



Network Working Group                                      M. Nottingham
Internet-Draft                                          January 21, 2016
Intended status: Informational
Expires: July 24, 2016


                        HTTP/2 Fixed-Size Frames
               draft-nottingham-httpbis-h2-fixed-frame-00

Abstract

   This specification defines a HTTP/2 setting,
   SETTINGS_FIXED_FRAME_SIZE, that asks the peer to use padding and
   chunking to achieve a desired, static frame size for HEADERS and DATA
   frames.

Note to Readers

   The issues list for this draft can be found at
   https://github.com/mnot/I-D/labels/httpbis-h2-fixed-frame .

   The most recent (often, unpublished) draft is at
   https://mnot.github.io/I-D/httpbis-h2-fixed-frame/ .

   Recent changes are listed at https://github.com/mnot/I-D/commits/gh-
   pages/httpbis-h2-fixed-frame .

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 24, 2016.








Nottingham                Expires July 24, 2016                 [Page 1]

Internet-Draft          HTTP/2 Fixed-Size Frames            January 2016


Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   2
     1.2.  SETTINGS_FIXED_FRAME_SIZE (0xn) . . . . . . . . . . . . .   3
   2.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   4.  Normative References  . . . . . . . . . . . . . . . . . . . .   3
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   Traffic analysis depends, in part, on using the difference between
   sizes of messages to characterise a particular flow.

   HTTP/2 [RFC7540] allows its two major data-bearing frame types
   (HEADERS and DATA) to be split into multiple frames as well as padded
   with extra data.  However, implementations to date do not use these
   capabilities in any regular way to combat traffic analysis.

   This specification defines a new HTTP/2 setting that informs a peer
   when it is desirable to use frame splitting and padding to achieve
   this effect.

1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].






Nottingham                Expires July 24, 2016                 [Page 2]

Internet-Draft          HTTP/2 Fixed-Size Frames            January 2016


1.2.  SETTINGS_FIXED_FRAME_SIZE (0xn)

   This setting requests that the peer assure that HTTP/2 frame payloads
   (as per [RFC7540], Section 4.1) it sends are split into multiple
   frames and/or padded to the number of bytes indicated in its value,
   when the frame type allows.

   A value of 0 indicates no fixed frame size is requested.

   For example, if the setting value is 8192, a 10000 byte DATA frame
   payload would be sent as two 8192 byte frames, with 1808 bytes of
   padding in total (occurring in either frame, or both).

   HEADERS frames would likewise be split into one HEADERS frame and an
   arbitrary number of CONTINUATION frames, with padding as necessary.

2.  IANA Considerations

   This specification registers an entry in the HTTP/2 Settings
   registry.

   o  Name: SETTINGS_FIXED_FRAME_SIZE

   o  Code: TBD

   o  Initial Value: 0

   o  Specification: [this document]

3.  Security Considerations

   Uniform frame sizes are not sufficient to combat traffic analysis on
   their own, since flows still carry metadata, timing, and other
   information.

4.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC7540]  Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
              DOI 10.17487/RFC7540, May 2015,
              <http://www.rfc-editor.org/info/rfc7540>.







Nottingham                Expires July 24, 2016                 [Page 3]

Internet-Draft          HTTP/2 Fixed-Size Frames            January 2016


Appendix A.  Acknowledgements

   Well, Chaum for one.

Author's Address

   Mark Nottingham

   Email: mnot@mnot.net
   URI:   https://www.mnot.net/









































Nottingham                Expires July 24, 2016                 [Page 4]
