be confirmed with deeper analysis.  Additional
   study should also be done to evaluate whether the proposed indexed
   and delta representation create any new security issue.

6.4.  Deflate Partial Usage

   To circumvent Deflate issues related to both security and network
   intermediaries, the header set of a given message can be split in two
   buckets.  A first bucket would be sent without using Deflate, while
   the second bucket would be further compressed using Deflate.  The
   decision would be done by the encoder.  The specification could
   define a minimum set of headers that SHOULD never be compressed using
   Deflate, for instance URLs and cookies.

   Another possibility would be to define Deflate as a specific
   representation.  The use of Deflate would then be decided on per-
   header basis.  That would enable excluding any header that may
   contain sensitive data.  The overall scheme would be less efficient
   though (padding bits and so on).

   Additional analysis of the complexity and benefit of these approaches
   would be needed to go further.  For instance, these approaches should
   be compared to the use of Deflate restricted to Huffman-coding in
   terms of simplicity and compression benefits.

6.5.  Max length and entry numbers

   The integer representation allows representation of unbounded values.
   If bounding the table entries number or string lengths, the integer
   encoding may be further optimized.

   o  Decide whether to limit the length of strings to a max value and
      if so which value, 32768?

   o  Decide whether to limit name table entries to 256?

   o  Decide whether to limit header table entries to 16384?



Ruellan, et al.        Expires September 12, 2013              [Page 15]

Documentation               HTTP Header Diff                  March 2013


7.  Security Considerations

   This section should be completed according the previous sections.

8.  IANA Considerations

   This memo includes no request to IANA.

9.  References

Appendix A.  Initial header names

A.1.  Requests

   Indexes strictly lower than 14 are always encoded on 1 byte.  Hence,
   the 14 most frequent names should be set in the 14 first positions.
   This table may be updated based on statistical analysis of header
   names frequency and specific HTTP 2.0 header rules (like removal of
   'proxy-connection', url being split or not...).

   +---------+------------------------------------+
   |  Index  | Header Name                        |
   +---------+------------------------------------+
   |    0    | accept                             |
   +---------+------------------------------------+
   |    1    | accept-charset                     |
   +---------+------------------------------------+
   |    2    | accept-encoding                    |
   +---------+------------------------------------+
   |    3    | accept-language                    |
   +---------+------------------------------------+
   |    4    | cookie                             |
   +---------+------------------------------------+
   |    5    | method                             |
   +---------+------------------------------------+
   |    6    | host                               |
   +---------+------------------------------------+
   |    7    | if-modified-since                  |
   +---------+------------------------------------+
   |    8    | keep-alive                         |
   +---------+------------------------------------+
   |    9    | url                                |
   +---------+------------------------------------+
   |   10    | user-agent                         |
   +---------+------------------------------------+
   |   11    | version                            |
   +---------+------------------------------------+
   |   12    | proxy-connection                   |



Ruellan, et al.        Expires September 12, 2013              [Page 16]

Documentation               HTTP Header Diff                  March 2013


   +---------+------------------------------------+
   |   13    | referer                            |
   +---------+------------------------------------+
   |   14    | accept-datetime                    |
   +---------+------------------------------------+
   |   15    | authorization                      |
   +---------+------------------------------------+
   |   16    | allow                              |
   +---------+------------------------------------+
   |   17    | cache-control                      |
   +---------+------------------------------------+
   |   18    | connection                         |
   +---------+------------------------------------+
   |   19    | content-length                     |
   +---------+------------------------------------+
   |   20    | content-md5                        |
   +---------+------------------------------------+
   |   21    | content-type                       |
   +---------+------------------------------------+
   |   22    | date                               |
   +---------+------------------------------------+
   |   23    | expect                             |
   +---------+------------------------------------+
   |   24    | from                               |
   +---------+------------------------------------+
   |   25    | if-match                           |
   +---------+------------------------------------+
   |   26    | if-none-match                      |
   +---------+------------------------------------+
   |   27    | if-range                           |
   +---------+------------------------------------+
   |   28    | if-unmodified-since                |
   +---------+------------------------------------+
   |   29    | max-forwards                       |
   +---------+------------------------------------+
   |   30    | pragma                             |
   +---------+------------------------------------+
   |   31    | proxy-authorization                |
   +---------+------------------------------------+
   |   32    | range                              |
   +---------+------------------------------------+
   |   33    | te                                 |
   +---------+------------------------------------+
   |   34    | upgrade                            |
   +---------+------------------------------------+
   |   35    | via                                |
   +---------+------------------------------------+
   |   36    | warning                            |



Ruellan, et al.        Expires September 12, 2013              [Page 17]

Documentation               HTTP Header Diff                  March 2013


   +---------+------------------------------------+


A.2.  Responses

   Indexes strictly lower than 14 are always encoded on 1 byte.  Hence,
   the 14 most frequent names should be set in the 14 first positions.
   This table may be updated based on statistical analysis of header
   names frequency and specific HTTP 2.0 header rules.

