<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.1.2 -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC5137 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5137.xml">
<!ENTITY RFC5234 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5234.xml">
<!ENTITY RFC7230 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7230.xml">
<!ENTITY RFC7231 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7231.xml">
<!ENTITY RFC7232 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7232.xml">
<!ENTITY RFC7233 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7233.xml">
<!ENTITY RFC7234 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7234.xml">
<!ENTITY RFC7235 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7235.xml">
<!ENTITY RFC7239 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7239.xml">
<!ENTITY RFC7694 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7694.xml">
]>


<rfc ipr="trust200902" docName="draft-ietf-httpbis-header-structure-01" category="std">

  <feedback xmlns='http://purl.org/net/xml2rfc/ext' template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=%3c{ref}%3e:"/><front>
    <title>HTTP Header Common Structure</title>

    <author initials="P-H." surname="Kamp" fullname="Poul-Henning Kamp">
      <organization>The Varnish Cache Project</organization>
      <address>
        <email>phk@varnish-cache.org</email>
      </address>
    </author>

    <date year="2017" month="4" day="24"/>

    <area>Applications and Real-Time</area>
    <workgroup>HTTP</workgroup>
    <keyword>Internet-Draft</keyword>

    <abstract>


<t>An abstract data model for HTTP headers, “Common Structure”, and a
HTTP/1 serialization of it, generalized from current HTTP headers.</t>



    </abstract>


    <note title="Note to Readers">


<t>Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org),
which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/">https://lists.w3.org/Archives/Public/ietf-http-wg/</eref>.</t>

<t>Working Group information can be found at <eref target="http://httpwg.github.io/">http://httpwg.github.io/</eref>; source code and issues list
for this draft can be found at <eref target="https://github.com/httpwg/http-extensions/labels/header-structure">https://github.com/httpwg/http-extensions/labels/header-structure</eref>.</t>


    </note>


  </front>

  <middle>


<section anchor="introduction" title="Introduction">

<t>The HTTP protocol does not impose any structure or datamodel on the
information in HTTP headers, the HTTP/1 serialization is the
datamodel:  An ASCII string without control characters.</t>

<t>HTTP header definitions specify how the string must be formatted
and while families of similar headers exist, it still requires an
uncomfortable large number of bespoke parser and validation routines
to process HTTP traffic correctly.</t>

<t>In order to improve performance HTTP/2 and HPACK uses naive
text-compression, which incidentally decoupled the on-the-wire
serialization from the data model.</t>

<t>During the development of HPACK it became evident that significantly
bigger gains were available if semantic compression could be used,
most notably with timestamps.  However, the lack of a common
data structure for HTTP headers would make semantic compression
one long list of special cases.</t>

<t>Parallel to this, various proposals for how to fulfill data-transportation
needs, and to a lesser degree to impose some kind of order on
HTTP headers, at least going forward, were floated.</t>

<t>All of these proposals, JSON, CBOR etc. run into the same basic
problem:  Their serialization is incompatible with RFC 7230’s <xref target="RFC7230"/>
ABNF definition of ‘field-value’.</t>

<t>For binary formats, such as CBOR, a wholesale base64/85
reserialization would be needed, with negative results for
both debugability and bandwidth.</t>

<t>For textual formats, such as JSON, the format must first be neutered
to not violate field-value’s ABNF, and then workarounds added
to reintroduce the features just lost, for instance UNICODE strings.</t>

<t>The post-surgery format is no longer JSON, and it experience indicates
that almost-but-not-quite compatibility is worse than no compatibility.</t>

<t>This proposal starts from the other end, and builds and generalizes
a data structure definition from existing HTTP headers, which means
that HTTP/1 serialization and ‘field-value’ compatibility is built in.</t>

<t>If all future HTTP headers are defined to fit into this Common Structure
we have at least halted the proliferation of bespoke parsers and
started to pave the road for semantic compression serializations of
HTTP traffic.</t>

<section anchor="terminology" title="Terminology">

<t>In this document, the key words “MUST”, “MUST NOT”, “REQUIRED”,
“SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”,
and “OPTIONAL” are to be interpreted as described in BCP 14, RFC 2119
<xref target="RFC2119"/>.</t>

</section>
</section>
<section anchor="definition-of-http-header-common-structure" title="Definition of HTTP Header Common Structure">

<t>The data model of Common Structure is an ordered sequence of named
dictionaries.  Please see <xref target="survey"/> for how this model was derived.</t>

