Changeset 2124


Ignore:
Timestamp:
Jan 16, 2013, 10:36:37 AM (7 years ago)
Author:
martin.thomson@…
Message:

Changing title.

Location:
draft-ietf-httpbis-http2/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis-http2/latest/draft-ietf-httpbis-http2.html

    r2080 r2124  
    44   <head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
    55      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    6       <title>SPDY Protocol</title><script>
     6      <title>Hypertext Transfer Protocol version 2.0</title><script>
    77var buttonsAdded = false;
    88
     
    400400  }
    401401  @top-center {
    402        content: "SPDY";
     402       content: "HTTP/2.0";
    403403  }
    404404  @bottom-left {
     
    406406  }
    407407  @bottom-center {
    408        content: "Expires July 6, 2013";
     408       content: "Expires July 20, 2013";
    409409  }
    410410  @bottom-right {
     
    429429      <link rel="Index" href="#rfc.index">
    430430      <link rel="Chapter" title="1 Overview" href="#rfc.section.1">
    431       <link rel="Chapter" title="2 SPDY Framing Layer" href="#rfc.section.2">
    432       <link rel="Chapter" title="3 HTTP Layering over SPDY" href="#rfc.section.3">
     431      <link rel="Chapter" title="2 HTTP/2.0 Framing Layer" href="#rfc.section.2">
     432      <link rel="Chapter" title="3 HTTP Layering over HTTP/2.0" href="#rfc.section.3">
    433433      <link rel="Chapter" title="4 Design Rationale and Notes" href="#rfc.section.4">
    434434      <link rel="Chapter" title="5 Security Considerations" href="#rfc.section.5">
    435435      <link rel="Chapter" title="6 Privacy Considerations" href="#rfc.section.6">
    436       <link rel="Chapter" title="7 Incompatibilities with SPDY draft #2" href="#rfc.section.7">
    437       <link rel="Chapter" title="8 Requirements Notation" href="#rfc.section.8">
    438       <link rel="Chapter" title="9 Acknowledgements" href="#rfc.section.9">
    439       <link rel="Chapter" href="#rfc.section.10" title="10 Normative References">
     436      <link rel="Chapter" title="7 Requirements Notation" href="#rfc.section.7">
     437      <link rel="Chapter" title="8 Acknowledgements" href="#rfc.section.8">
     438      <link rel="Chapter" href="#rfc.section.9" title="9 Normative References">
    440439      <link rel="Appendix" title="A Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.A">
    441       <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.589, 2012-11-30 14:23:31, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
     440      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.588, 2012-08-25 12:28:24, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
    442441      <meta name="keywords" content="HTTP">
    443442      <link rel="schema.dct" href="http://purl.org/dc/terms/">
     
    447446      <meta name="dct.creator" content="Melnikov, A.">
    448447      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-http2-latest">
    449       <meta name="dct.issued" scheme="ISO8601" content="2013-01-02">
    450       <meta name="dct.abstract" content="This document describes SPDY, a protocol designed for low-latency transport of content over the World Wide Web. SPDY introduces two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of the protocol provides HTTP-like RFC2616 semantics for compatibility with existing HTTP application servers.">
    451       <meta name="description" content="This document describes SPDY, a protocol designed for low-latency transport of content over the World Wide Web. SPDY introduces two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of the protocol provides HTTP-like RFC2616 semantics for compatibility with existing HTTP application servers.">
     448      <meta name="dct.issued" scheme="ISO8601" content="2013-01-16">
     449      <meta name="dct.abstract" content="This document describes HTTP/2.0, a protocol designed for low-latency transport of content over the World Wide Web. HTTP/2.0 introduces two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of the protocol provides HTTP-like RFC2616 semantics for compatibility with existing HTTP application servers.">
     450      <meta name="description" content="This document describes HTTP/2.0, a protocol designed for low-latency transport of content over the World Wide Web. HTTP/2.0 introduces two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of the protocol provides HTTP-like RFC2616 semantics for compatibility with existing HTTP application servers.">
    452451   </head>
    453452   <body onload="init();">
     
    467466            </tr>
    468467            <tr>
    469                <td class="left">Expires: July 6, 2013</td>
     468               <td class="left">Expires: July 20, 2013</td>
    470469               <td class="right">Google, Inc</td>
    471470            </tr>
     
    488487            <tr>
    489488               <td class="left"></td>
    490                <td class="right">January 2, 2013</td>
     489               <td class="right">January 16, 2013</td>
    491490            </tr>
    492491         </tbody>
    493492      </table>
    494       <p class="title">SPDY Protocol<br><span class="filename">draft-ietf-httpbis-http2-latest</span></p>
     493      <p class="title">Hypertext Transfer Protocol version 2.0<br><span class="filename">draft-ietf-httpbis-http2-latest</span></p>
    495494      <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1>
    496       <p>This document describes SPDY, a protocol designed for low-latency transport of content over the World Wide Web. SPDY introduces
    497          two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely
    498          TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of the protocol
    499          provides HTTP-like <a href="#RFC2616">RFC2616</a> <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2616.1">[RFC2616]</cite> semantics for compatibility with existing HTTP application servers.
     495      <p>This document describes HTTP/2.0, a protocol designed for low-latency transport of content over the World Wide Web. HTTP/2.0
     496         introduces two layers of protocol. The lower layer is a general purpose framing layer which can be used atop a reliable transport
     497         (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams. The upper layer of
     498         the protocol provides HTTP-like <a href="#RFC2616">RFC2616</a> <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2616.1">[RFC2616]</cite> semantics for compatibility with existing HTTP application servers.
    500499      </p>
    501500      <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1>
    502501      <p>This draft is a work-in-progress, and does not yet reflect Working Group consensus.</p> 
    503       <p>This first draft uses the SPDY Protocol as a starting point, as per the Working Group's charter. Future drafts will add, remove
    504          and change text, based upon the Working Group's decisions.
     502      <p>This draft contains features from the SPDY Protocol as a starting point, as per the Working Group's charter. Future drafts
     503         will add, remove and change text, based upon the Working Group's decisions.
    505504      </p> 
    506505      <p>Discussion of this draft takes place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org), which is archived at &lt;<a href="http://lists.w3.org/Archives/Public/ietf-http-wg/">http://lists.w3.org/Archives/Public/ietf-http-wg/</a>&gt;.
     
    519518         in progress”.
    520519      </p>
    521       <p>This Internet-Draft will expire on July 6, 2013.</p>
     520      <p>This Internet-Draft will expire on July 20, 2013.</p>
    522521      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    523522      <p>Copyright © 2013 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    535534            </ul>
    536535         </li>
    537          <li><a href="#rfc.section.2">2.</a>&nbsp;&nbsp;&nbsp;<a href="#FramingLayer">SPDY Framing Layer</a><ul>
     536         <li><a href="#rfc.section.2">2.</a>&nbsp;&nbsp;&nbsp;<a href="#FramingLayer">HTTP/2.0 Framing Layer</a><ul>
    538537               <li><a href="#rfc.section.2.1">2.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.2.1">Session (Connections)</a></li>
    539538               <li><a href="#rfc.section.2.2">2.2</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.2.2">Framing</a><ul>
     
    580579            </ul>
    581580         </li>
    582          <li><a href="#rfc.section.3">3.</a>&nbsp;&nbsp;&nbsp;<a href="#HTTPLayer">HTTP Layering over SPDY</a><ul>
     581         <li><a href="#rfc.section.3">3.</a>&nbsp;&nbsp;&nbsp;<a href="#HTTPLayer">HTTP Layering over HTTP/2.0</a><ul>
    583582               <li><a href="#rfc.section.3.1">3.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.3.1">Connection Management</a><ul>
    584583                     <li><a href="#rfc.section.3.1.1">3.1.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.3.1.1">Use of GOAWAY</a></li>
     
    615614         <li><a href="#rfc.section.5">5.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5">Security Considerations</a><ul>
    616615               <li><a href="#rfc.section.5.1">5.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5.1">Use of Same-origin constraints</a></li>
    617                <li><a href="#rfc.section.5.2">5.2</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5.2">HTTP Headers and SPDY Headers</a></li>
     616               <li><a href="#rfc.section.5.2">5.2</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5.2">HTTP Headers and HTTP/2.0 Headers</a></li>
    618617               <li><a href="#rfc.section.5.3">5.3</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5.3">Cross-Protocol Attacks</a></li>
    619618               <li><a href="#rfc.section.5.4">5.4</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5.4">Server Push Implicit Headers</a></li>
     
    625624            </ul>
    626625         </li>
    627          <li><a href="#rfc.section.7">7.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.7">Incompatibilities with SPDY draft #2</a></li>
    628          <li><a href="#rfc.section.8">8.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.8">Requirements Notation</a></li>
    629          <li><a href="#rfc.section.9">9.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.9">Acknowledgements</a></li>
    630          <li><a href="#rfc.section.10">10.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references">Normative References</a></li>
     626         <li><a href="#rfc.section.7">7.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.7">Requirements Notation</a></li>
     627         <li><a href="#rfc.section.8">8.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.8">Acknowledgements</a></li>
     628         <li><a href="#rfc.section.9">9.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references">Normative References</a></li>
    631629         <li><a href="#rfc.authors">Authors' Addresses</a></li>
    632630         <li><a href="#rfc.section.A">A.</a>&nbsp;&nbsp;&nbsp;<a href="#change.log">Change Log (to be removed by RFC Editor before publication)</a><ul>
     
    643641         multiplexing. In addition, pipelining has proven non-deployable in existing browsers due to intermediary interference.
    644642      </p>
    645       <p id="rfc.section.1.p.2">SPDY adds a framing layer for multiplexing multiple, concurrent streams across a single TCP connection (or any reliable transport
    646          stream). The framing layer is optimized for HTTP-like request-response streams, such that applications which run over HTTP
    647          today can work over SPDY with little or no change on behalf of the web application writer.
    648       </p>
    649       <p id="rfc.section.1.p.3">The SPDY session offers four improvements over HTTP: </p>
     643      <p id="rfc.section.1.p.2">HTTP/2.0 adds a framing layer for multiplexing multiple, concurrent streams across a single TCP connection (or any reliable
     644         transport stream). The framing layer is optimized for HTTP-like request-response streams, such that applications which run
     645         over HTTP today can work over HTTP/2.0 with little or no change on behalf of the web application writer.
     646      </p>
     647      <p id="rfc.section.1.p.3">The HTTP/2.0 session offers four improvements over HTTP: </p>
    650648      <ul class="empty">
    651          <li>Multiplexed requests: There is no limit to the number of requests that can be issued concurrently over a single SPDY connection.</li>
     649         <li>Multiplexed requests: There is no limit to the number of requests that can be issued concurrently over a single HTTP/2.0 connection.</li>
    652650         <li>Prioritized requests: Clients can request certain resources to be delivered first. This avoids the problem of congesting the
    653651            network channel with non-critical resources when a high-priority request is pending.
     
    658656         <li>Server pushed streams: Server Push enables content to be pushed from servers to clients without a request.</li>
    659657      </ul>
    660       <p id="rfc.section.1.p.4">SPDY attempts to preserve the existing semantics of HTTP. All features such as cookies, ETags, Vary headers, Content-Encoding
    661          negotiations, etc work as they do with HTTP; SPDY only replaces the way the data is written to the network.
     658      <p id="rfc.section.1.p.4">HTTP/2.0 attempts to preserve the existing semantics of HTTP. All features such as cookies, ETags, Vary headers, Content-Encoding
     659         negotiations, etc work as they do with HTTP; HTTP/2.0 only replaces the way the data is written to the network.
    662660      </p>
    663661      <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;Document Organization
    664662      </h2>
    665       <p id="rfc.section.1.1.p.1">The SPDY Specification is split into two parts: a framing layer (<a href="#FramingLayer" title="SPDY Framing Layer">Section&nbsp;2</a>), which multiplexes a TCP connection into independent, length-prefixed frames, and an HTTP layer (<a href="#HTTPLayer" title="HTTP Layering over SPDY">Section&nbsp;3</a>), which specifies the mechanism for overlaying HTTP request/response pairs on top of the framing layer. While some of the
     663      <p id="rfc.section.1.1.p.1">The HTTP/2.0 Specification is split into two parts: a framing layer (<a href="#FramingLayer" title="HTTP/2.0 Framing Layer">Section&nbsp;2</a>), which multiplexes a TCP connection into independent, length-prefixed frames, and an HTTP layer (<a href="#HTTPLayer" title="HTTP Layering over HTTP/2.0">Section&nbsp;3</a>), which specifies the mechanism for overlaying HTTP request/response pairs on top of the framing layer. While some of the
    666664         framing layer concepts are isolated from the HTTP layer, building a generic framing layer has not been a goal. The framing
    667665         layer is tailored to the needs of the HTTP protocol and server push.
     
    671669      <p id="rfc.section.1.2.p.1"> </p>
    672670      <ul class="empty">
    673          <li>client: The endpoint initiating the SPDY session.</li>
     671         <li>client: The endpoint initiating the HTTP/2.0 session.</li>
    674672         <li>connection: A transport-level connection between two endpoints.</li>
    675673         <li>endpoint: Either the client or server of a connection.</li>
    676          <li>frame: A header-prefixed sequence of bytes sent over a SPDY session.</li>
    677          <li>server: The endpoint which did not initiate the SPDY session.</li>
     674         <li>frame: A header-prefixed sequence of bytes sent over a HTTP/2.0 session.</li>
     675         <li>server: The endpoint which did not initiate the HTTP/2.0 session.</li>
    678676         <li>session: A synonym for a connection.</li>
    679          <li>session error: An error on the SPDY session.</li>
    680          <li>stream: A bi-directional flow of bytes across a virtual channel within a SPDY session.</li>
    681          <li>stream error: An error on an individual SPDY stream.</li>
     677         <li>session error: An error on the HTTP/2.0 session.</li>
     678         <li>stream: A bi-directional flow of bytes across a virtual channel within a HTTP/2.0 session.</li>
     679         <li>stream error: An error on an individual HTTP/2.0 stream.</li>
    682680      </ul>
    683       <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="FramingLayer" href="#FramingLayer">SPDY Framing Layer</a></h1>
     681      <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="FramingLayer" href="#FramingLayer">HTTP/2.0 Framing Layer</a></h1>
    684682      <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;Session (Connections)
    685683      </h2>
    686       <p id="rfc.section.2.1.p.1">The SPDY framing layer (or "session") runs atop a reliable transport layer such as <a href="#RFC0793">TCP</a> <cite title="Transmission Control Protocol" id="rfc.xref.RFC0793.1">[RFC0793]</cite>. The client is the TCP connection initiator. SPDY connections are persistent connections.
     684      <p id="rfc.section.2.1.p.1">The HTTP/2.0 framing layer (or "session") runs atop a reliable transport layer such as <a href="#RFC0793">TCP</a> <cite title="Transmission Control Protocol" id="rfc.xref.RFC0793.1">[RFC0793]</cite>. The client is the TCP connection initiator. HTTP/2.0 connections are persistent connections.
    687685      </p>
    688686      <p id="rfc.section.2.1.p.2">For best performance, it is expected that clients will not close open connections until the user navigates away from all web
     
