HTTP workshop

Wed, 09 Nov 2022 08:51:06 -0800 

Hi all,
Last week I attended the 2022 HTTP workshop [1]. There was lots of interesting discussion and I thought it was worth highlighting the key things relevant to Tomcat. 

1. Draft updates to RFC 6265 Cookies [2].
   Most changes don't impact Tomcat.
   However, it clarifies that quotes are part of the value if the value
     is quoted. RFC 6265 also states this (I missed it). Tomcat current
     strips these quotes. If we fix this (I think we should) we'll
     almost certainly need to make it optional.

2. There are some new HTTP/2 frames (origin [3] and certificate [4]) we
   may need to implement at some point. Too early at the moment though.

3. qlog, developed to help debug QUIC, may expand to cover HTTP/2 and
   add additional tooling. If it does, we may want to create a
   conversion tool to make our HTTP/2 debug logs readable by these
   tools.

4. Structured fields [5]. As these start to get used more, we may need
   to adopt / write a parser for them.

5. TLS 1.3 0RTT. Not an issue for us. JSSE opted not to implement it.

6. New status codes. The Servlet spec may want to update the list.

7. New methods. Particularly PATCH [6]. Do we want to implement it? Does
   the spec want to add to to the list of standard methods?

8. Oblivious HTTP (hides client IP address from origin server) is
   interesting but Tomcat doesn't need to do anything.

9. Encrypted Client Hello [7]. If Tomcat needs to support this, we will
   need to do it 'manually' in the handshake parsing code that currently
   handles SNI.

10. HTTP testing. There is interest in some form of common testing tool.



The only think we need to do anything about right now is the cookie 
value quoting issue. I plan to look at this after 10.1.2.


Mark


[1] https://github.com/HTTPWorkshop
[2] https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-11
[3] https://www.rfc-editor.org/rfc/rfc8336.html

[4] 
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-secondary-certs-06

[5] https://www.rfc-editor.org/rfc/rfc8941.html
[6] https://www.rfc-editor.org/rfc/rfc5789
[7] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org















    











					Reply via email to