<t>The definition of the data model is on purpose abstract, uncoupled
from any protocol serialization or programming environment
representation, it is meant as the foundation on which all such
manifestations of the model can be built.</t>

<t>Common Structure in ABNF (Slightly bastardized relative to RFC5234 <xref target="RFC5234"/>):</t>

<figure><artwork type="abnf"><![CDATA[
  import token from RFC7230
  import DIGIT from RFC5234

  common-structure = 1* ( identifier dictionary )

  dictionary = * ( identifier [ value ] )

  value = identifier /
          integer /
          number /
          ascii-string /
          unicode-string /
          blob /
          timestamp /
          common-structure
]]></artwork></figure>

<t>Recursion is included as a way to to support deep and more general
data structures, but its use is highly discouraged and where it is
used the depth of recursion SHALL always be explicitly limited
in the specifications of the HTTP headers which allow it.</t>

<figure><artwork type="abnf"><![CDATA[
  identifier = token  [ "/" token ]

  integer = ["-"] 1*19 DIGIT
]]></artwork></figure>

<t>Integers SHALL be in the range +/- 2^63-1 (= +/- 9223372036854775807)</t>

<figure><artwork type="abnf"><![CDATA[
  number = ["-"] DIGIT '.' 1*14DIGIT /
           ["-"] 2DIGIT '.' 1*13DIGIT /
           ["-"] 3DIGIT '.' 1*12DIGIT /
           ... /
           ["-"] 12DIGIT '.' 1*3DIGIT /
           ["-"] 13DIGIT '.' 1*2DIGIT /
           ["-"] 14DIGIT '.' 1DIGIT
]]></artwork></figure>

<t>The limit of 15 significant digits is chosen so that numbers can
be correctly represented by IEEE754 64 bit binary floating point.</t>

<figure><artwork type="abnf"><![CDATA[
  ascii-string = * %x20-7e
]]></artwork></figure>

<t>This is intended to be an efficient, “safe” and uncomplicated string
type, for uses where the string content is culturally neutral or
where it will not be user visible.</t>

<figure><artwork type="abnf"><![CDATA[
  unicode-string = * UNICODE

  UNICODE = <U+0000-U+D7FF / U+E000-U+10FFFF>
  # UNICODE nicked from draft-seantek-unicode-in-abnf-02
]]></artwork></figure>

<t>Unicode-strings are unrestricted because there is no sane and/or
culturally neutral way to subset or otherwise make unicode “safe”,
and Unicode is still evolving new and interesting code points.</t>

<t>Users of unicode-string SHALL be prepared for the full gammut of
glyph-gymnastics in order to avoid U+1F4A9 U+08 U+1F574.</t>

<figure><artwork type="abnf"><![CDATA[
  blob = * %0x00-ff
]]></artwork></figure>

<t>Blobs are intended primarily for cryptographic data, but can be
used for any otherwise unsatisfied needs.</t>

<figure><artwork type="abnf"><![CDATA[
  timestamp = number
]]></artwork></figure>

<t>A timestamp counts seconds since the UNIX time_t epoch, including
the “invisible leap-seconds” misfeature.</t>

</section>
<section anchor="http1-serialization-of-http-header-common-structure" title="HTTP/1 Serialization of HTTP Header Common Structure">

<t>In ABNF:</t>

<figure><artwork type="abnf"><![CDATA[
  import OWS from RFC7230
  import HEXDIG, DQUOTE from RFC5234
  import EmbeddedUnicodeChar from RFC5137

  h1-common-structure-header =
          h1-common-structure-legacy-header /
          h1-common-structure-self-identifying-header

  h1-common-structure-legacy-header =
          field-name ":" OWS h1-common-structure
]]></artwork></figure>

<t>Only white-listed legacy headers (see <xref target="iana"/>) can use
this format.</t>

<figure><artwork type="abnf"><![CDATA[
  h1-common-structure-self-identifying-header:
          field-name ":" OWS ">" h1-common-structure "<"

  h1-common-structure = h1-element * ("," h1-element)

  h1-element = identifier * (";" identifier ["=" h1-value])

  h1-value = identifier /
          integer /
          number /
          h1-ascii-string /
          h1-unicode-string /
          h1-blob /
          h1-timestamp /
          ">" h1-common-structure "<"

  h1-ascii-string = DQUOTE *(
                    ( "\" DQUOTE ) /
                    ( "\" "\" ) /
                    0x20-21 /
                    0x23-5B /
                    0x5D-7E
                    ) DQUOTE

  h1-unicode-string = DQUOTE *(
                      ( "\" DQUOTE )
                      ( "\" "\" ) /
                      EmbeddedUnicodeChar /
                      0x20-21 /
                      0x23-5B /
                      0x5D-7E /
                      ) DQUOTE
]]></artwork></figure>