    699697         after the common header. The simple header is designed to make reading and writing of frames easy.
    700698      </p>
    701       <p id="rfc.section.2.2.p.3">All integer values, including length, version, and type, are in network byte order. SPDY does not enforce alignment of types
    702          in dynamically sized frames.
     699      <p id="rfc.section.2.2.p.3">All integer values, including length, version, and type, are in network byte order. HTTP/2.0 does not enforce alignment of
     700         types in dynamically sized frames.
    703701      </p>
    704702      <h3 id="rfc.section.2.2.1"><a href="#rfc.section.2.2.1">2.2.1</a>&nbsp;<a id="ControlFrames" href="#ControlFrames">Control frames</a></h3>
     
    713711         1.
    714712      </p>
    715       <p id="rfc.section.2.2.1.p.3">Version: The version number of the SPDY protocol. This document describes SPDY version 3.</p>
     713      <p id="rfc.section.2.2.1.p.3">Version: The version number of the HTTP/2.0 protocol. This document describes HTTP/2.0 version 3.</p>
    716714      <p id="rfc.section.2.2.1.p.4">Type: The type of control frame. See Control Frames for the complete list of control frames.</p>
    717715      <p id="rfc.section.2.2.1.p.5">Flags: Flags related to this frame. Flags for control frames and data frames are different.</p>
     
    753751         </li>
    754752         <li>Implementors note: If an endpoint receives multiple data frames for invalid stream-ids, it MAY close the session.</li>
    755          <li>All SPDY endpoints MUST accept compressed data frames. Compression of data frames is always done using zlib compression. Each
    756             stream initializes and uses its own compression context dedicated to use within that stream. Endpoints are encouraged to use
    757             application level compression rather than SPDY stream level compression.
    758          </li>
    759          <li>Each SPDY stream sending compressed frames creates its own zlib context for that stream, and these compression contexts MUST
    760             be distinct from the compression contexts used with SYN_STREAM/SYN_REPLY/HEADER compression. (Thus, if both endpoints of a
    761             stream are compressing data on the stream, there will be two zlib contexts, one for sending and one for receiving).
     753         <li>All HTTP/2.0 endpoints MUST accept compressed data frames. Compression of data frames is always done using zlib compression.
     754            Each stream initializes and uses its own compression context dedicated to use within that stream. Endpoints are encouraged
     755            to use application level compression rather than HTTP/2.0 stream level compression.
     756         </li>
     757         <li>Each HTTP/2.0 stream sending compressed frames creates its own zlib context for that stream, and these compression contexts
     758            MUST be distinct from the compression contexts used with SYN_STREAM/SYN_REPLY/HEADER compression. (Thus, if both endpoints
     759            of a stream are compressing data on the stream, there will be two zlib contexts, one for sending and one for receiving).
    762760         </li>
    763761      </ul>
     
    772770      </ul>
    773771      <h3 id="rfc.section.2.3.1"><a href="#rfc.section.2.3.1">2.3.1</a>&nbsp;<a id="StreamFrames" href="#StreamFrames">Stream frames</a></h3>
    774       <p id="rfc.section.2.3.1.p.1">SPDY defines 3 control frames to manage the lifecycle of a stream: </p>
     772      <p id="rfc.section.2.3.1.p.1">HTTP/2.0 defines 3 control frames to manage the lifecycle of a stream: </p>
    775773      <ul class="empty">
    776774         <li>SYN_STREAM - Open a new stream</li>
     
    848846      <h2 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4</a>&nbsp;Error Handling
    849847      </h2>
    850       <p id="rfc.section.2.4.p.1">The SPDY framing layer has only two types of errors, and they are always handled consistently. Any reference in this specification
     848      <p id="rfc.section.2.4.p.1">The HTTP/2.0 framing layer has only two types of errors, and they are always handled consistently. Any reference in this specification
    851849         to "issue a session error" refers to <a href="#SessionErrorHandler" title="Session Error Handling">Section&nbsp;2.4.1</a>. Any reference to "issue a stream error" refers to <a href="#StreamErrorHandler" title="Stream Error Handling">Section&nbsp;2.4.2</a>.
    852850      </p>
     
    870868         any frames other than a RST_STREAM for that stream id, it will result in sending additional RST_STREAM frames. An endpoint
    871869         MUST NOT send a RST_STREAM in response to an RST_STREAM, as doing so would lead to RST_STREAM loops. Sending a RST_STREAM
    872          does not cause the SPDY session to be closed.
     870         does not cause the HTTP/2.0 session to be closed.
    873871      </p>
    874872      <p id="rfc.section.2.4.2.p.2">If an endpoint has multiple RST_STREAM frames to send in succession for the same stream-id and the same error code, it MAY
     
    878876      <h2 id="rfc.section.2.5"><a href="#rfc.section.2.5">2.5</a>&nbsp;Data flow
    879877      </h2>
    880       <p id="rfc.section.2.5.p.1">Because TCP provides a single stream of data on which SPDY multiplexes multiple logical streams, clients and servers must
     878      <p id="rfc.section.2.5.p.1">Because TCP provides a single stream of data on which HTTP/2.0 multiplexes multiple logical streams, clients and servers must
    881879         intelligently interleave data messages for concurrent sessions.
    882880      </p>
     
    993991         <li>2 - INVALID_STREAM. This is returned when a frame is received for a stream which is not active.</li>
    994992         <li>3 - REFUSED_STREAM. Indicates that the stream was refused before any processing has been done on the stream.</li>
    995          <li>4 - UNSUPPORTED_VERSION. Indicates that the recipient of a stream does not support the SPDY version requested.</li>
     993         <li>4 - UNSUPPORTED_VERSION. Indicates that the recipient of a stream does not support the HTTP/2.0 version requested.</li>
    996994         <li>5 - CANCEL. Used by the creator of a stream to indicate that the stream is no longer needed.</li>
    997995         <li>6 - INTERNAL_ERROR. This is a generic error which can be used when the implementation has internally failed, not due to anything
     
    10161014      <p id="rfc.section.2.6.4.p.1">A SETTINGS frame contains a set of id/value pairs for communicating configuration data about how the two endpoints may communicate.
    10171015         SETTINGS frames can be sent at any time by either endpoint, are optionally sent, and are fully asynchronous. When the server
    1018          is the sender, the sender can request that configuration data be persisted by the client across SPDY sessions and returned
     1016         is the sender, the sender can request that configuration data be persisted by the client across HTTP/2.0 sessions and returned
    10191017         to the server in future communications.
    10201018      </p>
     
    10341032|             ...                  |
    10351033            </pre> <p id="rfc.section.2.6.4.p.4">Control bit: The control bit is always 1 for this message.</p>
    1036       <p id="rfc.section.2.6.4.p.5">Version: The SPDY version number.</p>
     1034      <p id="rfc.section.2.6.4.p.5">Version: The HTTP/2.0 version number.</p>
    10371035      <p id="rfc.section.2.6.4.p.6">Type: The message type for a SETTINGS message is 4.</p>
    10381036      <p id="rfc.section.2.6.4.p.7">Flags: FLAG_SETTINGS_CLEAR_SETTINGS (0x1): When set, the client should clear any previously persisted SETTINGS ID/Value pairs.
     
    10831081                  streams.
    10841082               </li>
    1085                <li>8 - SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE allows the server to inform the client if the new size of the client certificate
     1083               <li>8 - SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE allows the server to inform the client of the new size of the client certificate
    10861084                  vector.
    10871085               </li>
     
    11141112+----------------------------------+
    11151113            </pre> <p id="rfc.section.2.6.5.p.3">Control bit: The control bit is always 1 for this message.</p>
    1116       <p id="rfc.section.2.6.5.p.4">Version: The SPDY version number.</p>
     1114      <p id="rfc.section.2.6.5.p.4">Version: The HTTP/2.0 version number.</p>
    11171115      <p id="rfc.section.2.6.5.p.5">Type: The message type for a PING message is 6.</p>
    11181116      <p id="rfc.section.2.6.5.p.6">Length: This frame is always 4 bytes long.</p>
     
    11541152+----------------------------------+
    11551153            </pre> <p id="rfc.section.2.6.6.p.6">Control bit: The control bit is always 1 for this message.</p>
    1156       <p id="rfc.section.2.6.6.p.7">Version: The SPDY version number.</p>
     1154      <p id="rfc.section.2.6.6.p.7">Version: The HTTP/2.0 version number.</p>
    11571155      <p id="rfc.section.2.6.6.p.8">Type: The message type for a GOAWAY message is 7.</p>
    11581156      <p id="rfc.section.2.6.6.p.9">Length: This frame is always 8 bytes long.</p>
     
    11641162         <li>0 - OK. This is a normal session teardown.</li>
    11651163         <li>1 - PROTOCOL_ERROR. This is a generic error, and should only be used if a more specific error is not available.</li>
    1166          <li>11 - INTERNAL_ERROR. This is a generic error which can be used when the implementation has internally failed, not due to anything
     1164         <li>2 - INTERNAL_ERROR. This is a generic error which can be used when the implementation has internally failed, not due to anything
    11671165            in the protocol.
    11681166         </li>
     
    12031201      </p>
    12041202      <h3 id="rfc.section.2.6.8"><a href="#rfc.section.2.6.8">2.6.8</a>&nbsp;<a id="WINDOW_UPDATE" href="#WINDOW_UPDATE">WINDOW_UPDATE</a></h3>
    1205       <p id="rfc.section.2.6.8.p.1">The WINDOW_UPDATE control frame is used to implement per stream flow control in SPDY. Flow control in SPDY is per hop, that
    1206          is, only between the two endpoints of a SPDY connection. If there are one or more intermediaries between the client and the
    1207          origin server, flow control signals are not explicitly forwarded by the intermediaries. (However, throttling of data transfer
    1208          by any recipient may have the effect of indirectly propagating flow control information upstream back to the original sender.)
    1209          Flow control only applies to the data portion of data frames. Recipients must buffer all control frames. If a recipient fails
    1210          to buffer an entire control frame, it MUST issue a stream error (<a href="#StreamErrorHandler" title="Stream Error Handling">Section&nbsp;2.4.2</a>) with the status code FLOW_CONTROL_ERROR for the stream.
    1211       </p>
    1212       <p id="rfc.section.2.6.8.p.2">Flow control in SPDY is implemented by a data transfer window kept by the sender of each stream. The data transfer window
     1203      <p id="rfc.section.2.6.8.p.1">The WINDOW_UPDATE control frame is used to implement per stream flow control in HTTP/2.0. Flow control in HTTP/2.0 is per
     1204         hop, that is, only between the two endpoints of a HTTP/2.0 connection. If there are one or more intermediaries between the
     1205         client and the origin server, flow control signals are not explicitly forwarded by the intermediaries. (However, throttling
     1206         of data transfer by any recipient may have the effect of indirectly propagating flow control information upstream back to
     1207         the original sender.) Flow control only applies to the data portion of data frames. Recipients must buffer all control frames.
     1208         If a recipient fails to buffer an entire control frame, it MUST issue a stream error (<a href="#StreamErrorHandler" title="Stream Error Handling">Section&nbsp;2.4.2</a>) with the status code FLOW_CONTROL_ERROR for the stream.
     1209      </p>
     1210      <p id="rfc.section.2.6.8.p.2">Flow control in HTTP/2.0 is implemented by a data transfer window kept by the sender of each stream. The data transfer window
    12131211         is a simple uint32 that indicates how many bytes of data the sender can transmit. After a stream is created, but before any
    12141212         data frames have been transmitted, the sender begins with the initial window size. This window size is a measure of the buffering
     
    12291227+----------------------------------+
    12301228            </pre> <p id="rfc.section.2.6.8.p.4">Control bit: The control bit is always 1 for this message.</p>
    1231       <p id="rfc.section.2.6.8.p.5">Version: The SPDY version number.</p>
     1229      <p id="rfc.section.2.6.8.p.5">Version: The HTTP/2.0 version number.</p>
    12321230      <p id="rfc.section.2.6.8.p.6">Type: The message type for a WINDOW_UPDATE message is 9.</p>
    12331231      <p id="rfc.section.2.6.8.p.7">Length: The length field is always 8 for this frame (there are 8 bytes after the length field).</p>
     
    12401238         to terminate the stream.
    12411239      </p>
    1242       <p id="rfc.section.2.6.8.p.11">When a SPDY connection is first established, the default initial window size for all streams is 64KB. An endpoint can use
    1243          the SETTINGS control frame to adjust the initial window size for the connection. That is, its peer can start out using the
    1244          64KB default initial window size when sending data frames before receiving the SETTINGS. Because SETTINGS is asynchronous,
     1240      <p id="rfc.section.2.6.8.p.11">When a HTTP/2.0 connection is first established, the default initial window size for all streams is 64KB. An endpoint can
     1241         use the SETTINGS control frame to adjust the initial window size for the connection. That is, its peer can start out using
     1242         the 64KB default initial window size when sending data frames before receiving the SETTINGS. Because SETTINGS is asynchronous,
    12451243         there may be a race condition if the recipient wants to decrease the initial window size, but its peer immediately sends 64KB
    12461244         on the creation of a new connection, before waiting for the SETTINGS to arrive. This is one case where the window size kept
     
    12691267      </p>
    12701268      <h3 id="rfc.section.2.6.9"><a href="#rfc.section.2.6.9">2.6.9</a>&nbsp;<a id="CREDENTIAL" href="#CREDENTIAL">CREDENTIAL</a></h3>
    1271       <p id="rfc.section.2.6.9.p.1">The CREDENTIAL control frame is used by the client to send additional client certificates to the server. A SPDY client may
    1272          decide to send requests for resources from different origins on the same SPDY session if it decides that that server handles
    1273          both origins. For example if the IP address associated with both hostnames matches and the SSL server certificate presented
    1274          in the initial handshake is valid for both hostnames. However, because the SSL connection can contain at most one client certificate,
    1275          the client needs a mechanism to send additional client certificates to the server.
    1276       </p>
    1277       <p id="rfc.section.2.6.9.p.2">The server is required to maintain a vector of client certificates associated with a SPDY session. When the client needs to
    1278          send a client certificate to the server, it will send a CREDENTIAL frame that specifies the index of the slot in which to
    1279          store the certificate as well as proof that the client posesses the corresponding private key. The initial size of this vector
    1280          must be 8. If the client provides a client certificate during the first TLS handshake, the contents of this certificate must
    1281          be copied into the first slot (index 1) in the CREDENTIAL vector, though it may be overwritten by subsequent CREDENTIAL frames.
    1282          The server must exclusively use the CREDNETIAL vector when evaluating the client certificates associated with an origin. The
    1283          server may change the size of this vector by sending a SETTINGS frame with the setting SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE
     1269      <p id="rfc.section.2.6.9.p.1">The CREDENTIAL control frame is used by the client to send additional client certificates to the server. A HTTP/2.0 client
     1270         may decide to send requests for resources from different origins on the same HTTP/2.0 session if it decides that that server
     1271         handles both origins. For example if the IP address associated with both hostnames matches and the SSL server certificate
     1272         presented in the initial handshake is valid for both hostnames. However, because the SSL connection can contain at most one
     1273         client certificate, the client needs a mechanism to send additional client certificates to the server.
     1274      </p>
     1275      <p id="rfc.section.2.6.9.p.2">The server is required to maintain a vector of client certificates associated with a HTTP/2.0 session. When the client needs
     1276         to send a client certificate to the server, it will send a CREDENTIAL frame that specifies the index of the slot in which
     1277         to store the certificate as well as proof that the client posesses the corresponding private key. The initial size of this
     1278         vector must be 8. If the client provides a client certificate during the first TLS handshake, the contents of this certificate
     1279         must be copied into the first slot (index 1) in the CREDENTIAL vector, though it may be overwritten by subsequent CREDENTIAL
     1280         frames. The server must exclusively use the CREDENTIAL vector when evaluating the client certificates associated with an origin.
     1281         The server may change the size of this vector by sending a SETTINGS frame with the setting SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE
    12841282         value specified. In the event that the new size is smaller than the current size, truncation occurs preserving lower-index
    12851283         slots as possible.
    12861284      </p>
    1287       <p id="rfc.section.2.6.9.p.3">TLS renegotiation with client authentication is incompatible with SPDY given the multiplexed nature of SPDY. Specifically,
     1285      <p id="rfc.section.2.6.9.p.3">TLS renegotiation with client authentication is incompatible with HTTP/2.0 given the multiplexed nature of HTTP/2.0. Specifically,
    12881286         imagine that the client has 2 requests outstanding to the server for two different pages (in different tabs). When the renegotiation
    12891287         + client certificate request comes in, the browser is unable to determine which resource triggered the client certificate
     