   +---------+------------------------------------+
   |  Index  | Header Name                        |
   +---------+------------------------------------+
   |    0    | age                                |
   +---------+------------------------------------+
   |    1    | cache-control                      |
   +---------+------------------------------------+
   |    2    | content-length                     |
   +---------+------------------------------------+
   |    3    | content-type                       |
   +---------+------------------------------------+
   |    4    | date                               |
   +---------+------------------------------------+
   |    5    | etag                               |
   +---------+------------------------------------+
   |    6    | expires                            |
   +---------+------------------------------------+
   |    7    | last-modified                      |
   +---------+------------------------------------+
   |    8    | server                             |
   +---------+------------------------------------+
   |    9    | set-cookie                         |
   +---------+------------------------------------+
   |   10    | status                             |
   +---------+------------------------------------+
   |   11    | vary                               |
   +---------+------------------------------------+
   |   12    | version                            |
   +---------+------------------------------------+
   |   13    | via                                |
   +---------+------------------------------------+
   |   14    | access-control-allow-origin        |
   +---------+------------------------------------+
   |   15    | accept-ranges                      |
   +---------+------------------------------------+
   |   16    | allow                              |
   +---------+------------------------------------+
   |   17    | connection                         |



Ruellan, et al.        Expires September 12, 2013              [Page 18]

Documentation               HTTP Header Diff                  March 2013


   +---------+------------------------------------+
   |   18    | content-disposition                |
   +---------+------------------------------------+
   |   19    | content-encoding                   |
   +---------+------------------------------------+
   |   20    | content-language                   |
   +---------+------------------------------------+
   |   21    | content-location                   |
   +---------+------------------------------------+
   |   22    | content-md5                        |
   +---------+------------------------------------+
   |   23    | content-range                      |
   +---------+------------------------------------+
   |   24    | link                               |
   +---------+------------------------------------+
   |   25    | location                           |
   +---------+------------------------------------+
   |   26    | p3p                                |
   +---------+------------------------------------+
   |   27    | pragma                             |
   +---------+------------------------------------+
   |   28    | proxy-authenticate                 |
   +---------+------------------------------------+
   |   29    | refresh                            |
   +---------+------------------------------------+
   |   30    | retry-after                        |
   +---------+------------------------------------+
   |   31    | strict-transport-security          |
   +---------+------------------------------------+
   |   32    | trailer                            |
   +---------+------------------------------------+
   |   33    | transfer-encoding                  |
   +---------+------------------------------------+
   |   34    | warning                            |
   +---------+------------------------------------+
   |   35    | www-authenticate                   |
   +---------+------------------------------------+


A.3.  Example

   Here is an example that illustrates different representations and how
   tables are updated.

A.3.1.  First header set

   The first header set to represent is the following:




Ruellan, et al.        Expires September 12, 2013              [Page 19]

Documentation               HTTP Header Diff                  March 2013


   url: http://www.example.org/my-example/index.html
   user-agent: my-user-agent
   x-my-header: first


   The header table is empty, all headers are represented as literal
   headers with indexing.  The 'x-my-header' header name is not in the
   header name table and is encoded literally.  This gives the following
   representation:

   0x2A      (literal header with indexing, name index = 9)
   0x2C      (header value string length = 44)
   http://www.example.org/my-example/index.html
   0x2B      (literal header with indexing, name index = 10)
   0x0D      (header value string length = 43)
   my-user-agent
   0x20      (literal header with indexing, new name)
   0x0B      (header name string length = 11)
   x-my-header
   0x05      (header value string length = 5)
   first


   The header tables are as follow after the processing of these
   headers:

   Name table
   +---------+---------------------------------------------+
   |  Index  | Header Name                                 |
   +---------+---------------------------------------------+
   |    0    | accept                                      |
   +---------+---------------------------------------------+
   |    1    | accept-charset                              |
   +---------+---------------------------------------------+
   |   ...   | ...                                         |
   +---------+---------------------------------------------+
   |   36    | warning                                     |
   +---------+---------------------------------------------+
   |   37    | x-my-header                                 | added name
   +---------+---------------------------------------------+


   Header table
   +----+-------------+------------------------------------+
   | 0  |     url     | http://www.example.org/            | added pair
   |    |             |       my-example/index.html        |
   +----+-------------+------------------------------------+
   | 1  |  user-agent | my-user-agent                      | added pair



Ruellan, et al.        Expires September 12, 2013              [Page 20]

Documentation               HTTP Header Diff                  March 2013


   +----+-------------+------------------------------------+
   | 2  | x-my-header | first                              | added pair
   +----+-------------+------------------------------------+


A.3.2.  Second header set

   The second header set to represent is the following:

   url: http://www.example.org/my-example/resources/script.js
   user-agent: my-user-agent
   x-my-header: second


   The url header is represented as a delta header with substitution.
   The user-agent header will be represented as a short header.  The x
   -my-header will be represented as a literal header with indexing.

   0x70       (delta header with substitution, header index = 0)
   0x22       (common prefix length = 32)
   0x13       (suffix value length = 19)
   resources/script.js
   0x81       (indexed header, index = 1)
   0x2f 0x17  (literal header with indexing, name index = 37)
   0x05       (header value string length = 5)
   second


   The name table remains unchanged.  The header table is updated as
   follow:

   +----+-------------+------------------------------------+
   | 0  |     url     | http://www.example.org/            | substituted
   |    |             |     my-example/resources/script.js | pair
   +----+-------------+------------------------------------+
   | 1  |  user-agent | my-user-agent                      |
   +----+-------------+------------------------------------+
   | 2  | x-my-header | first                              |
   +----+-------------+------------------------------------+
   | 3  | x-my-header | second                             | added pair
   +----+-------------+------------------------------------+










Ruellan, et al.        Expires September 12, 2013              [Page 21]

Documentation               HTTP Header Diff                  March 2013


Authors' Addresses

   Herve Ruellan

   Email: herve.ruellan@crf.canon.fr


   Jun Fujisawa
   Canon, Inc.
   3-30-2 Shimomaruko
   Ohta-ku, Tokyo   146-8501
   Japan

   Email: fujisawa.jun@canon.co.jp


   Romain Bellessort

   Email: romain.bellessort@crf.canon.fr


   Youenn Fablet

   Email: youenn.fablet@crf.canon.fr


























Ruellan, et al.        Expires September 12, 2013              [Page 22]