<t>The dim prospects of ever getting a majority of HTTP1 paths 8-bit
clean makes UTF-8 unviable as H1 serialization.  Given that very
little of the information in HTTP headers is presented to users in
the first place, improving H1 and HPACK efficiency by inventing a
more efficient RFC5137 compliant escape-sequences seems unwarranted.</t>

<figure><artwork type="abnf"><![CDATA[
  h1-blob = ":" base64 ":"
  # XXX: where to import base64 from ?

  h1-timestamp = number
]]></artwork></figure>

<t>XXX: Allow OWS in parsers, but not in generators ?</t>

<t>In programming environments which do not define a native representation
or serialization of Common Structure, the HTTP/1 serialization
should be used.</t>

</section>
<section anchor="when-to-use-common-structure-parser" title="When to use Common Structure Parser">

<t>All future standardized and all private HTTP headers using Common
Structure should self identify as such.  In the HTTP/1 serialization
by making the first character “&gt;” and the last “&lt;”.  (These two
characters are deliberately “the wrong way” to not clash with
exsisting usages.)</t>

<t>Legacy HTTP headers which fit into Common Structure, are marked as
such in the IANA Message Header Registry (see <xref target="iana"/>), and a snapshot
of the registry can be used to trigger parsing according to Common
Structure of these headers.</t>

</section>
<section anchor="desired-normative-effects" title="Desired Normative Effects">

<t>All new HTTP headers SHOULD use the Common Structure if at all possible.</t>

</section>
<section anchor="openoutstanding-issues-to-resolve" title="Open/Outstanding issues to resolve">

<section anchor="singlemultiple-headers" title="Single/Multiple Headers">

<t>Should we allow splitting common structure data over multiple headers ?</t>

<t>Pro:</t>

<t>Avoids size restrictions, easier on-the-fly editing</t>

<t>Contra:</t>

<t>Cannot act on any such header until all headers have been received.</t>

<t>We must define where headers can be split (between identifier and
dictionary ?, in the middle of dictionaries ?)</t>

<t>Most on-the-fly editing is hackish at best.</t>

</section>
</section>
<section anchor="future-work" title="Future Work">

<section anchor="redefining-existing-headers-for-better-performance" title="Redefining existing headers for better performance">

<t>The HTTP/1 serializations self-identification mechanism makes it
possible to extend the definition of existing <xref target="uncommon"/> headers
into Common Structure.</t>

<t>For instance one could imagine:</t>

<figure><artwork><![CDATA[
  Date: >1475061449.201<
]]></artwork></figure>

<t>Which would be faster to parse and validate than
the current definition of the Date header and more precise too.</t>

<t>Some kind of signal/negotiation mechanism would be required to make
this work in practice.</t>

</section>
<section anchor="define-a-validation-dictionary" title="Define a validation dictionary">

<t>A machine-readable specification of the legal contents of HTTP
headers would go a long way to improve efficiency and security
in HTTP implementations.</t>

</section>
</section>
<section anchor="iana" title="IANA Considerations">

<t>The IANA Message Header Registry will be extended with an additional
field named “Common Structure” which can have the values “True”, “False”
or “Unknown”.</t>

<t>The RFC723x headers listed in <xref target="common"/> will get the value “True” in the
new field.</t>

<t>The RFC723x headers listed in <xref target="uncommon"/> will get the value “False”
in the new field.</t>

<t>All other existing entries in the registry will be set to “Unknown”
until and if the owner of the entry requests otherwise.</t>

</section>
<section anchor="security-considerations" title="Security Considerations">

<t>Unique dictionary keys are required to reduce the risk of
smuggling attacks.</t>

</section>


  </middle>

  <back>

    <references title='Normative References'>

&RFC2119;
&RFC5137;
&RFC5234;
&RFC7230;


    </references>

    <references title='Informative References'>

&RFC7231;
&RFC7232;
&RFC7233;
&RFC7234;
&RFC7235;
&RFC7239;
&RFC7694;


    </references>


<section anchor="survey" title="Do HTTP headers have any common structure ?">

<t>Several proposals have been floated in recent years to use
some preexisting structured data serialization or other
for HTTP headers, to impose some sanity.</t>

<t>None of these proposals have gained traction and no obvious
candidate data serializations have been left unexamined.</t>