    13121310         type used in TLS 1.0 connections can not be correctly encoded in a digitally-signed element, SHA1 must be used when MD5+SHA1
    13131311         was used in the SSL connection. The signature is calculated over a 32 byte TLS extractor value (http://tools.ietf.org/html/rfc5705)
    1314          with a label of "EXPORTER SPDY certificate proof" using the empty string as context. ForRSA certificates the signature would
    1315          be a PKCS#1 v1.5 signature. For ECDSA, it would be an ECDSA-Sig-Value (http://tools.ietf.org/html/rfc5480#appendix-A). For
    1316          a 1024-bit RSA key, the CREDENTIAL message would be ~500 bytes.
     1312         with a label of "EXPORTER HTTP/2.0 certificate proof" using the empty string as context. ForRSA certificates the signature
     1313         would be a PKCS#1 v1.5 signature. For ECDSA, it would be an ECDSA-Sig-Value (http://tools.ietf.org/html/rfc5480#appendix-A).
     1314         For a 1024-bit RSA key, the CREDENTIAL message would be ~500 bytes.
    13171315      </p>
    13181316      <p id="rfc.section.2.6.9.p.7">Certificate: The certificate chain, starting with the leaf certificate. Each certificate must be encoded as a 32 bit length,
     
    13221320      <p id="rfc.section.2.6.9.p.8">If the server receives a request for a resource with unacceptable credential (either missing or invalid), it must reply with
    13231321         a RST_STREAM frame with the status code INVALID_CREDENTIALS. Upon receipt of a RST_STREAM frame with INVALID_CREDENTIALS,
    1324          the client should initiate a new stream directly to the requested origin and resend the request. Note, SPDY does not allow
     1322         the client should initiate a new stream directly to the requested origin and resend the request. Note, HTTP/2.0 does not allow
    13251323         the server to request different client authentication for different resources in the same origin.
    13261324      </p>
     
    13441342      <ul class="empty">
    13451343         <li>Length of Name: a 32-bit value containing the number of octets in the name field. Note that in practice, this length must
    1346             not exceed 2^24, as that is the maximum size of a SPDY frame.
     1344            not exceed 2^24, as that is the maximum size of a HTTP/2.0 frame.
    13471345         </li>
    13481346         <li>Name: 0 or more octets, 8-bit sequences of data, excluding 0.</li>
    13491347         <li>Length of Value: a 32-bit value containing the number of octets in the value field. Note that in practice, this length must
    1350             not exceed 2^24, as that is the maximum size of a SPDY frame.
     1348            not exceed 2^24, as that is the maximum size of a HTTP/2.0 frame.
    13511349         </li>
    13521350         <li>Value: 0 or more octets, 8-bit sequences of data, excluding 0.</li>
     
    13661364      <p id="rfc.section.2.6.10.1.p.2">For each HEADERS compression instance, the initial state is initialized using the following <a href="#UDELCOMPRESSION">dictionary</a> <cite title="A Methodology to Derive SPDY's Initial Dictionary for Zlib Compression" id="rfc.xref.UDELCOMPRESSION.1">[UDELCOMPRESSION]</cite>:
    13671365      </p>
    1368       <div id="rfc.figure.u.13"></div> <pre class="ccmarker cct"><span>&lt;CODE BEGINS&gt;</span></pre><pre class="text">const unsigned char SPDY_dictionary_txt[] = {
     1366      <div id="rfc.figure.u.13"></div> <pre class="ccmarker cct"><span>&lt;CODE BEGINS&gt;</span></pre><pre class="text">const unsigned char http2_dictionary_txt[] = {
    13691367  0x00, 0x00, 0x00, 0x07, 0x6f, 0x70, 0x74, 0x69,  \\ - - - - o p t i
    13701368  0x6f, 0x6e, 0x73, 0x00, 0x00, 0x00, 0x04, 0x68,  \\ o n s - - - - h
     
    15471545};
    15481546</pre><pre class="ccmarker ccb"><span>&lt;CODE ENDS&gt;</span></pre> <p id="rfc.section.2.6.10.1.p.4">The entire contents of the name/value header block is compressed using zlib. There is a single zlib stream for all name value
    1549          pairs in one direction on a connection. SPDY uses a SYNC_FLUSH between each compressed frame.
     1547         pairs in one direction on a connection. HTTP/2.0 uses a SYNC_FLUSH between each compressed frame.
    15501548      </p>
    15511549      <p id="rfc.section.2.6.10.1.p.5">Implementation notes: the compression engine can be tuned to favor speed or size. Optimizing for size increases memory use
     
    15541552         the decompressor will work with any setting.
    15551553      </p>
    1556       <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="HTTPLayer" href="#HTTPLayer">HTTP Layering over SPDY</a></h1>
    1557       <p id="rfc.section.3.p.1">SPDY is intended to be as compatible as possible with current web-based applications. This means that, from the perspective
     1554      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="HTTPLayer" href="#HTTPLayer">HTTP Layering over HTTP/2.0</a></h1>
     1555      <p id="rfc.section.3.p.1">HTTP/2.0 is intended to be as compatible as possible with current web-based applications. This means that, from the perspective
    15581556         of the server business logic or application API, the features of HTTP are unchanged. To achieve this, all of the application
    15591557         request and response header semantics are preserved, although the syntax of conveying those semantics has changed. Thus, the
     
    15621560      <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;Connection Management
    15631561      </h2>
    1564       <p id="rfc.section.3.1.p.1">Clients SHOULD NOT open more than one SPDY session to a given <a href="#RFC6454">origin</a> <cite title="The Web Origin Concept" id="rfc.xref.RFC6454.2">[RFC6454]</cite> concurrently.
    1565       </p>
    1566       <p id="rfc.section.3.1.p.2">Note that it is possible for one SPDY session to be finishing (e.g. a GOAWAY message has been sent, but not all streams have
    1567          finished), while another SPDY session is starting.
     1562      <p id="rfc.section.3.1.p.1">Clients SHOULD NOT open more than one HTTP/2.0 session to a given <a href="#RFC6454">origin</a> <cite title="The Web Origin Concept" id="rfc.xref.RFC6454.2">[RFC6454]</cite> concurrently.
     1563      </p>
     1564      <p id="rfc.section.3.1.p.2">Note that it is possible for one HTTP/2.0 session to be finishing (e.g. a GOAWAY message has been sent, but not all streams
     1565         have finished), while another HTTP/2.0 session is starting.
    15681566      </p>
    15691567      <h3 id="rfc.section.3.1.1"><a href="#rfc.section.3.1.1">3.1.1</a>&nbsp;Use of GOAWAY
    15701568      </h3>
    1571       <p id="rfc.section.3.1.1.p.1">SPDY provides a GOAWAY message which can be used when closing a connection from either the client or server. Without a server
    1572          GOAWAY message, HTTP has a race condition where the client sends a request (a new SYN_STREAM) just as the server is closing
    1573          the connection, and the client cannot know if the server received the stream or not. By using the last-stream-id in the GOAWAY,
    1574          servers can indicate to the client if a request was processed or not.
     1569      <p id="rfc.section.3.1.1.p.1">HTTP/2.0 provides a GOAWAY message which can be used when closing a connection from either the client or server. Without a
     1570         server GOAWAY message, HTTP has a race condition where the client sends a request (a new SYN_STREAM) just as the server is
     1571         closing the connection, and the client cannot know if the server received the stream or not. By using the last-stream-id in
     1572         the GOAWAY, servers can indicate to the client if a request was processed or not.
    15751573      </p>
    15761574      <p id="rfc.section.3.1.1.p.2">Note that some servers will choose to send the GOAWAY and immediately terminate the connection without waiting for active
    1577          streams to finish. The client will be able to determine this because SPDY streams are determinstically closed. This abrupt
     1575         streams to finish. The client will be able to determine this because HTTP/2.0 streams are determinstically closed. This abrupt
    15781576         termination will force the client to heuristically decide whether to retry the pending requests. Clients always need to be
    15791577         capable of dealing with this case because they must deal with accidental connection termination cases, which are the same
     
    15831581         for the active streams to finish before terminating the connection.
    15841582      </p>
    1585       <p id="rfc.section.3.1.1.p.4">If a SPDY client closes the connection, it should also send a GOAWAY message. This allows the server to know if any server-push
     1583      <p id="rfc.section.3.1.1.p.4">If a HTTP/2.0 client closes the connection, it should also send a GOAWAY message. This allows the server to know if any server-push
    15861584         streams were received by the client.
    15871585      </p>
     
    15991597      </p>
    16001598      <p id="rfc.section.3.2.1.p.2">The SYN_STREAM Name/Value section will contain all of the HTTP headers which are associated with an HTTP request. The header
    1601          block in SPDY is mostly unchanged from today's HTTP header block, with the following differences:
     1599         block in HTTP/2.0 is mostly unchanged from today's HTTP header block, with the following differences:
    16021600      </p>
    16031601      <ul class="empty">
     
    16291627               <li>Although POSTs are inherently chunked, POST requests SHOULD also be accompanied by a Content-Length header. There are two
    16301628                  reasons for this: First, it assists with upload progress meters for an improved user experience. But second, we know from
    1631                   early versions of SPDY that failure to send a content length header is incompatible with many existing HTTP server implementations.
     1629                  early versions of HTTP/2.0 that failure to send a content length header is incompatible with many existing HTTP server implementations.
    16321630                  Existing user-agents do not omit the Content-Length header, and server implementations have come to depend upon this.
    16331631               </li>
     
    16761674      <h4 id="rfc.section.3.2.3.1"><a href="#rfc.section.3.2.3.1">3.2.3.1</a>&nbsp;Stateless Authentication
    16771675      </h4>
    1678       <p id="rfc.section.3.2.3.1.p.1">Stateless Authentication over SPDY is identical to how it is performed over HTTP. If multiple SPDY streams are concurrently
     1676      <p id="rfc.section.3.2.3.1.p.1">Stateless Authentication over HTTP/2.0 is identical to how it is performed over HTTP. If multiple HTTP/2.0 streams are concurrently
    16791677         sent to a single server, each will authenticate independently, similar to how two HTTP connections would independently authenticate
    16801678         to a proxy server.
     
    16831681      </h4>
    16841682      <p id="rfc.section.3.2.3.2.p.1">Unfortunately, the stateful authentication mechanisms were implemented and defined in a such a way that directly violates
    1685          RFC2617 - they do not include a "realm" as part of the request. This is problematic in SPDY because it makes it impossible
     1683         RFC2617 - they do not include a "realm" as part of the request. This is problematic in HTTP/2.0 because it makes it impossible
    16861684         for a client to disambiguate two concurrent server authentication challenges.
    16871685      </p>
    1688       <p id="rfc.section.3.2.3.2.p.2">To deal with this case, SPDY servers using Stateful Authentication MUST implement one of two changes: </p>
     1686      <p id="rfc.section.3.2.3.2.p.2">To deal with this case, HTTP/2.0 servers using Stateful Authentication MUST implement one of two changes: </p>
    16891687      <ul class="empty">
    16901688         <li>Servers can add a "realm=&lt;desired realm&gt;" header so that the two authentication requests can be disambiguated and run concurrently.
     
    16991697      <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;Server Push Transactions
    17001698      </h2>
    1701       <p id="rfc.section.3.3.p.1">SPDY enables a server to send multiple replies to a client for a single request. The rationale for this feature is that sometimes
    1702          a server knows that it will need to send multiple resources in response to a single request. Without server push features,
    1703          the client must first download the primary resource, then discover the secondary resource(s), and request them. Pushing of
    1704          resources avoids the round-trip delay, but also creates a potential race where a server can be pushing content which a user-agent
    1705          is in the process of requesting. The following mechanics attempt to prevent the race condition while enabling the performance
    1706          benefit.
    1707       </p>
    1708       <p id="rfc.section.3.3.p.2">Browsers receiving a pushed response MUST validate that the server is authorized to push the URL using the <a href="#RFC6454">browser same-origin</a> <cite title="The Web Origin Concept" id="rfc.xref.RFC6454.3">[RFC6454]</cite> policy. For example, a SPDY connection to www.foo.com is generally not permitted to push a response for www.evil.com.
     1699      <p id="rfc.section.3.3.p.1">HTTP/2.0 enables a server to send multiple replies to a client for a single request. The rationale for this feature is that
     1700         sometimes a server knows that it will need to send multiple resources in response to a single request. Without server push
     1701         features, the client must first download the primary resource, then discover the secondary resource(s), and request them.
     1702         Pushing of resources avoids the round-trip delay, but also creates a potential race where a server can be pushing content
     1703         which a user-agent is in the process of requesting. The following mechanics attempt to prevent the race condition while enabling
     1704         the performance benefit.
     1705      </p>
     1706      <p id="rfc.section.3.3.p.2">Browsers receiving a pushed response MUST validate that the server is authorized to push the URL using the <a href="#RFC6454">browser same-origin</a> <cite title="The Web Origin Concept" id="rfc.xref.RFC6454.3">[RFC6454]</cite> policy. For example, a HTTP/2.0 connection to www.foo.com is generally not permitted to push a response for www.evil.com.
    17091707      </p>
    17101708      <p id="rfc.section.3.3.p.3">If the browser accepts a pushed response (e.g. it does not send a RST_STREAM), the browser MUST attempt to cache the pushed
     
    17121710         the disk cache.
    17131711      </p>
    1714       <p id="rfc.section.3.3.p.4">Because pushed responses have no request, they have no request headers associated with them. At the framing layer, SPDY pushed
    1715          streams contain an "associated-stream-id" which indicates the requested stream for which the pushed stream is related. The
    1716          pushed stream inherits all of the headers from the associated-stream-id with the exception of ":host", ":scheme", and ":path",
    1717          which are provided as part of the pushed response stream headers. The browser MUST store these inherited and implied request
    1718          headers with the cached resource.
     1712      <p id="rfc.section.3.3.p.4">Because pushed responses have no request, they have no request headers associated with them. At the framing layer, HTTP/2.0
     1713         pushed streams contain an "associated-stream-id" which indicates the requested stream for which the pushed stream is related.
     1714         The pushed stream inherits all of the headers from the associated-stream-id with the exception of ":host", ":scheme", and
     1715         ":path", which are provided as part of the pushed response stream headers. The browser MUST store these inherited and implied
     1716         request headers with the cached resource.
    17191717      </p>
    17201718      <p id="rfc.section.3.3.p.5">Implementation note: With server push, it is theoretically possible for servers to push unreasonable amounts of content or
     