<t>This effort tries to tackle the question from the other side,
by asking if there is a common structure in existing HTTP
headers we can generalize for this purpose.</t>

<section anchor="survey-of-http-header-structure" title="Survey of HTTP header structure">

<t>The RFC723x family of HTTP/1 standards control 49 entries in the
IANA Message Header Registry, and they share two common motifs.</t>

<t>The majority of RFC723x HTTP headers are lists.  A few of them are
ordered, (‘Content-Encoding’), some are unordered (‘Connection’)
and some are ordered by ‘q=%f’ weight parameters (‘Accept’)</t>

<t>In most cases, the list elements are some kind of identifier, usually
derived from ABNF ‘token’ as defined by <xref target="RFC7230"/>.</t>

<t>A subgroup of headers, mostly related to MIME, uses what one could
call a ‘qualified token’::</t>

<figure><artwork type="abnf"><![CDATA[
  qualified-token = token-or-asterix [ "/" token-or-asterix ]
]]></artwork></figure>

<t>The second motif is parameterized list elements.  The best known
is the “q=0.5” weight parameter, but other parameters exist as well.</t>

<t>Generalizing from these motifs, our candidate “Common Structure”
data model becomes an ordered list of named dictionaries.</t>

<t>In pidgin ABNF, ignoring white-space for the sake of clarity, the
HTTP/1.1 serialization of Common Structure is is something like:</t>

<figure><artwork type="abnf"><![CDATA[
  token-or-asterix = token from RFC7230, but also allowing "*"

  qualified-token = token-or-asterix [ "/" token-or-asterix ]

  field-name, see RFC7230

  Common-Structure-Header = field-name ":" 1#named-dictionary

  named-dictionary = qualified-token [ *(";" param) ]

  param = token [ "=" value ]

  value = we'll get back to this in a moment.
]]></artwork></figure>

<t>Nineteen out of the RFC723x’s 48 headers, almost 40%, can already
be parsed using this definition, and none the rest have requirements
which could not be met by this data model.  See <xref target="common"/> and
<xref target="uncommon"/> for the full survey details.</t>

</section>
<section anchor="survey-of-values-in-http-headers" title="Survey of values in HTTP headers">

<t>Surveying the datatypes of HTTP headers, standardized as well as
private, the following picture emerges:</t>

<section anchor="numbers" title="Numbers">

<t>Integer and floating point are both used.  Range and precision
is mostly unspecified in controlling documents.</t>

<t>Scientific notation (9.192631770e9) does not seem to be used anywhere.</t>

<t>The ranges used seem to be minus several thousand to plus a couple
of billions, the high end almost exclusively being POSIX time_t
timestamps.</t>

</section>
<section anchor="timestamps" title="Timestamps">

<t>RFC723x text format, but POSIX time_t represented as integer or
floating point is not uncommon.  ISO8601 have also been spotted.</t>

</section>
<section anchor="strings" title="Strings">

<t>The vast majority are pure ASCII strings, with either no escapes,
%xx URL-like escapes or C-style back-slash escapes, possibly with
the addition of \uxxxx UNICODE escapes.</t>

<t>Where non-ASCII character sets are used, they are almost always
implicit, rather than explicit.  UTF8 and ISO-8859-1 seem to be
most common.</t>

</section>
<section anchor="binary-blobs" title="Binary blobs">

<t>Often used for cryptographic data.  Usually in base64 encoding,
sometimes ““-quoted more often not.  base85 encoding is also
seen, usually quoted.</t>

</section>
<section anchor="identifiers" title="Identifiers">

<t>Seems to almost always fit in the RFC723x ‘token’ definition.</t>

</section>
</section>
<section anchor="is-this-actually-a-useful-thing-to-generalize-" title="Is this actually a useful thing to generalize ?">

<t>The number one wishlist item seems to be UNICODE strings,
with a big side order of not having to write a new parser
routine every time somebody comes up with a new header.</t>

<t>Having a common parser would indeed be a good thing, and having an
underlying data model which makes it possible define a compressed
serialization, rather than rely on serialization to text followed
by text compression (ie: HPACK) seems like a good idea too.</t>

<t>However, when using a datamodel and a parser general enough to
transport useful data, it will have to be followed by a validation
step, which checks that the data also makes sense.</t>

<t>Today validation, such as it is, is often done by the bespoke parsers.</t>

<t>This then is probably where the next big potential for improvement lies:</t>

<t>Ideally a machine readable “data dictionary” which makes it possibly
to copy that text out of RFCs, run it through a code generator which
spits out validation code which operates on the output of the common
parser.</t>