    17771775      <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;Design Rationale and Notes
    17781776      </h1>
    1779       <p id="rfc.section.4.p.1">Authors' notes: The notes in this section have no bearing on the SPDY protocol as specified within this document, and none
    1780          of these notes should be considered authoritative about how the protocol works. However, these notes may prove useful in future
    1781          debates about how to resolve protocol ambiguities or how to evolve the protocol going forward. They may be removed before
    1782          the final draft.
     1777      <p id="rfc.section.4.p.1">Authors' notes: The notes in this section have no bearing on the HTTP/2.0 protocol as specified within this document, and
     1778         none of these notes should be considered authoritative about how the protocol works. However, these notes may prove useful
     1779         in future debates about how to resolve protocol ambiguities or how to evolve the protocol going forward. They may be removed
     1780         before the final draft.
    17831781      </p>
    17841782      <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;Separation of Framing Layer and Application Layer
    17851783      </h2>
    1786       <p id="rfc.section.4.1.p.1">Readers may note that this specification sometimes blends the framing layer (<a href="#FramingLayer" title="SPDY Framing Layer">Section&nbsp;2</a>) with requirements of a specific application - HTTP (<a href="#HTTPLayer" title="HTTP Layering over SPDY">Section&nbsp;3</a>). This is reflected in the request/response nature of the streams, the definition of the HEADERS and compression contexts
     1784      <p id="rfc.section.4.1.p.1">Readers may note that this specification sometimes blends the framing layer (<a href="#FramingLayer" title="HTTP/2.0 Framing Layer">Section&nbsp;2</a>) with requirements of a specific application - HTTP (<a href="#HTTPLayer" title="HTTP Layering over HTTP/2.0">Section&nbsp;3</a>). This is reflected in the request/response nature of the streams, the definition of the HEADERS and compression contexts
    17871785         which are very similar to HTTP, and other areas as well.
    17881786      </p>
    17891787      <p id="rfc.section.4.1.p.2">This blending is intentional - the primary goal of this protocol is to create a low-latency protocol for use with HTTP. Isolating
    17901788         the two layers is convenient for description of the protocol and how it relates to existing HTTP implementations. However,
    1791          the ability to reuse the SPDY framing layer is a non goal.
     1789         the ability to reuse the HTTP/2.0 framing layer is a non goal.
    17921790      </p>
    17931791      <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;Error handling - Framing Layer
    17941792      </h2>
    1795       <p id="rfc.section.4.2.p.1">Error handling at the SPDY layer splits errors into two groups: Those that affect an individual SPDY stream, and those that
    1796          do not.
    1797       </p>
    1798       <p id="rfc.section.4.2.p.2">When an error is confined to a single stream, but general framing is in tact, SPDY attempts to use the RST_STREAM as a mechanism
    1799          to invalidate the stream but move forward without aborting the connection altogether.
    1800       </p>
    1801       <p id="rfc.section.4.2.p.3">For errors occuring outside of a single stream context, SPDY assumes the entire session is hosed. In this case, the endpoint
     1793      <p id="rfc.section.4.2.p.1">Error handling at the HTTP/2.0 layer splits errors into two groups: Those that affect an individual HTTP/2.0 stream, and those
     1794         that do not.
     1795      </p>
     1796      <p id="rfc.section.4.2.p.2">When an error is confined to a single stream, but general framing is in tact, HTTP/2.0 attempts to use the RST_STREAM as a
     1797         mechanism to invalidate the stream but move forward without aborting the connection altogether.
     1798      </p>
     1799      <p id="rfc.section.4.2.p.3">For errors occuring outside of a single stream context, HTTP/2.0 assumes the entire session is hosed. In this case, the endpoint
    18021800         detecting the error should initiate a connection close.
    18031801      </p>
    18041802      <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;One Connection Per Domain
    18051803      </h2>
    1806       <p id="rfc.section.4.3.p.1">SPDY attempts to use fewer connections than other protocols have traditionally used. The rationale for this behavior is because
    1807          it is very difficult to provide a consistent level of service (e.g. TCP slow-start), prioritization, or optimal compression
     1804      <p id="rfc.section.4.3.p.1">HTTP/2.0 attempts to use fewer connections than other protocols have traditionally used. The rationale for this behavior is
     1805         because it is very difficult to provide a consistent level of service (e.g. TCP slow-start), prioritization, or optimal compression
    18081806         when the client is connecting to the server through multiple channels.
    18091807      </p>
    18101808      <p id="rfc.section.4.3.p.2">Through lab measurements, we have seen consistent latency benefits by using fewer connections from the client. The overall
    1811          number of packets sent by SPDY can be as much as 40% less than HTTP. Handling large numbers of concurrent connections on the
    1812          server also does become a scalability problem, and SPDY reduces this load.
    1813       </p>
    1814       <p id="rfc.section.4.3.p.3">The use of multiple connections is not without benefit, however. Because SPDY multiplexes multiple, independent streams onto
    1815          a single stream, it creates a potential for head-of-line blocking problems at the transport level. In tests so far, the negative
    1816          effects of head-of-line blocking (especially in the presence of packet loss) is outweighed by the benefits of compression
     1809         number of packets sent by HTTP/2.0 can be as much as 40% less than HTTP. Handling large numbers of concurrent connections
     1810         on the server also does become a scalability problem, and HTTP/2.0 reduces this load.
     1811      </p>
     1812      <p id="rfc.section.4.3.p.3">The use of multiple connections is not without benefit, however. Because HTTP/2.0 multiplexes multiple, independent streams
     1813         onto a single stream, it creates a potential for head-of-line blocking problems at the transport level. In tests so far, the
     1814         negative effects of head-of-line blocking (especially in the presence of packet loss) is outweighed by the benefits of compression
    18171815         and prioritization.
    18181816      </p>
    18191817      <h2 id="rfc.section.4.4"><a href="#rfc.section.4.4">4.4</a>&nbsp;Fixed vs Variable Length Fields
    18201818      </h2>
    1821       <p id="rfc.section.4.4.p.1">SPDY favors use of fixed length 32bit fields in cases where smaller, variable length encodings could have been used. To some,
    1822          this seems like a tragic waste of bandwidth. SPDY choses the simple encoding for speed and simplicity.
    1823       </p>
    1824       <p id="rfc.section.4.4.p.2">The goal of SPDY is to reduce latency on the network. The overhead of SPDY frames is generally quite low. Each data frame
    1825          is only an 8 byte overhead for a 1452 byte payload (~0.6%). At the time of this writing, bandwidth is already plentiful, and
    1826          there is a strong trend indicating that bandwidth will continue to increase. With an average worldwide bandwidth of 1Mbps,
     1819      <p id="rfc.section.4.4.p.1">HTTP/2.0 favors use of fixed length 32bit fields in cases where smaller, variable length encodings could have been used. To
     1820         some, this seems like a tragic waste of bandwidth. HTTP/2.0 choses the simple encoding for speed and simplicity.
     1821      </p>
     1822      <p id="rfc.section.4.4.p.2">The goal of HTTP/2.0 is to reduce latency on the network. The overhead of HTTP/2.0 frames is generally quite low. Each data
     1823         frame is only an 8 byte overhead for a 1452 byte payload (~0.6%). At the time of this writing, bandwidth is already plentiful,
     1824         and there is a strong trend indicating that bandwidth will continue to increase. With an average worldwide bandwidth of 1Mbps,
    18271825         and assuming that a variable length encoding could reduce the overhead by 50%, the latency saved by using a variable length
    18281826         encoding would be less than 100 nanoseconds. More interesting are the effects when the larger encodings force a packet boundary,
    1829          in which case a round-trip could be induced. However, by addressing other aspects of SPDY and TCP interactions, we believe
     1827         in which case a round-trip could be induced. However, by addressing other aspects of HTTP/2.0 and TCP interactions, we believe
    18301828         this is completely mitigated.
    18311829      </p>
     
    18421840      <p id="rfc.section.4.5.p.2">Alternatively, we've chosen the simple approach, which is to simply provide a flag for resetting the compression context.
    18431841         For the common case (no proxy), this fine because most requests are to the same origin and we never need to reset the context.
    1844          For cases where we are using two different origins over a single SPDY session, we simply reset the compression state between
     1842         For cases where we are using two different origins over a single HTTP/2.0 session, we simply reset the compression state between
    18451843         each transition.
    18461844      </p>
     
    18571855      </h2>
    18581856      <p id="rfc.section.4.7.p.1">Generic compression of data portion of the streams (as opposed to compression of the headers) without knowing the content
    1859          of the stream is redundant. There is no value in compressing a stream which is already compressed. Because of this, SPDY does
    1860          allow data compression to be optional. We included it because study of existing websites shows that many sites are not using
    1861          compression as they should, and users suffer because of it. We wanted a mechanism where, at the SPDY layer, site administrators
    1862          could simply force compression - it is better to compress twice than to not compress.
     1857         of the stream is redundant. There is no value in compressing a stream which is already compressed. Because of this, HTTP/2.0
     1858         does allow data compression to be optional. We included it because study of existing websites shows that many sites are not
     1859         using compression as they should, and users suffer because of it. We wanted a mechanism where, at the HTTP/2.0 layer, site
     1860         administrators could simply force compression - it is better to compress twice than to not compress.
    18631861      </p>
    18641862      <p id="rfc.section.4.7.p.2">Overall, however, with this feature being optional and sometimes redundant, it is unclear if it is useful at all. We will
     
    18781876      <p id="rfc.section.5.1.p.1">This specification uses the <a href="#RFC6454">same-origin policy</a> <cite title="The Web Origin Concept" id="rfc.xref.RFC6454.4">[RFC6454]</cite> in all cases where verification of content is required.
    18791877      </p>
    1880       <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a>&nbsp;HTTP Headers and SPDY Headers
    1881       </h2>
    1882       <p id="rfc.section.5.2.p.1">At the application level, HTTP uses name/value pairs in its headers. Because SPDY merges the existing HTTP headers with SPDY
    1883          headers, there is a possibility that some HTTP applications already use a particular header name. To avoid any conflicts,
    1884          all headers introduced for layering HTTP over SPDY are prefixed with ":". ":" is not a valid sequence in HTTP header naming,
     1878      <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a>&nbsp;HTTP Headers and HTTP/2.0 Headers
     1879      </h2>
     1880      <p id="rfc.section.5.2.p.1">At the application level, HTTP uses name/value pairs in its headers. Because HTTP/2.0 merges the existing HTTP headers with
     1881         HTTP/2.0 headers, there is a possibility that some HTTP applications already use a particular header name. To avoid any conflicts,
     1882         all headers introduced for layering HTTP over HTTP/2.0 are prefixed with ":". ":" is not a valid sequence in HTTP header naming,
    18851883         preventing any possible conflict.
    18861884      </p>
    18871885      <h2 id="rfc.section.5.3"><a href="#rfc.section.5.3">5.3</a>&nbsp;Cross-Protocol Attacks
    18881886      </h2>
    1889       <p id="rfc.section.5.3.p.1">By utilizing TLS, we believe that SPDY introduces no new cross-protocol attacks. TLS encrypts the contents of all transmission
     1887      <p id="rfc.section.5.3.p.1">By utilizing TLS, we believe that HTTP/2.0 introduces no new cross-protocol attacks. TLS encrypts the contents of all transmission
    18901888         (except the handshake itself), making it difficult for attackers to control the data which could be used in a cross-protocol
    18911889         attack.
     
    19011899      <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;Long Lived Connections
    19021900      </h2>
    1903       <p id="rfc.section.6.1.p.1">SPDY aims to keep connections open longer between clients and servers in order to reduce the latency when a user makes a request.
    1904          The maintenance of these connections over time could be used to expose private information. For example, a user using a browser
    1905          hours after the previous user stopped using that browser may be able to learn about what the previous user was doing. This
    1906          is a problem with HTTP in its current form as well, however the short lived connections make it less of a risk.
     1901      <p id="rfc.section.6.1.p.1">HTTP/2.0 aims to keep connections open longer between clients and servers in order to reduce the latency when a user makes
     1902         a request. The maintenance of these connections over time could be used to expose private information. For example, a user
     1903         using a browser hours after the previous user stopped using that browser may be able to learn about what the previous user
     1904         was doing. This is a problem with HTTP in its current form as well, however the short lived connections make it less of a
     1905         risk.
    19071906      </p>
    19081907      <h2 id="rfc.section.6.2"><a href="#rfc.section.6.2">6.2</a>&nbsp;SETTINGS frame
    19091908      </h2>
    1910       <p id="rfc.section.6.2.p.1">The SPDY SETTINGS frame allows servers to store out-of-band transmitted information about the communication between client
     1909      <p id="rfc.section.6.2.p.1">The HTTP/2.0 SETTINGS frame allows servers to store out-of-band transmitted information about the communication between client
    19111910         and server on the client. Although this is intended only to be used to reduce latency, renegade servers could use it as a
    19121911         mechanism to store identifying information about the client in future requests.
     
    19171916      <p id="rfc.section.6.2.p.3">Clients MUST clear persisted SETTINGS information when clearing the cookies.</p>
    19181917      <p id="rfc.section.6.2.p.4">TODO: Put range maximums on each type of setting to limit inappropriate uses.</p>
    1919       <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;Incompatibilities with SPDY draft #2
     1918      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;Requirements Notation
    19201919      </h1>
    1921       <p id="rfc.section.7.p.1">Here is a list of the major changes between this draft and draft #2. </p>
    1922       <ul class="empty">
    1923          <li>Addition of flow control</li>
    1924          <li>Increased 16 bit length fields in SYN_STREAM and SYN_REPLY to 32 bits.</li>
    1925          <li>Changed definition of compression for DATA frames</li>
    1926          <li>Updated compression dictionary</li>
    1927          <li>Fixed off-by-one on the compression dictionary for headers</li>
    1928          <li>Increased priority field from 2bits to 3bits.</li>
    1929          <li>Removed NOOP frame</li>
    1930          <li>Split the request "url" into "scheme", "host", and "path"</li>
    1931          <li>Added the requirement that POSTs contain content-length.</li>
    1932          <li>Removed wasted 16bits of unused space from the end of the SYN_REPLY and HEADERS frames.</li>
    1933          <li>Fixed bug: Priorities were described backward (0 was lowest instead of highest).</li>
    1934          <li>Fixed bug: Name/Value header counts were duplicated in both the Name Value header block and also the containing frame.</li>
    1935       </ul>
    1936       <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;Requirements Notation
     1920      <p id="rfc.section.7.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
     1921         in this document are to be interpreted as described in <a href="#RFC2119">RFC 2119</a> <cite title="Key words for use in RFCs to Indicate Requirement Levels" id="rfc.xref.RFC2119.1">[RFC2119]</cite>.
     1922      </p>
     1923      <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;Acknowledgements
    19371924      </h1>
    1938       <p id="rfc.section.8.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
    1939          in this document are to be interpreted as described in <a href="#RFC2119">RFC 2119</a> <cite title="Key words for use in RFCs to Indicate Requirement Levels" id="rfc.xref.RFC2119.1">[RFC2119]</cite>.
    1940       </p>
    1941       <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;Acknowledgements
    1942       </h1>
    1943       <p id="rfc.section.9.p.1">Many individuals have contributed to the design and evolution of SPDY: Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham,
    1944          Alyssa Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam Barth, Ryan Hamilton, Gavin Peters, Kent Alstad,
    1945          Kevin Lindsay, Paul Amer, Fan Yang, Jonathan Leighton.
    1946       </p>
    1947       <h1 id="rfc.references"><a href="#rfc.section.10" id="rfc.section.10">10.</a> Normative References
     1925      <p id="rfc.section.8.p.1">Prior to being used as the basis for HTTP/2.0, the following individuals contributed to the design and evolution of SPDY:
     1926         Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe
     1927         Chan, Adam Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay, Paul Amer, Fan Yang, Jonathan Leighton.
     1928      </p>
     1929      <h1 id="rfc.references"><a href="#rfc.section.9" id="rfc.section.9">9.</a> Normative References
    19481930      </h1>
    19491931      <table>                           
     