<t>But history has been particularly unkind to that idea.</t>

<t>Most attempts studied as part of this effort, have sunk under
complexity caused by reaching for generality,  but where scope
has been wisely limited, it seems to be possible.</t>

<t>So file that idea under “future work”.</t>

</section>
<section anchor="common" title="RFC723x headers with “common structure”">

<t><list style="symbols">
  <t>Accept              <xref target="RFC7231"/>, Section 5.3.2</t>
  <t>Accept-Charset      <xref target="RFC7231"/>, Section 5.3.3</t>
  <t>Accept-Encoding     <xref target="RFC7231"/>, Section 5.3.4, <xref target="RFC7694"/>, Section 3</t>
  <t>Accept-Language     <xref target="RFC7231"/>, Section 5.3.5</t>
  <t>Age                 <xref target="RFC7234"/>, Section 5.1</t>
  <t>Allow               <xref target="RFC7231"/>, Section 7.4.1</t>
  <t>Connection          <xref target="RFC7230"/>, Section 6.1</t>
  <t>Content-Encoding    <xref target="RFC7231"/>, Section 3.1.2.2</t>
  <t>Content-Language    <xref target="RFC7231"/>, Section 3.1.3.2</t>
  <t>Content-Length      <xref target="RFC7230"/>, Section 3.3.2</t>
  <t>Content-Type        <xref target="RFC7231"/>, Section 3.1.1.5</t>
  <t>Expect              <xref target="RFC7231"/>, Section 5.1.1</t>
  <t>Max-Forwards        <xref target="RFC7231"/>, Section 5.1.2</t>
  <t>MIME-Version        <xref target="RFC7231"/>, Appendix A.1</t>
  <t>TE                  <xref target="RFC7230"/>, Section 4.3</t>
  <t>Trailer             <xref target="RFC7230"/>, Section 4.4</t>
  <t>Transfer-Encoding   <xref target="RFC7230"/>, Section 3.3.1</t>
  <t>Upgrade             <xref target="RFC7230"/>, Section 6.7</t>
  <t>Vary                <xref target="RFC7231"/>, Section 7.1.4</t>
</list></t>

</section>
<section anchor="uncommon" title="RFC723x headers with “uncommon structure”">

<t>1 of the RFC723x headers is only reserved, and therefore
have no structure at all:</t>

<t><list style="symbols">
  <t>Close               <xref target="RFC7230"/>, Section 8.1</t>
</list></t>

<t>5 of the RFC723x headers are HTTP dates:</t>

<t><list style="symbols">
  <t>Date                <xref target="RFC7231"/>, Section 7.1.1.2</t>
  <t>Expires             <xref target="RFC7234"/>, Section 5.3</t>
  <t>If-Modified-Since   <xref target="RFC7232"/>, Section 3.3</t>
  <t>If-Unmodified-Since <xref target="RFC7232"/>, Section 3.4</t>
  <t>Last-Modified       <xref target="RFC7232"/>, Section 2.2</t>
</list></t>

<t>24 of the RFC723x headers use bespoke formats
which only a single or in rare cases two headers
share:</t>

<t><list style="symbols">
  <t>Accept-Ranges       <xref target="RFC7233"/>, Section 2.3
  <list style="symbols">
      <t>bytes-unit / other-range-unit</t>
    </list></t>
  <t>Authorization       <xref target="RFC7235"/>, Section 4.2</t>
  <t>Proxy-Authorization <xref target="RFC7235"/>, Section 4.4
  <list style="symbols">
      <t>credentials</t>
    </list></t>
  <t>Cache-Control       <xref target="RFC7234"/>, Section 5.2
  <list style="symbols">
      <t>1#cache-directive</t>
    </list></t>
  <t>Content-Location    <xref target="RFC7231"/>, Section 3.1.4.2
  <list style="symbols">
      <t>absolute-URI / partial-URI</t>
    </list></t>
  <t>Content-Range       <xref target="RFC7233"/>, Section 4.2
  <list style="symbols">
      <t>byte-content-range / other-content-range</t>
    </list></t>
  <t>ETag                <xref target="RFC7232"/>, Section 2.3
  <list style="symbols">
      <t>entity-tag</t>
    </list></t>
  <t>Forwarded           <xref target="RFC7239"/>
  <list style="symbols">
      <t>1#forwarded-element</t>
    </list></t>
  <t>From                <xref target="RFC7231"/>, Section 5.5.1
  <list style="symbols">
      <t>mailbox</t>
    </list></t>
  <t>If-Match            <xref target="RFC7232"/>, Section 3.1</t>
  <t>If-None-Match       <xref target="RFC7232"/>, Section 3.2
  <list style="symbols">
      <t>“*” / 1#entity-tag</t>
    </list></t>
  <t>If-Range            <xref target="RFC7233"/>, Section 3.2
  <list style="symbols">
      <t>entity-tag / HTTP-date</t>
    </list></t>
  <t>Host                <xref target="RFC7230"/>, Section 5.4
  <list style="symbols">
      <t>uri-host [ “:” port ]</t>
    </list></t>
  <t>Location            <xref target="RFC7231"/>, Section 7.1.2
  <list style="symbols">
      <t>URI-reference</t>
    </list></t>
  <t>Pragma              <xref target="RFC7234"/>, Section 5.4
  <list style="symbols">
      <t>1#pragma-directive</t>
    </list></t>
  <t>Range               <xref target="RFC7233"/>, Section 3.1
  <list style="symbols">
      <t>byte-ranges-specifier / other-ranges-specifier</t>
    </list></t>
  <t>Referer             <xref target="RFC7231"/>, Section 5.5.2
  <list style="symbols">
      <t>absolute-URI / partial-URI</t>
    </list></t>
  <t>Retry-After         <xref target="RFC7231"/>, Section 7.1.3
  <list style="symbols">
      <t>HTTP-date / delay-seconds</t>
    </list></t>
  <t>Server              <xref target="RFC7231"/>, Section 7.4.2</t>
  <t>User-Agent          <xref target="RFC7231"/>, Section 5.5.3
  <list style="symbols">
      <t>product *( RWS ( product / comment ) )</t>
    </list></t>
  <t>Via                 <xref target="RFC7230"/>, Section 5.7.1
  <list style="symbols">
      <t>1#( received-protocol RWS received-by [ RWS comment ] )</t>
    </list></t>
  <t>Warning             <xref target="RFC7234"/>, Section 5.5
  <list style="symbols">
      <t>1#warning-value</t>
    </list></t>
  <t>Proxy-Authenticate  <xref target="RFC7235"/>, Section 4.3</t>
  <t>WWW-Authenticate    <xref target="RFC7235"/>, Section 4.1
  <list style="symbols">
      <t>1#challenge</t>
    </list></t>
</list></t>

</section>
</section>
<section anchor="changes" title="Changes">

<section anchor="since-draft-ietf-httpbis-header-structure-00" title="Since draft-ietf-httpbis-header-structure-00">

<t>Added signed 64bit integer type.</t>

<t>Drop UTF8, and settle on BCP137 <xref target="RFC5137"/>::EmbeddedUnicodeChar for
h1-unicode-string.</t>