    20312013      <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a>&nbsp;<a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1>
    20322014      <h2 id="rfc.section.A.1"><a href="#rfc.section.A.1">A.1</a>&nbsp;<a id="changes.since.draft-ietf-httpbis-http2-00" href="#changes.since.draft-ietf-httpbis-http2-00">Since draft-ietf-httpbis-http2-00</a></h2>
    2033       <p id="rfc.section.A.1.p.1">None yet.</p>
     2015      <p id="rfc.section.A.1.p.1">Changed title throughout.</p>
     2016      <p id="rfc.section.A.1.p.2">Removed section on Incompatibilities with SPDY draft#2.</p>
     2017      <p id="rfc.section.A.1.p.3">Changed INTERNAL_ERROR on GOAWAY to have a value of 2 &lt;<a href="https://groups.google.com/forum/?fromgroups#!topic/spdy-dev/cfUef2gL3iU">https://groups.google.com/forum/?fromgroups#!topic/spdy-dev/cfUef2gL3iU</a>&gt;.
     2018      </p>
    20342019      <h2 id="rfc.section.A.2"><a href="#rfc.section.A.2">A.2</a>&nbsp;<a id="changes.since.draft-mbelshe-httpbis-spdy-00" href="#changes.since.draft-mbelshe-httpbis-spdy-00">Since draft-mbelshe-httpbis-spdy-00</a></h2>
    20352020      <p id="rfc.section.A.2.p.1">Adopted as base for draft-ietf-httpbis-http2.</p>
     
    20422027         <ul class="ind">
    20432028            <li><a id="rfc.index.A" href="#rfc.index.A"><b>A</b></a><ul>
    2044                   <li><em>ASCII</em>&nbsp;&nbsp;<a href="#rfc.xref.ASCII.1">2.6.10</a>, <a href="#ASCII"><b>10</b></a></li>
     2029                  <li><em>ASCII</em>&nbsp;&nbsp;<a href="#rfc.xref.ASCII.1">2.6.10</a>, <a href="#ASCII"><b>9</b></a></li>
    20452030               </ul>
    20462031            </li>
    20472032            <li><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul>
    2048                   <li><em>RFC0793</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC0793.1">2.1</a>, <a href="#RFC0793"><b>10</b></a></li>
    2049                   <li><em>RFC1738</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1738.1">3.2.1</a>, <a href="#rfc.xref.RFC1738.2">3.2.1</a>, <a href="#RFC1738"><b>10</b></a></li>
    2050                   <li><em>RFC1950</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1950.1">2.6.10.1</a>, <a href="#RFC1950"><b>10</b></a></li>
    2051                   <li><em>RFC2119</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2119.1">8</a>, <a href="#RFC2119"><b>10</b></a></li>
    2052                   <li><em>RFC2285</em>&nbsp;&nbsp;<a href="#RFC2285"><b>10</b></a></li>
    2053                   <li><em>RFC2616</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.1">§</a>, <a href="#rfc.xref.RFC2616.2">3</a>, <a href="#RFC2616"><b>10</b></a></li>
    2054                   <li><em>RFC2617</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2617.1">3.2.3</a>, <a href="#RFC2617"><b>10</b></a></li>
    2055                   <li><em>RFC4366</em>&nbsp;&nbsp;<a href="#RFC4366"><b>10</b></a></li>
    2056                   <li><em>RFC4559</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4559.1">3.2.3</a>, <a href="#RFC4559"><b>10</b></a></li>
    2057                   <li><em>RFC5246</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5246.1">2.6.9</a>, <a href="#RFC5246"><b>10</b></a><ul>
     2033                  <li><em>RFC0793</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC0793.1">2.1</a>, <a href="#RFC0793"><b>9</b></a></li>
     2034                  <li><em>RFC1738</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1738.1">3.2.1</a>, <a href="#rfc.xref.RFC1738.2">3.2.1</a>, <a href="#RFC1738"><b>9</b></a></li>
     2035                  <li><em>RFC1950</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1950.1">2.6.10.1</a>, <a href="#RFC1950"><b>9</b></a></li>
     2036                  <li><em>RFC2119</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2119.1">7</a>, <a href="#RFC2119"><b>9</b></a></li>
     2037                  <li><em>RFC2285</em>&nbsp;&nbsp;<a href="#RFC2285"><b>9</b></a></li>
     2038                  <li><em>RFC2616</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.1">§</a>, <a href="#rfc.xref.RFC2616.2">3</a>, <a href="#RFC2616"><b>9</b></a></li>
     2039                  <li><em>RFC2617</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2617.1">3.2.3</a>, <a href="#RFC2617"><b>9</b></a></li>
     2040                  <li><em>RFC4366</em>&nbsp;&nbsp;<a href="#RFC4366"><b>9</b></a></li>
     2041                  <li><em>RFC4559</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4559.1">3.2.3</a>, <a href="#RFC4559"><b>9</b></a></li>
     2042                  <li><em>RFC5246</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5246.1">2.6.9</a>, <a href="#RFC5246"><b>9</b></a><ul>
    20582043                        <li><em>Section 4.7</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5246.1">2.6.9</a></li>
    20592044                     </ul>
    20602045                  </li>
    2061                   <li><em>RFC6454</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC6454.1">2.6.4</a>, <a href="#rfc.xref.RFC6454.2">3.1</a>, <a href="#rfc.xref.RFC6454.3">3.3</a>, <a href="#rfc.xref.RFC6454.4">5.1</a>, <a href="#RFC6454"><b>10</b></a></li>
     2046                  <li><em>RFC6454</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC6454.1">2.6.4</a>, <a href="#rfc.xref.RFC6454.2">3.1</a>, <a href="#rfc.xref.RFC6454.3">3.3</a>, <a href="#rfc.xref.RFC6454.4">5.1</a>, <a href="#RFC6454"><b>9</b></a></li>
    20622047               </ul>
    20632048            </li>
    20642049            <li><a id="rfc.index.T" href="#rfc.index.T"><b>T</b></a><ul>
    2065                   <li><em>TLSNPN</em>&nbsp;&nbsp;<a href="#TLSNPN"><b>10</b></a></li>
     2050                  <li><em>TLSNPN</em>&nbsp;&nbsp;<a href="#TLSNPN"><b>9</b></a></li>
    20662051               </ul>
    20672052            </li>
    20682053            <li><a id="rfc.index.U" href="#rfc.index.U"><b>U</b></a><ul>
    2069                   <li><em>UDELCOMPRESSION</em>&nbsp;&nbsp;<a href="#rfc.xref.UDELCOMPRESSION.1">2.6.10.1</a>, <a href="#UDELCOMPRESSION"><b>10</b></a></li>
     2054                  <li><em>UDELCOMPRESSION</em>&nbsp;&nbsp;<a href="#rfc.xref.UDELCOMPRESSION.1">2.6.10.1</a>, <a href="#UDELCOMPRESSION"><b>9</b></a></li>
    20702055               </ul>
    20712056            </li>
  • draft-ietf-httpbis-http2/latest/draft-ietf-httpbis-http2.xml

    r2080 r2124  
    1717  <x:feedback template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=&lt;{ref}&gt;:"/>
    1818  <front>
    19     <title abbrev="SPDY">SPDY Protocol</title>
     19    <title abbrev="HTTP/2.0">Hypertext Transfer Protocol version 2.0</title>
    2020    <author initials="M." surname="Belshe" fullname="Mike Belshe">
    2121      <organization>Twist</organization>
     
    6262    <workgroup>HTTPbis Working Group</workgroup>
    6363    <keyword>HTTP</keyword>
    64     <abstract>
    65       <t>This document describes SPDY, a protocol designed for low-latency transport of content over the World Wide Web.  SPDY introduces two layers of protocol.  The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams.  The upper layer of the protocol provides HTTP-like <xref target="RFC2616">RFC2616</xref> semantics for compatibility with existing HTTP application servers.</t>
    66     </abstract>
     64
     65<abstract>
     66  <t>
     67    This document describes HTTP/2.0, a protocol designed for low-latency transport of content over
     68    the World Wide Web.  HTTP/2.0 introduces two layers of protocol.  The lower layer is a general
     69    purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed,
     70    prioritized, and compressed data communication of many concurrent streams.  The upper layer of
     71    the protocol provides HTTP-like <xref target="RFC2616">RFC2616</xref> semantics for
     72    compatibility with existing HTTP application servers.
     73  </t>
     74</abstract>
    6775
    6876<note title="Editorial Note (To be removed by RFC Editor)">
     
    7280  </t>
    7381  <t>
    74     This first draft uses the SPDY Protocol as a starting point, as per the
    75     Working Group's charter. Future drafts will add, remove and change text,
    76     based upon the Working Group's decisions.
     82    This draft contains features from the SPDY Protocol as a starting point, as per the Working
     83    Group's charter. Future drafts will add, remove and change text, based upon the Working Group's
     84    decisions.
    7785  </t>
    7886  <t>
     
    98106<t>One of the bottlenecks of HTTP implementations is that HTTP relies on multiple connections for concurrency. This causes several problems, including additional round trips for connection setup, slow-start delays, and connection rationing by the client, where it tries to avoid opening too many connections to any single server.  HTTP pipelining helps some, but only achieves partial multiplexing.  In addition, pipelining has proven non-deployable in existing browsers due to intermediary interference.</t>
    99107
    100 <t>SPDY adds a framing layer for multiplexing multiple, concurrent streams across a single TCP connection (or any reliable transport stream).  The framing layer is optimized for HTTP-like request-response streams, such that applications which run over HTTP today can work over SPDY with little or no change on behalf of the web application writer.</t>
    101 
    102 <t>The SPDY session offers four improvements over HTTP:
    103 <list>
    104 <t>Multiplexed requests: There is no limit to the number of requests that can be issued concurrently over a single SPDY connection.</t>
     108<t>HTTP/2.0 adds a framing layer for multiplexing multiple, concurrent streams across a single TCP connection (or any reliable transport stream).  The framing layer is optimized for HTTP-like request-response streams, such that applications which run over HTTP today can work over HTTP/2.0 with little or no change on behalf of the web application writer.</t>
     109
     110<t>The HTTP/2.0 session offers four improvements over HTTP:
     111<list>
     112<t>Multiplexed requests: There is no limit to the number of requests that can be issued concurrently over a single HTTP/2.0 connection.</t>
    105113<t>Prioritized requests: Clients can request certain resources to be delivered first.  This avoids the problem of congesting the network channel with non-critical resources when a high-priority request is pending.</t>
    106114<t>Compressed headers:  Clients today send a significant amount of redundant data in the form of HTTP headers.  Because a single web page may require 50 or 100 subrequests, this data is significant.</t>
     
    109117</t>
    110118
    111 <t>SPDY attempts to preserve the existing semantics of HTTP. All features such as cookies, ETags, Vary headers, Content-Encoding negotiations, etc work as they do with HTTP; SPDY only replaces the way the data is written to the network.</t>
     119<t>HTTP/2.0 attempts to preserve the existing semantics of HTTP. All features such as cookies, ETags, Vary headers, Content-Encoding negotiations, etc work as they do with HTTP; HTTP/2.0 only replaces the way the data is written to the network.</t>
    112120
    113121      <section title="Document Organization">
    114 <t>The SPDY Specification is split into two parts: <xref target="FramingLayer">a framing layer</xref>, which multiplexes a TCP connection into independent, length-prefixed frames, and <xref target="HTTPLayer">an HTTP layer</xref>, which specifies the mechanism for overlaying HTTP request/response pairs on top of the framing layer. While some of the framing layer concepts are isolated from the HTTP layer, building a generic framing layer has not been a goal. The framing layer is tailored to the needs of the HTTP protocol and server push.</t>
     122<t>The HTTP/2.0 Specification is split into two parts: <xref target="FramingLayer">a framing layer</xref>, which multiplexes a TCP connection into independent, length-prefixed frames, and <xref target="HTTPLayer">an HTTP layer</xref>, which specifies the mechanism for overlaying HTTP request/response pairs on top of the framing layer. While some of the framing layer concepts are isolated from the HTTP layer, building a generic framing layer has not been a goal. The framing layer is tailored to the needs of the HTTP protocol and server push.</t>
    115123      </section>
    116124      <section title="Definitions">
    117125<t>
    118126<list>
    119 <t>client: The endpoint initiating the SPDY session.</t>
     127<t>client: The endpoint initiating the HTTP/2.0 session.</t>
    120128<t>connection: A transport-level connection between two endpoints.</t>
    121129<t>endpoint: Either the client or server of a connection.</t>
    122 <t>frame: A header-prefixed sequence of bytes sent over a SPDY session.</t>
    123 <t>server: The endpoint which did not initiate the SPDY session.</t>
     130<t>frame: A header-prefixed sequence of bytes sent over a HTTP/2.0 session.</t>
     131<t>server: The endpoint which did not initiate the HTTP/2.0 session.</t>
    124132<t>session: A synonym for a connection.</t>
    125 <t>session error: An error on the SPDY session.</t>
    126 <t>stream: A bi-directional flow of bytes across a virtual channel within a SPDY session.</t>
    127 <t>stream error: An error on an individual SPDY stream.</t>
     133<t>session error: An error on the HTTP/2.0 session.</t>
     134<t>stream: A bi-directional flow of bytes across a virtual channel within a HTTP/2.0 session.</t>
     135<t>stream error: An error on an individual HTTP/2.0 stream.</t>
    128136</list>
    129137</t>
     
    131139    </section>
    132140
    133     <section anchor="FramingLayer" title="SPDY Framing Layer">
     141    <section anchor="FramingLayer" title="HTTP/2.0 Framing Layer">
    134142      <section title="Session (Connections)">
    135 <t>The SPDY framing layer (or "session") runs atop a reliable transport layer such as <xref target="RFC0793">TCP</xref>. The client is the TCP connection initiator. SPDY connections are persistent connections.</t>
     143<t>The HTTP/2.0 framing layer (or "session") runs atop a reliable transport layer such as <xref target="RFC0793">TCP</xref>. The client is the TCP connection initiator. HTTP/2.0 connections are persistent connections.</t>
    136144
    137145<t>For best performance, it is expected that clients will not close open connections until the user navigates away from all web pages referencing a connection, or until the server closes the connection. Servers are encouraged to leave connections open for as long as possible, but can terminate idle connections if necessary.  When either endpoint closes the transport-level connection, it MUST first send a <xref target="GOAWAY">GOAWAY</xref> frame so that the endpoints can reliably determine if requests finished before the close.</t>
     
    142150<t>The first bit is a control bit indicating whether a frame is a control frame or data frame. Control frames carry a version number, a frame type, flags, and a length. Data frames contain the stream ID, flags, and the length for the payload carried after the common header. The simple header is designed to make reading and writing of frames easy.</t>
    143151
    144 <t>All integer values, including length, version, and type, are in network byte order.  SPDY does not enforce alignment of types in dynamically sized frames.</t>
     152<t>All integer values, including length, version, and type, are in network byte order.  HTTP/2.0 does not enforce alignment of types in dynamically sized frames.</t>
    145153        <section anchor="ControlFrames" title="Control frames">
    146154<figure>
     