<t>Change h1_blob delimiter to “:” since “’” is valid t_char</t>

</section>
</section>


  </back>

<!-- ##markdown-source:
H4sIAJo3/1gAA61ce3PbRpL/H59ijqqUZIegRD0sWxslK0tyrFvb0uqxzlWS
S4HAkMQKBBAMIIrr0n72+3X3DAjwIfvqLlW7JomZnp5+vyDf970yLhN9pN7f
3l6p9zqIdKFOs8kkS9VNWVRhWRXai7IwDSZYFRXBsPRjXQ79cVnmg9j4Y97j
G7fYT4JSm9KL8M+R2t3pH3ohPo6yYnakTBl5cV4cKaw25e7OzpudXS8odHCk
TvI8ibEyzlKjgjRS1zpI/Nt4or1pVtyPiqzKBU3vXs/wU3SkLtJSF6ku/TPC
y/OCqhxnxZGnfE/hvzg1R+rKf99TfwsmOf8k17jKqsR/r9M0TkfzZ1kxCtL4
X4zCkboda/WPoEhjM1anQYhvV0X2Tx2WvFZPgjg5Uvn4/q8PssgPaVEPQDwv
zYoJwDxooKKu353u9vtv7MeD/t6h+7i7t28/Hu7u7Rx5XpwOF3biQX/+cXf+
cW/+sQHkYP7RHXj46g0WeL7vq2AALgW4gXeS1l8UGBWoSRbpROF0EQRhqumq
zqIsdLrMnMCjddt9ZXQRB4mlmsqGKi67aqRTXdCvOlLDIpuosCoKnZYt4D1P
sEqzUv/xif6vzP64lmeedxabsDLGAi3HsRHhU2Vwr43KkyDUCg9LMIahkpAQ
O1lQFLGHviWxKdVWLbD+dPTX6R4x6UXXm47jcKwAOCjCMUiOW5XqB1pmjra3
aafpyeLtE1lhtq+qAaR0uwlw+0fc5LM9/Wc+veYjEAyDVA00SFul8wMAn/6Z
jnqjuBxXg16cbf/4F2WyqsC1QjCDqRwbU+GyhIpHvGmQYSVYwtsCDLOJPYL/
8fVjqVMip9lOgoFOzPai4tI1iB+TOIoS7XkbpF5FFuEptnneraN0XmRlFmaJ
ijIgB/apeJJnhlCeqRoc1IlFSyRLOOU1CROnC7LmWLkkVbg0ba6hHSkFAT65
Ob24oPOI7lPcOqtAloxwTlQ4Dki4Rcwax6hID+M0Fitjch3Gw5kaZ1M+3MKa
wDQJbQnVUkce8QLSkuC3YALBwrUhlCbG56BwF1D6EXzqQgEAKE4SVeg/q7jQ
ZM28KgVDALAMBoCCXSOt0moyAEaANNAmz+61yoMCN2fWP+D6kVwfIlXGqTZe
mRHtQ22MUA76OxzGIS4N7QrLZIa7XkBfCrooFoMtRfYAsLrgu6ShJfAuH/H+
6uT0b6oyxMQA0u2VEBIfeOZAmkSlq6yKpGEcQX2DJJmBgCFEPIG2EMmy1Mc/
/hT39NpMY72nJXP7AvTOKiYx/64fdJLlE7ILoIFgExPlQxhppR/4TCyFdJt4
lMa4apDilt4gHo1ww1EAA6+mGrIWPEDfmbQx+ALjnJZMl/oq+FwlEXEV9426
3iQDjyG62DNj4VElPI2BgOWmp9T7bArsCpFJmJp7wjAggDCGLIgNQV+0mjBF
dNYEhmolLl6WAmjmrBNJEgliAKkNwAxQ6QrCmyRQGzCRdL4LcSjirDLEf6ha
kBg+lQU3U8MqGZLAEV4+hCKFNEHSWG1TrSMjNhsrA5UAB1aDUaG1FRLSXZOB
5jBhEeEjEoTdbQUFIxIdAOVRRkwEBtOgiLrCgmGSwc1HwP4EqLDN1oBbI9xV
/3lz+amrTt9eXitdhj1VVGQE+Io4n3g+CEwcetgCTk6g5TA5cbFsDGJSphxf
ieHMPPg5RT5006gvX6w/fXryTt5+etfQeMJqcxjrJPKhXpXeBLLvQMZBnAbF
zOo7EDUVhD4wjCpuDS3IQLYgYQT1q/3t1wceeNlCa+rkiwiuiSiEV6pH7M1h
C0yVlMw1b5DhSaQH1SgYwJiUM+bOAP83jaNybJEiZayCZBkrISPRTB6JvRrG
hVitVFcwezBaICzZ5oc4o4hMNe9tFFHGSsVYp+w8g4J8CaxVFMnuQsfWAWg5
Tgck70b9kw5MMjJ2JIXQwpJty92ni9PLs3NrR0mQyWeA/aVvKli8msbExDRj
HYCcyYXY35UworBWsSZwEEYKCMnwkQ0IElJaf1CVPu7lw7aWWjlBEDrGpHsw
oWQ0Ujqh9Zjxiec6BDyDgnjiLBX4AnR0Ggk2gypOIolF5wGN8QK1oP8NAWNQ