    157165<t>Control bit: The 'C' bit is a single bit indicating if this is a control message. For control frames this value is always 1.</t>
    158166
    159 <t>Version: The version number of the SPDY protocol.  This document describes SPDY version 3.</t>
     167<t>Version: The version number of the HTTP/2.0 protocol.  This document describes HTTP/2.0 version 3.</t>
    160168
    161169<t>Type: The type of control frame. See Control Frames for the complete list of control frames.</t>
     
    206214<t>If the endpoint which created the stream receives a data frame before receiving a SYN_REPLY on that stream, it is a protocol error, and the recipient MUST issue a <xref target="StreamErrorHandler">stream error</xref> with the status code PROTOCOL_ERROR for the stream-id.</t>
    207215<t>Implementors note: If an endpoint receives multiple data frames for invalid stream-ids, it MAY close the session.</t>
    208 <t>All SPDY endpoints MUST accept compressed data frames.  Compression of data frames is always done using zlib compression.  Each stream initializes and uses its own compression context dedicated to use within that stream.  Endpoints are encouraged to use application level compression rather than SPDY stream level compression.</t>
    209 <t>Each SPDY stream sending compressed frames creates its own zlib context for that stream, and these compression contexts MUST be distinct from the compression contexts used with SYN_STREAM/SYN_REPLY/HEADER compression. (Thus, if both endpoints of a stream are compressing data on the stream, there will be two zlib contexts, one for sending and one for receiving).</t>
     216<t>All HTTP/2.0 endpoints MUST accept compressed data frames.  Compression of data frames is always done using zlib compression.  Each stream initializes and uses its own compression context dedicated to use within that stream.  Endpoints are encouraged to use application level compression rather than HTTP/2.0 stream level compression.</t>
     217<t>Each HTTP/2.0 stream sending compressed frames creates its own zlib context for that stream, and these compression contexts MUST be distinct from the compression contexts used with SYN_STREAM/SYN_REPLY/HEADER compression. (Thus, if both endpoints of a stream are compressing data on the stream, there will be two zlib contexts, one for sending and one for receiving).</t>
    210218</list>
    211219</t>
     
    224232
    225233        <section anchor="StreamFrames" title="Stream frames">
    226 <t>SPDY defines 3 control frames to manage the lifecycle of a stream:
     234<t>HTTP/2.0 defines 3 control frames to manage the lifecycle of a stream:
    227235    <list>
    228236        <t>SYN_STREAM - Open a new stream</t>
     
    287295
    288296      <section title="Error Handling">
    289 <t>The SPDY framing layer has only two types of errors, and they are always handled consistently.  Any reference in this specification to "issue a session error" refers to <xref target="SessionErrorHandler"></xref>.  Any reference to "issue a stream error" refers to <xref target="StreamErrorHandler"></xref>.</t>
     297<t>The HTTP/2.0 framing layer has only two types of errors, and they are always handled consistently.  Any reference in this specification to "issue a session error" refers to <xref target="SessionErrorHandler"></xref>.  Any reference to "issue a stream error" refers to <xref target="StreamErrorHandler"></xref>.</t>
    290298
    291299        <section anchor="SessionErrorHandler" title="Session Error Handling">
     
    298306
    299307        <section anchor="StreamErrorHandler" title="Stream Error Handling">
    300 <t>A stream error is an error related to a specific stream-id which does not affect processing of other streams at the framing layer.  Upon a stream error, the endpoint MUST send a <xref target="RST_STREAM">RST_STREAM</xref> frame which contains the stream id of the stream where the error occurred and the error status which caused the error.  After sending the RST_STREAM, the stream is closed to the sending endpoint.  After sending the RST_STREAM, if the sender receives any frames other than a RST_STREAM for that stream id, it will result in sending additional RST_STREAM frames.  An endpoint MUST NOT send a RST_STREAM in response to an RST_STREAM, as doing so would lead to RST_STREAM loops.  Sending a RST_STREAM does not cause the SPDY session to be closed.</t>
     308<t>A stream error is an error related to a specific stream-id which does not affect processing of other streams at the framing layer.  Upon a stream error, the endpoint MUST send a <xref target="RST_STREAM">RST_STREAM</xref> frame which contains the stream id of the stream where the error occurred and the error status which caused the error.  After sending the RST_STREAM, the stream is closed to the sending endpoint.  After sending the RST_STREAM, if the sender receives any frames other than a RST_STREAM for that stream id, it will result in sending additional RST_STREAM frames.  An endpoint MUST NOT send a RST_STREAM in response to an RST_STREAM, as doing so would lead to RST_STREAM loops.  Sending a RST_STREAM does not cause the HTTP/2.0 session to be closed.</t>
    301309
    302310<t>If an endpoint has multiple RST_STREAM frames to send in succession for the same stream-id and the same error code, it MAY coalesce them into a single RST_STREAM frame.  (This can happen if a stream is closed, but the remote sends multiple data frames.  There is no reason to send a RST_STREAM for each frame in succession).</t>
     
    305313
    306314      <section title="Data flow">
    307 <t>Because TCP provides a single stream of data on which SPDY multiplexes multiple logical streams, clients and servers must intelligently interleave data messages for concurrent sessions.</t>
     315<t>Because TCP provides a single stream of data on which HTTP/2.0 multiplexes multiple logical streams, clients and servers must intelligently interleave data messages for concurrent sessions.</t>
    308316      </section>
    309317
     
    431439<t>2 - INVALID_STREAM. This is returned when a frame is received for a stream which is not active.</t>
    432440<t>3 - REFUSED_STREAM.  Indicates that the stream was refused before any processing has been done on the stream.</t>
    433 <t>4 - UNSUPPORTED_VERSION.  Indicates that the recipient of a stream does not support the SPDY version requested.</t>
     441<t>4 - UNSUPPORTED_VERSION.  Indicates that the recipient of a stream does not support the HTTP/2.0 version requested.</t>
    434442<t>5 - CANCEL.  Used by the creator of a stream to indicate that the stream is no longer needed.</t>
    435443<t>6 - INTERNAL_ERROR.  This is a generic error which can be used when the implementation has internally failed, not due to anything in the protocol.</t>
     
    447455
    448456        <section anchor="SETTINGS" title="SETTINGS">
    449 <t>A SETTINGS frame contains a set of id/value pairs for communicating configuration data about how the two endpoints may communicate. SETTINGS frames can be sent at any time by either endpoint, are optionally sent, and are fully asynchronous.  When the server is the sender, the sender can request that configuration data be persisted by the client across SPDY sessions and returned to the server in future communications.</t>
     457<t>A SETTINGS frame contains a set of id/value pairs for communicating configuration data about how the two endpoints may communicate. SETTINGS frames can be sent at any time by either endpoint, are optionally sent, and are fully asynchronous.  When the server is the sender, the sender can request that configuration data be persisted by the client across HTTP/2.0 sessions and returned to the server in future communications.</t>
    450458
    451459<t>Persistence of SETTINGS ID/Value pairs is done on a per origin/IP pair (the "origin" is the set of scheme, host, and port from the URI.  See <xref target="RFC6454"></xref>).  That is, when a client connects to a server, and the server persists settings within the client, the client SHOULD return the persisted settings on future connections to the same origin AND IP address and TCP port. Clients MUST NOT request servers to use the persistence features of the SETTINGS frames, and servers MUST ignore persistence related flags sent by a client.</t>
     
    465473<t>Control bit: The control bit is always 1 for this message.</t>
    466474
    467 <t>Version: The SPDY version number.</t>
     475<t>Version: The HTTP/2.0 version number.</t>
    468476
    469477<t>Type: The message type for a SETTINGS message is 4.</t>
     
    493501<t>6 - SETTINGS_DOWNLOAD_RETRANS_RATE allows the sender to inform the remote endpoint the retransmission rate (bytes retransmitted / total bytes transmitted).</t>
    494502<t>7 - SETTINGS_INITIAL_WINDOW_SIZE allows the sender to inform the remote endpoint the initial window size (in bytes) for new streams.</t>
    495 <t>8 - SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE allows the server to inform the client if the new size of the client certificate vector.</t>
     503<t>8 - SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE allows the server to inform the client of the new size of the client certificate vector.</t>
    496504  </list>
    497505  </t>
     
    521529<t>Control bit: The control bit is always 1 for this message.</t>
    522530
    523 <t>Version: The SPDY version number.</t>
     531<t>Version: The HTTP/2.0 version number.</t>
    524532
    525533<t>Type: The message type for a PING message is 6.</t>
     
    558566<t>Control bit: The control bit is always 1 for this message.</t>
    559567
    560 <t>Version: The SPDY version number.</t>
     568<t>Version: The HTTP/2.0 version number.</t>
    561569
    562570<t>Type: The message type for a GOAWAY message is 7.</t>
     
    570578<t>0 - OK. This is a normal session teardown.</t>
    571579<t>1 - PROTOCOL_ERROR. This is a generic error, and should only be used if a more specific error is not available.</t>
    572 <t>11 - INTERNAL_ERROR.  This is a generic error which can be used when the implementation has internally failed, not due to anything in the protocol.</t>
     580<t>2 - INTERNAL_ERROR.  This is a generic error which can be used when the implementation has internally failed, not due to anything in the protocol.</t>
    573581</list>
    574582</t>
     
    614622
    615623          <section anchor="WINDOW_UPDATE" title="WINDOW_UPDATE">
    616 <t>The WINDOW_UPDATE control frame is used to implement per stream flow control in SPDY. Flow control in SPDY is per hop, that is, only between the two endpoints of a SPDY connection. If there are one or more intermediaries between the client and the origin server, flow control signals are not explicitly forwarded by the intermediaries. (However, throttling of data transfer by any recipient may have the effect of indirectly propagating flow control information upstream back to the original sender.) Flow control only applies to the data portion of data frames. Recipients must buffer all control frames. If a recipient fails to buffer an entire control frame, it MUST issue a <xref target="StreamErrorHandler">stream error</xref> with the status code FLOW_CONTROL_ERROR for the stream.</t>
    617 
    618 <t>Flow control in SPDY is implemented by a data transfer window kept by the sender of each stream. The data transfer window is a simple uint32 that indicates how many bytes of data the sender can transmit. After a stream is created, but before any data frames have been transmitted, the sender begins with the initial window size. This window size is a measure of the buffering capability of the recipient. The sender must not send a data frame with data length greater than the transfer window size. After sending each data frame, the sender decrements its transfer window size by the amount of data transmitted. When the window size becomes less than or equal to 0, the sender must pause transmitting data frames. At the other end of the stream, the recipient sends a WINDOW_UPDATE control back to notify the sender that it has consumed some data and freed up buffer space to receive more data.</t>
     624<t>The WINDOW_UPDATE control frame is used to implement per stream flow control in HTTP/2.0. Flow control in HTTP/2.0 is per hop, that is, only between the two endpoints of a HTTP/2.0 connection. If there are one or more intermediaries between the client and the origin server, flow control signals are not explicitly forwarded by the intermediaries. (However, throttling of data transfer by any recipient may have the effect of indirectly propagating flow control information upstream back to the original sender.) Flow control only applies to the data portion of data frames. Recipients must buffer all control frames. If a recipient fails to buffer an entire control frame, it MUST issue a <xref target="StreamErrorHandler">stream error</xref> with the status code FLOW_CONTROL_ERROR for the stream.</t>
     625
     626<t>Flow control in HTTP/2.0 is implemented by a data transfer window kept by the sender of each stream. The data transfer window is a simple uint32 that indicates how many bytes of data the sender can transmit. After a stream is created, but before any data frames have been transmitted, the sender begins with the initial window size. This window size is a measure of the buffering capability of the recipient. The sender must not send a data frame with data length greater than the transfer window size. After sending each data frame, the sender decrements its transfer window size by the amount of data transmitted. When the window size becomes less than or equal to 0, the sender must pause transmitting data frames. At the other end of the stream, the recipient sends a WINDOW_UPDATE control back to notify the sender that it has consumed some data and freed up buffer space to receive more data.</t>
    619627          <figure>
    620628            <artwork>
     
    632640<t>Control bit: The control bit is always 1 for this message.</t>
    633641
    634 <t>Version: The SPDY version number.</t>
     642<t>Version: The HTTP/2.0 version number.</t>
    635643
    636644<t>Type: The message type for a WINDOW_UPDATE message is 9.</t>
     
    644652<t>The window size as kept by the sender must never exceed 2^31 (although it can become negative in one special case). If a sender receives a WINDOW_UPDATE that causes the its window size to exceed this limit, it must send RST_STREAM with status code FLOW_CONTROL_ERROR to terminate the stream.</t>
    645653
    646 <t>When a SPDY connection is first established, the default initial window size for all streams is 64KB. An endpoint can use the SETTINGS control frame to adjust the initial window size for the connection. That is, its peer can start out using the 64KB default initial window size when sending data frames before receiving the SETTINGS. Because SETTINGS  is asynchronous, there may be a race condition if the recipient wants to decrease the initial window size, but its peer immediately sends 64KB on the creation of a new connection, before waiting for the SETTINGS to arrive. This is one case where the window size kept by the sender will become negative. Once the sender detects this condition, it must stop sending data frames and wait for the recipient to catch up. The recipient has two choices:
     654<t>When a HTTP/2.0 connection is first established, the default initial window size for all streams is 64KB. An endpoint can use the SETTINGS control frame to adjust the initial window size for the connection. That is, its peer can start out using the 64KB default initial window size when sending data frames before receiving the SETTINGS. Because SETTINGS  is asynchronous, there may be a race condition if the recipient wants to decrease the initial window size, but its peer immediately sends 64KB on the creation of a new connection, before waiting for the SETTINGS to arrive. This is one case where the window size kept by the sender will become negative. Once the sender detects this condition, it must stop sending data frames and wait for the recipient to catch up. The recipient has two choices:
    647655<list>
    648656<t>immediately send RST_STREAM with FLOW_CONTROL_ERROR status code.</t>
     
    659667
    660668          <section anchor="CREDENTIAL" title="CREDENTIAL">
    661 <t>The CREDENTIAL control frame is used by the client to send additional client certificates to the server.  A SPDY client may decide to send requests for resources from different origins on the same SPDY session if it decides that that server handles both origins.  For example if the IP address associated with both hostnames matches and the SSL server certificate presented in the initial handshake is valid for both hostnames.  However, because the SSL connection can contain at most one client certificate, the client needs a mechanism to send additional client certificates to the server.</t>
    662 
    663 <t>The server is required to maintain a vector of client certificates associated with a SPDY session.  When the client needs to send a client certificate to the server, it will send a CREDENTIAL frame that specifies the index of the slot in which to store the certificate as well as proof that the client posesses the corresponding private key.  The initial size of this vector must be 8.  If the client provides a client certificate during the first TLS handshake, the contents of this certificate must be copied into the first slot (index 1) in the CREDENTIAL vector, though it may be overwritten by subsequent CREDENTIAL frames.  The server must exclusively use the CREDNETIAL vector when evaluating the client certificates associated with an origin.  The server may change the size of this vector by sending a SETTINGS frame with the setting SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE value specified.  In the event that the new size is smaller than the current size, truncation occurs preserving lower-index slots as possible.</t> 
    664 
    665 <t>TLS renegotiation with client authentication is incompatible with SPDY given the multiplexed nature of SPDY.  Specifically, imagine that the client has 2 requests outstanding to the server for two different pages (in different tabs).  When the renegotiation + client certificate request comes in, the browser is unable to determine which resource triggered the client certificate request, in order to prompt the user accordingly.</t>
     669<t>The CREDENTIAL control frame is used by the client to send additional client certificates to the server.  A HTTP/2.0 client may decide to send requests for resources from different origins on the same HTTP/2.0 session if it decides that that server handles both origins.  For example if the IP address associated with both hostnames matches and the SSL server certificate presented in the initial handshake is valid for both hostnames.  However, because the SSL connection can contain at most one client certificate, the client needs a mechanism to send additional client certificates to the server.</t>
     670
     671<t>The server is required to maintain a vector of client certificates associated with a HTTP/2.0 session.  When the client needs to send a client certificate to the server, it will send a CREDENTIAL frame that specifies the index of the slot in which to store the certificate as well as proof that the client posesses the corresponding private key.  The initial size of this vector must be 8.  If the client provides a client certificate during the first TLS handshake, the contents of this certificate must be copied into the first slot (index 1) in the CREDENTIAL vector, though it may be overwritten by subsequent CREDENTIAL frames.  The server must exclusively use the CREDENTIAL vector when evaluating the client certificates associated with an origin.  The server may change the size of this vector by sending a SETTINGS frame with the setting SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE value specified.  In the event that the new size is smaller than the current size, truncation occurs preserving lower-index slots as possible.</t> 
     672
     673<t>TLS renegotiation with client authentication is incompatible with HTTP/2.0 given the multiplexed nature of HTTP/2.0.  Specifically, imagine that the client has 2 requests outstanding to the server for two different pages (in different tabs).  When the renegotiation + client certificate request comes in, the browser is unable to determine which resource triggered the client certificate request, in order to prompt the user accordingly.</t>
    666674
    667675          <figure>
     
    700708  when MD5+SHA1 was used in the SSL connection.  The signature is calculated
    701709  over a 32 byte TLS extractor value (http://tools.ietf.org/html/rfc5705) with
    702   a label of "EXPORTER SPDY certificate proof" using the empty string as
     710  a label of "EXPORTER HTTP/2.0 certificate proof" using the empty string as
    703711  context. ForRSA certificates the signature would be a PKCS#1 v1.5 signature.
    704712  For ECDSA, it would be an ECDSA-Sig-Value
     
    707715</t>
    708716<t>Certificate: The certificate chain, starting with the leaf certificate.  Each certificate must be encoded as a 32 bit length, followed by a DER encoded certificate.  The certificate must be of the same type (RSA, ECDSA, etc) as the client certificate associated with the SSL connection.</t>
    709 <t>If the server receives a request for a resource with unacceptable credential (either missing or invalid), it must reply with a RST_STREAM frame with the status code INVALID_CREDENTIALS. Upon receipt of a RST_STREAM frame with INVALID_CREDENTIALS, the client should initiate a new stream directly to the requested origin and resend the request.  Note, SPDY does not allow the server to request different client authentication for different resources in the same origin.</t>
     717<t>If the server receives a request for a resource with unacceptable credential (either missing or invalid), it must reply with a RST_STREAM frame with the status code INVALID_CREDENTIALS. Upon receipt of a RST_STREAM frame with INVALID_CREDENTIALS, the client should initiate a new stream directly to the requested origin and resend the request.  Note, HTTP/2.0 does not allow the server to request different client authentication for different resources in the same origin.</t>
    710718<t>If the server receives an invalid CREDENTIAL frame, it MUST respond with a GOAWAY frame and shutdown the session.  </t>
    711719          </section>
     
    735743<t>List of Name/Value pairs:
    736744<list>
    737 <t>Length of Name: a 32-bit value containing the number of octets in the name field.  Note that in practice, this length must not exceed 2^24, as that is the maximum size of a SPDY frame.</t>
     745<t>Length of Name: a 32-bit value containing the number of octets in the name field.  Note that in practice, this length must not exceed 2^24, as that is the maximum size of a HTTP/2.0 frame.</t>
    738746<t>Name: 0 or more octets, 8-bit sequences of data, excluding 0.</t>
    739 <t>Length of Value: a 32-bit value containing the number of octets in the value field.  Note that in practice, this length must not exceed 2^24, as that is the maximum size of a SPDY frame.</t>
     747<t>Length of Value: a 32-bit value containing the number of octets in the value field.  Note that in practice, this length must not exceed 2^24, as that is the maximum size of a HTTP/2.0 frame.</t>
    740748<t>Value: 0 or more octets, 8-bit sequences of data, excluding 0.</t>
    741749</list>
     
    753761<figure>
    754762  <artwork type="code" x:isCodeComponent="yes">
    755 const unsigned char SPDY_dictionary_txt[] = {
     763const unsigned char http2_dictionary_txt[] = {
    756764  0x00, 0x00, 0x00, 0x07, 0x6f, 0x70, 0x74, 0x69,  \\ - - - - o p t i
    757765  0x6f, 0x6e, 0x73, 0x00, 0x00, 0x00, 0x04, 0x68,  \\ o n s - - - - h
     
    936944</figure>
    937945
    938 <t>The entire contents of the name/value header block is compressed using zlib.  There is a single zlib stream for all name value pairs in one direction on a connection.   SPDY uses a SYNC_FLUSH between each compressed frame.</t>
     946<t>The entire contents of the name/value header block is compressed using zlib.  There is a single zlib stream for all name value pairs in one direction on a connection.   HTTP/2.0 uses a SYNC_FLUSH between each compressed frame.</t>
    939947
    940948<t>Implementation notes: the compression engine can be tuned to favor speed or size. Optimizing for size increases memory use and CPU consumption.  Because header blocks are generally small, implementors may want to reduce the window-size of the compression engine from the default 15bits (a 32KB window) to more like 11bits (a 2KB window).  The exact setting is chosen by the compressor, the decompressor will work with any setting.</t>
     
    944952    </section>
    945953
    946     <section anchor="HTTPLayer" title="HTTP Layering over SPDY">
    947 <t>SPDY is intended to be as compatible as possible with current web-based applications. This means that, from the perspective of the server business logic or application API, the features of HTTP are unchanged. To achieve this, all of the application request and response header semantics are preserved, although the syntax of conveying those semantics has changed.  Thus, the rules from the <xref target="RFC2616">HTTP/1.1 specification in RFC2616</xref> apply with the changes in the sections below.</t>
     954    <section anchor="HTTPLayer" title="HTTP Layering over HTTP/2.0">
     955<t>HTTP/2.0 is intended to be as compatible as possible with current web-based applications. This means that, from the perspective of the server business logic or application API, the features of HTTP are unchanged. To achieve this, all of the application request and response header semantics are preserved, although the syntax of conveying those semantics has changed.  Thus, the rules from the <xref target="RFC2616">HTTP/1.1 specification in RFC2616</xref> apply with the changes in the sections below.</t>
    948956
    949957      <section title="Connection Management">
    950 <t>Clients SHOULD NOT open more than one SPDY session to a given <xref target="RFC6454">origin</xref> concurrently.</t>
    951 <t>Note that it is possible for one SPDY session to be finishing (e.g. a GOAWAY message has been sent, but not all streams have finished), while another SPDY session is starting.</t>
     958<t>Clients SHOULD NOT open more than one HTTP/2.0 session to a given <xref target="RFC6454">origin</xref> concurrently.</t>
     959<t>Note that it is possible for one HTTP/2.0 session to be finishing (e.g. a GOAWAY message has been sent, but not all streams have finished), while another HTTP/2.0 session is starting.</t>
    952960        <section title="Use of GOAWAY">
    953 <t>SPDY provides a GOAWAY message which can be used when closing a connection from either the client or server.  Without a server GOAWAY message, HTTP has a race condition where the client sends a request (a new SYN_STREAM)  just as the server is closing the connection, and the client cannot know if the server received the stream or not.  By using the last-stream-id in the GOAWAY, servers can indicate to the client if a request was processed or not.</t>
    954 
    955 <t>Note that some servers will choose to send the GOAWAY and immediately terminate the connection without waiting for active streams to finish.  The client will be able to determine this because SPDY streams are determinstically closed.  This abrupt termination will force the client to heuristically decide whether to retry the pending requests.  Clients always need to be capable of dealing with this case because they must deal with accidental connection termination cases, which are the same as the server never having sent a GOAWAY.</t>
     961<t>HTTP/2.0 provides a GOAWAY message which can be used when closing a connection from either the client or server.  Without a server GOAWAY message, HTTP has a race condition where the client sends a request (a new SYN_STREAM)  just as the server is closing the connection, and the client cannot know if the server received the stream or not.  By using the last-stream-id in the GOAWAY, servers can indicate to the client if a request was processed or not.</t>
     962
     963<t>Note that some servers will choose to send the GOAWAY and immediately terminate the connection without waiting for active streams to finish.  The client will be able to determine this because HTTP/2.0 streams are determinstically closed.  This abrupt termination will force the client to heuristically decide whether to retry the pending requests.  Clients always need to be capable of dealing with this case because they must deal with accidental connection termination cases, which are the same as the server never having sent a GOAWAY.</t>
    956964
    957965<t>More sophisticated servers will use GOAWAY to implement a graceful teardown. They will send the GOAWAY and provide some time for the active streams to finish before terminating the connection.</t>
    958966
    959 <t>If a SPDY client closes the connection, it should also send a GOAWAY message.  This allows the server to know if any server-push streams were received by the client.</t>
     967<t>If a HTTP/2.0 client closes the connection, it should also send a GOAWAY message.  This allows the server to know if any server-push streams were received by the client.</t>
    960968
    961969<t>If the endpoint closing the connection has not received any SYN_STREAMs from the remote, the GOAWAY will contain a last-stream-id of 0.</t>
     
    968976<t>The client initiates a request by sending a SYN_STREAM frame.  For requests which do not contain a body, the SYN_STREAM frame MUST set the FLAG_FIN, indicating that the client intends to send no further data on this stream.  For requests which do contain a body, the SYN_STREAM will not contain the FLAG_FIN, and the body will follow the SYN_STREAM in a series of DATA frames. The last DATA frame will set the FLAG_FIN to indicate the end of the body.</t>
    969977
    970 <t>The SYN_STREAM Name/Value section will contain all of the HTTP headers which are associated with an HTTP request. The header block in SPDY is mostly unchanged from today's HTTP header block, with the following differences:
     978<t>The SYN_STREAM Name/Value section will contain all of the HTTP headers which are associated with an HTTP request. The header block in HTTP/2.0 is mostly unchanged from today's HTTP header block, with the following differences:
    971979<list>
    972980<t>The first line of the request is unfolded into name/value pairs like other HTTP headers and MUST be present:
     
    988996<t>POST-specific changes:
    989997<list>
    990 <t>Although POSTs are inherently chunked, POST requests SHOULD also be accompanied by a Content-Length header.  There are two reasons for this:  First, it assists with upload progress meters for an improved user experience.  But second, we know from early versions of SPDY that failure to send a content length header is incompatible with many existing HTTP server implementations.  Existing user-agents do not omit the Content-Length header, and server implementations have come to depend upon this.</t>
     998<t>Although POSTs are inherently chunked, POST requests SHOULD also be accompanied by a Content-Length header.  There are two reasons for this:  First, it assists with upload progress meters for an improved user experience.  But second, we know from early versions of HTTP/2.0 that failure to send a content length header is incompatible with many existing HTTP server implementations.  Existing user-agents do not omit the Content-Length header, and server implementations have come to depend upon this.</t>
    991999</list>
    9921000</t>
     
    10261034
    10271035          <section title="Stateless Authentication">
    1028 <t>Stateless Authentication over SPDY is identical to how it is performed over HTTP. If multiple SPDY streams are concurrently sent to a single server, each will authenticate independently, similar to how two HTTP connections would independently authenticate to a proxy server.</t>
     1036<t>Stateless Authentication over HTTP/2.0 is identical to how it is performed over HTTP. If multiple HTTP/2.0 streams are concurrently sent to a single server, each will authenticate independently, similar to how two HTTP connections would independently authenticate to a proxy server.</t>
    10291037          </section>
    10301038
    10311039          <section title="Stateful Authentication">
    1032 <t>Unfortunately, the stateful authentication mechanisms were implemented and defined in a such a way that directly violates RFC2617 - they do not include a "realm" as part of the request.  This is problematic in SPDY because it makes it impossible for a client to disambiguate two concurrent server authentication challenges.</t>
    1033 
    1034 <t>To deal with this case, SPDY servers using Stateful Authentication MUST implement one of two changes:
     1040<t>Unfortunately, the stateful authentication mechanisms were implemented and defined in a such a way that directly violates RFC2617 - they do not include a "realm" as part of the request.  This is problematic in HTTP/2.0 because it makes it impossible for a client to disambiguate two concurrent server authentication challenges.</t>
     1041
     1042<t>To deal with this case, HTTP/2.0 servers using Stateful Authentication MUST implement one of two changes:
    10351043<list>
    10361044<t>Servers can add a "realm=&lt;desired realm&gt;" header so that the two authentication requests can be disambiguated and run concurrently.  Unfortunately, given how these mechanisms work, this is probably not practical.</t>
     
    10431051
    10441052      <section title="Server Push Transactions">
    1045 <t>SPDY enables a server to send multiple replies to a client for a single request.  The rationale for this feature is that sometimes a server knows that it will need to send multiple resources in response to a single request.  Without server push features, the client must first download the primary resource, then discover the secondary resource(s), and request them.  Pushing of resources avoids the round-trip delay, but also creates a potential race where a server can be pushing content which a user-agent is in the process of requesting.  The following mechanics attempt to prevent the race condition while enabling the performance benefit.</t>
    1046 
    1047 <t>Browsers receiving a pushed response MUST validate that the server is authorized to push the URL using the <xref target="RFC6454">browser same-origin</xref> policy.  For example, a SPDY connection to www.foo.com is generally not permitted to push a response for www.evil.com.</t>
     1053<t>HTTP/2.0 enables a server to send multiple replies to a client for a single request.  The rationale for this feature is that sometimes a server knows that it will need to send multiple resources in response to a single request.  Without server push features, the client must first download the primary resource, then discover the secondary resource(s), and request them.  Pushing of resources avoids the round-trip delay, but also creates a potential race where a server can be pushing content which a user-agent is in the process of requesting.  The following mechanics attempt to prevent the race condition while enabling the performance benefit.</t>
     1054
     1055<t>Browsers receiving a pushed response MUST validate that the server is authorized to push the URL using the <xref target="RFC6454">browser same-origin</xref> policy.  For example, a HTTP/2.0 connection to www.foo.com is generally not permitted to push a response for www.evil.com.</t>
    10481056
    10491057<t>If the browser accepts a pushed response (e.g. it does not send a RST_STREAM), the browser MUST attempt to cache the pushed response in same way that it would cache any other response.  This means validating the response headers and inserting into the disk cache.</t>
    10501058
    1051 <t>Because pushed responses have no request, they have no request headers associated with them.  At the framing layer, SPDY pushed streams contain an "associated-stream-id" which indicates the requested stream for which the pushed stream is related.  The pushed stream inherits all of the headers from the associated-stream-id with the exception of ":host", ":scheme", and ":path", which are provided as part of the pushed response stream headers.  The browser MUST store these inherited and implied request headers with the cached resource.</t>
     1059<t>Because pushed responses have no request, they have no request headers associated with them.  At the framing layer, HTTP/2.0 pushed streams contain an "associated-stream-id" which indicates the requested stream for which the pushed stream is related.  The pushed stream inherits all of the headers from the associated-stream-id with the exception of ":host", ":scheme", and ":path", which are provided as part of the pushed response stream headers.  The browser MUST store these inherited and implied request headers with the cached resource.</t>
    10521060
    10531061<t>Implementation note:  With server push, it is theoretically possible for servers to push unreasonable amounts of content or resources to the user-agent.  Browsers MUST implement throttles to protect against unreasonable push attacks.</t>
     
    10961104
    10971105    <section title="Design Rationale and Notes">
    1098 <t>Authors' notes:  The notes in this section have no bearing on the SPDY protocol as specified within this document, and none of these notes should be considered authoritative about how the protocol works.  However, these notes may prove useful in future debates about how to resolve protocol ambiguities or how to evolve the protocol going forward.  They may be removed before the final draft.</t>
     1106<t>Authors' notes:  The notes in this section have no bearing on the HTTP/2.0 protocol as specified within this document, and none of these notes should be considered authoritative about how the protocol works.  However, these notes may prove useful in future debates about how to resolve protocol ambiguities or how to evolve the protocol going forward.  They may be removed before the final draft.</t>
    10991107
    11001108      <section title="Separation of Framing Layer and Application Layer">
    11011109<t>Readers may note that this specification sometimes blends the <xref target="FramingLayer">framing layer</xref> with requirements of a specific application - <xref target="HTTPLayer">HTTP</xref>.  This is reflected in the request/response nature of the streams, the definition of the HEADERS and compression contexts which are very similar to HTTP, and other areas as well.</t>
    11021110
    1103 <t>This blending is intentional - the primary goal of this protocol is to create a low-latency protocol for use with HTTP.  Isolating the two layers is convenient for description of the protocol and how it relates to existing HTTP implementations.  However, the ability to reuse the SPDY framing layer is a non goal.</t>
     1111<t>This blending is intentional - the primary goal of this protocol is to create a low-latency protocol for use with HTTP.  Isolating the two layers is convenient for description of the protocol and how it relates to existing HTTP implementations.  However, the ability to reuse the HTTP/2.0 framing layer is a non goal.</t>
    11041112      </section>
    11051113
    11061114      <section title="Error handling - Framing Layer">
    1107 <t>Error handling at the SPDY layer splits errors into two groups:  Those that affect an individual SPDY stream, and those that do not.</t>
    1108 
    1109 <t>When an error is confined to a single stream, but general framing is in tact, SPDY attempts to use the RST_STREAM as a mechanism to invalidate the stream but move forward without aborting the connection altogether.</t>
    1110 
    1111 <t>For errors occuring outside of a single stream context, SPDY assumes the entire session is hosed.  In this case, the endpoint detecting the error should initiate a connection close.</t>
     1115<t>Error handling at the HTTP/2.0 layer splits errors into two groups:  Those that affect an individual HTTP/2.0 stream, and those that do not.</t>
     1116
     1117<t>When an error is confined to a single stream, but general framing is in tact, HTTP/2.0 attempts to use the RST_STREAM as a mechanism to invalidate the stream but move forward without aborting the connection altogether.</t>
     1118
     1119<t>For errors occuring outside of a single stream context, HTTP/2.0 assumes the entire session is hosed.  In this case, the endpoint detecting the error should initiate a connection close.</t>
    11121120      </section>
    11131121      <section title="One Connection Per Domain">
    1114 <t>SPDY attempts to use fewer connections than other protocols have traditionally used.  The rationale for this behavior is because it is very difficult to provide a consistent level of service (e.g. TCP slow-start), prioritization, or optimal compression when the client is connecting to the server through multiple channels.</t>
    1115 
    1116 <t>Through lab measurements, we have seen consistent latency benefits by using fewer connections from the client.  The overall number of packets sent by SPDY can be as much as 40% less than HTTP.  Handling large numbers of concurrent connections on the server also does become a scalability problem, and SPDY reduces this load.</t>
    1117 
    1118 <t>The use of multiple connections is not without benefit, however.  Because SPDY multiplexes multiple, independent streams onto a single stream, it creates a potential for head-of-line blocking problems at the transport level.  In tests so far, the negative effects of head-of-line blocking (especially in the presence of packet loss) is outweighed by the benefits of compression and prioritization.</t>
     1122<t>HTTP/2.0 attempts to use fewer connections than other protocols have traditionally used.  The rationale for this behavior is because it is very difficult to provide a consistent level of service (e.g. TCP slow-start), prioritization, or optimal compression when the client is connecting to the server through multiple channels.</t>
     1123
     1124<t>Through lab measurements, we have seen consistent latency benefits by using fewer connections from the client.  The overall number of packets sent by HTTP/2.0 can be as much as 40% less than HTTP.  Handling large numbers of concurrent connections on the server also does become a scalability problem, and HTTP/2.0 reduces this load.</t>
     1125
     1126<t>The use of multiple connections is not without benefit, however.  Because HTTP/2.0 multiplexes multiple, independent streams onto a single stream, it creates a potential for head-of-line blocking problems at the transport level.  In tests so far, the negative effects of head-of-line blocking (especially in the presence of packet loss) is outweighed by the benefits of compression and prioritization.</t>
    11191127      </section>
    11201128      <section title="Fixed vs Variable Length Fields">
    1121 <t>SPDY favors use of fixed length 32bit fields in cases where smaller, variable length encodings could have been used.  To some, this seems like a tragic waste of bandwidth.  SPDY choses the simple encoding for speed and simplicity.</t>
    1122 
    1123 <t>The goal of SPDY is to reduce latency on the network.  The overhead of SPDY frames is generally quite low.  Each data frame is only an 8 byte overhead for a 1452 byte payload (~0.6%).  At the time of this writing, bandwidth is already plentiful, and there is a strong trend indicating that bandwidth will continue to increase.  With an average worldwide bandwidth of 1Mbps, and assuming that a variable length encoding could reduce the overhead by 50%, the latency saved by using a variable length encoding would be less than 100 nanoseconds.  More interesting are the effects when the larger encodings force a packet boundary, in which case a round-trip could be induced.  However, by addressing other aspects of SPDY and TCP interactions, we believe this is completely mitigated.</t>
     1129<t>HTTP/2.0 favors use of fixed length 32bit fields in cases where smaller, variable length encodings could have been used.  To some, this seems like a tragic waste of bandwidth.  HTTP/2.0 choses the simple encoding for speed and simplicity.</t>
     1130
     1131<t>The goal of HTTP/2.0 is to reduce latency on the network.  The overhead of HTTP/2.0 frames is generally quite low.  Each data frame is only an 8 byte overhead for a 1452 byte payload (~0.6%).  At the time of this writing, bandwidth is already plentiful, and there is a strong trend indicating that bandwidth will continue to increase.  With an average worldwide bandwidth of 1Mbps, and assuming that a variable length encoding could reduce the overhead by 50%, the latency saved by using a variable length encoding would be less than 100 nanoseconds.  More interesting are the effects when the larger encodings force a packet boundary, in which case a round-trip could be induced.  However, by addressing other aspects of HTTP/2.0 and TCP interactions, we believe this is completely mitigated.</t>
    11241132      </section>
    11251133      <section title="Compression Context(s)">
    11261134<t>When isolating the compression contexts used for communicating with multiple origins, we had a few choices to make.  We could have maintained a map (or list) of compression contexts usable for each origin.  The basic case is easy - each HEADERS frame would need to identify the context to use for that frame.  However, compression contexts are not cheap, so the lifecycle of each context would need to be bounded.  For proxy servers, where we could churn through many contexts, this would be a concern.  We considered using a static set of contexts, say 16 of them, which would bound the memory use.  We also considered dynamic contexts, which could be created on the fly, and would need to be subsequently destroyed.  All of these are complicated, and ultimately we decided that such a mechanism creates too many problems to solve.</t>
    11271135
    1128 <t>Alternatively, we've chosen the simple approach, which is to simply provide a flag for resetting the compression context.  For the common case (no proxy), this fine because most requests are to the same origin and we never need to reset the context.  For cases where we are using two different origins over a single SPDY session, we simply reset the compression state between each transition.</t>
     1136<t>Alternatively, we've chosen the simple approach, which is to simply provide a flag for resetting the compression context.  For the common case (no proxy), this fine because most requests are to the same origin and we never need to reset the context.  For cases where we are using two different origins over a single HTTP/2.0 session, we simply reset the compression state between each transition.</t>
    11291137      </section>
    11301138      <section title="Unidirectional streams">
     
    11341142      </section>
    11351143      <section title="Data Compression">
    1136 <t>Generic compression of data portion of the streams (as opposed to compression of the headers) without knowing the content of the stream is redundant.  There is no value in compressing a stream which is already compressed.  Because of this, SPDY does allow data compression to be optional.  We included it because study of existing websites shows that many sites are not using compression as they should, and users suffer because of it.  We wanted a mechanism where, at the SPDY layer, site administrators could simply force compression - it is better to compress twice than to not compress.</t>
     1144<t>Generic compression of data portion of the streams (as opposed to compression of the headers) without knowing the content of the stream is redundant.  There is no value in compressing a stream which is already compressed.  Because of this, HTTP/2.0 does allow data compression to be optional.  We included it because study of existing websites shows that many sites are not using compression as they should, and users suffer because of it.  We wanted a mechanism where, at the HTTP/2.0 layer, site administrators could simply force compression - it is better to compress twice than to not compress.</t>
    11371145
    11381146<t>Overall, however, with this feature being optional and sometimes redundant, it is unclear if it is useful at all.  We will likely remove it from the specification.</t>
     
    11481156      </section>
    11491157
    1150       <section title="HTTP Headers and SPDY Headers">
    1151 <t>At the application level, HTTP uses name/value pairs in its headers.  Because SPDY merges the existing HTTP headers with SPDY headers, there is a possibility that some HTTP applications already use a particular header name.  To avoid any conflicts, all headers introduced for layering HTTP over SPDY are prefixed with ":".  ":" is not a valid sequence in HTTP header naming, preventing any possible conflict.</t>
     1158      <section title="HTTP Headers and HTTP/2.0 Headers">
     1159<t>At the application level, HTTP uses name/value pairs in its headers.  Because HTTP/2.0 merges the existing HTTP headers with HTTP/2.0 headers, there is a possibility that some HTTP applications already use a particular header name.  To avoid any conflicts, all headers introduced for layering HTTP over HTTP/2.0 are prefixed with ":".  ":" is not a valid sequence in HTTP header naming, preventing any possible conflict.</t>
    11521160      </section>
    11531161
    11541162      <section title="Cross-Protocol Attacks">
    1155 <t>By utilizing TLS, we believe that SPDY introduces no new cross-protocol attacks.  TLS encrypts the contents of all transmission (except the handshake itself), making it difficult for attackers to control the data which could be used in a cross-protocol attack.</t>
     1163<t>By utilizing TLS, we believe that HTTP/2.0 introduces no new cross-protocol attacks.  TLS encrypts the contents of all transmission (except the handshake itself), making it difficult for attackers to control the data which could be used in a cross-protocol attack.</t>
    11561164      </section>
    11571165
     
    11631171    <section title="Privacy Considerations">
    11641172      <section title="Long Lived Connections">
    1165 <t>SPDY aims to keep connections open longer between clients and servers in order to reduce the latency when a user makes a request.  The maintenance of these connections over time could be used to expose private information.  For example, a user using a browser hours after the previous user stopped using that browser may be able to learn about what the previous user was doing.  This is a problem with HTTP in its current form as well, however the short lived connections make it less of a risk.</t>
     1173<t>HTTP/2.0 aims to keep connections open longer between clients and servers in order to reduce the latency when a user makes a request.  The maintenance of these connections over time could be used to expose private information.  For example, a user using a browser hours after the previous user stopped using that browser may be able to learn about what the previous user was doing.  This is a problem with HTTP in its current form as well, however the short lived connections make it less of a risk.</t>
    11661174      </section>
    11671175
    11681176      <section title="SETTINGS frame">
    1169 <t>The SPDY SETTINGS frame allows servers to store out-of-band transmitted information about the communication between client and server on the client.  Although this is intended only to be used to reduce latency, renegade servers could use it as a mechanism to store identifying information about the client in future requests.</t>
     1177<t>The HTTP/2.0 SETTINGS frame allows servers to store out-of-band transmitted information about the communication between client and server on the client.  Although this is intended only to be used to reduce latency, renegade servers could use it as a mechanism to store identifying information about the client in future requests.</t>
    11701178
    11711179<t>Clients implementing privacy modes, such as Google Chrome's "incognito mode", may wish to disable client-persisted SETTINGS storage.</t>
     
    11771185    </section>
    11781186
    1179     <section title="Incompatibilities with SPDY draft #2">
    1180       <t>
    1181 Here is a list of the major changes between this draft and draft #2.
    1182 <list>
    1183 <t>Addition of flow control</t>
    1184 <t>Increased 16 bit length fields in SYN_STREAM and SYN_REPLY to 32 bits.</t>
    1185 <t>Changed definition of compression for DATA frames</t>
    1186 <t>Updated compression dictionary</t>
    1187 <t>Fixed off-by-one on the compression dictionary for headers</t>
    1188 <t>Increased priority field from 2bits to 3bits.</t>
    1189 <t>Removed NOOP frame</t>
    1190 <t>Split the request "url" into "scheme", "host", and "path"</t>
    1191 <t>Added the requirement that POSTs contain content-length.</t>
    1192 <t>Removed wasted 16bits of unused space from the end of the SYN_REPLY and HEADERS frames.</t>
    1193 <t>Fixed bug: Priorities were described backward (0 was lowest instead of highest).</t>
    1194 <t>Fixed bug: Name/Value header counts were duplicated in both the Name Value header block and also the containing frame.</t>
    1195 </list>
    1196       </t>
    1197     </section>
    1198 
    1199     <section title="Requirements Notation">
    1200       <t>
    1201         The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    1202         "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    1203         document are to be interpreted as described in <xref target="RFC2119">RFC 2119</xref>.
    1204       </t>
    1205     </section>
    1206 
    1207     <section title="Acknowledgements">
    1208       <t>
    1209         Many individuals have contributed to the design and evolution of SPDY:
    1210         Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa Wilk,
    1211         Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam Barth,
    1212         Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay, Paul Amer,
    1213         Fan Yang, Jonathan Leighton.
    1214       </t>
    1215     </section>
    1216   </middle>
     1187<section title="Requirements Notation">
     1188  <t>
     1189    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
     1190    "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in
     1191    <xref target="RFC2119">RFC 2119</xref>.
     1192  </t>
     1193</section>
     1194
     1195<section title="Acknowledgements">
     1196  <t>
     1197    Prior to being used as the basis for HTTP/2.0, the following individuals contributed to the
     1198    design and evolution of SPDY: Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa
     1199    Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam Barth, Ryan Hamilton, Gavin
     1200    Peters, Kent Alstad, Kevin Lindsay, Paul Amer, Fan Yang, Jonathan Leighton.
     1201  </t>
     1202</section>
     1203</middle>
    12171204
    12181205  <back>
     
    14311418<section title="Since draft-ietf-httpbis-http2-00" anchor="changes.since.draft-ietf-httpbis-http2-00">
    14321419<t>
    1433   None yet.
     1420  Changed title throughout.
     1421</t>
     1422<t>
     1423  Removed section on Incompatibilities with SPDY draft#2.
     1424</t>
     1425<t>
     1426  Changed INTERNAL_ERROR on GOAWAY to have a value of 2 <eref target="https://groups.google.com/forum/?fromgroups#!topic/spdy-dev/cfUef2gL3iU"/>.
    14341427</t>
    14351428</section>
Note: See TracChangeset for help on using the changeset viewer.