7AdIQdraI7Z0oqGecqGVvo5Oa8no8hUJL5AwJWsPqwRtG1aMSMsIBQ4zzZo/
jEunbACxFOFPtRoHkNNaxcdBUlobD3ol8RD3dzrUdldMIY9pKUflBIg2FlkQ
sYSstMite5ND9ZpODZfb2FC3upjEaZZkoxm7NgmAsrAiryFKgGSAmA5GdT7e
3dwiPuV/1adL/nx9/ve7i+vzs07X69y8P/nwgX7kD27FzfvLuw9n80/znaeX
Hz+efzo754cfT/4LMIg9ncur24vLTycfOkxk3HhAwgqtw92IBlDSSJuwiAf4
gjDn7emV6u932UpRKuCxjaJPT090T3XWMlHPpmKsUo2QHesX13BIa8MAIGAQ
hrA+YSmlP5EHtaKz4FI0Obsr4ji5Kg3jCUV90LOnp7l/IZLLWVO+WEGhstXt
tm1te3tCA7/nVSHBoc03uopiIY4gPFYXihrrkHIhnSjoyagIJhPSJ50+xEWW
Eu9hf0mQKCgpOVKJ2aiQdpVEfzGPsGcWUGrVj7SFDKkHgYRMm7KWPt4iiNvY
mvUMF12mb8r2U23dJPFojIiE/ALkP+KEp9CJ2HwIhs3yxCnRp6enF0jG/v3v
f4Me6RAZGrnfAlEO9MmaD+u+5s/OLn6+uK2fERQPDyUWmYfv6lj1X6otxVET
YiVy8o7PM/WCtjS+H6uFtb8qNjfqd1kqX46bK7Y58ZX/SNpHC7/ZcLb5U2DC
OPZtWN18UKUxJTmrHg2SbND6oQ7MWr8uXp9o6nnXGpmmmYcJSRWJPsKJBzMO
pzLwP2e6RlrnbG8nGchnTfxCcAe7DYcD6TIUOBLUMVhOYTDyU2RrwYjgc3pA
QRBLoUchpg1xc7h6yFZR4yWmJ0iAjiEhg79DQhmTECXIJyjbiCWrleykLolY
CW0Hmk6moacxiWotWCQ9c9YdW/kClzvbHfvld15kGXmsfu34nd8hQv03InBC
0At5bizebOjEtgfw3er7bV/t/verPb+vto7525vd3b29w92dvVevD/YPDw9e
7xy+aAm8FRN3oAj3Zm+Tjt6Xb00+22W7rXV7a9fttdbtrljX6/VWbey3Tlh/
QL91wqoD7Lr9xroGQclqMqOJof2DZmYDmRqRoEHIwjFMJlxkJumP0MyQYfIG
ep7vqdoKQuAGM3Vxfn5+eLCvXu0jpi3ruJYic1KzHGH7opS0VJSswnePuzv+
oXbYxkZUqURYJO59QIm+0uSkY/bCHRMMdYe1gNNcqeOR52GoXjnLtUSKnGuK
pjTybcrZKdOjeyNIrgrOMymOxSf4AK/WrSllORTUSh5XILg1lAQs3GnButCt
bGhKT12Ueqx+uPt+B//5d9+fHb57p7bV3ffn8r2/8w7//YjVG/V6AL139Syp
gxryNvred+fFqU8o+Du7Qr27Fh4SklUpGIbvIbMMqW7F4aoWt42Q1QQpF3+2
cfEV5LBmzFQDo0tykBy0TmNA4YTT4mKZIgGLxYMOkMqEfsiSByJNqqcSeFP0
oiVq5aUsKhTB33GEB1ldIGptDyCAiAO1BHrsdiucMILLrkjGvVEyy8f+aDZJ
4SPjkGRpXqEIHrIY+H3ff7d/8gb/7rzmLweH+72W0WCnwNK58wgGDYdC4Lf4
WchaC2hexBMENgmnGiosZnlJAUQOS8mxidhz8fBiqGkdxSBzQlapgcIYmM6I
0znTRmbukI6tZgo2J40n8A2gH8IZCDdCUxOnNomCNP3C6/5ArpNn4bhr/RRr
ChZ04tRKNUXiuW9BdNQEGEkGRpXTDZc+3CwWYJ8PHy8kdlkZhFx+vlkTgrw/
/wU2rKvO/n53eXvejkXqRecgBeWOVtxOx0ExX9nfOyTlG/f9Rc9tOwjquGFE
Vy1LkEuHM7d6+yurjU6GvnWBM9DW7luHQxt4ExXJxShwVp2jDtNoBQCRgMuU
qkljeHGfSjsQH4FbO+wtCbLjIA0QCbIYQgY9jrElNV4wZf+Lqx09j3Tnx84q
aKrzQ2fNQRBv/KoTzSU6xIudbqfxywu7zS1oBYu0+i+dVoDZOebdHFn+7jb/
/8SZALQ21MSzZ6JNPF0KOPHb6pjz6yRc8KZWXV5uNeOD+r8t1fmt49a8aAcR
C4vof+tW7JDD3u2vf7rnH7xd+/TgzD88X/nshUXNXm3JqT5/ucXrPbvoueup
lXZl3drnifE1ctQEWfu8JkodzEXxhJJUitZLdpRUOEY2UbIzRS4c/DMrqHJj
TXNf5UE5Nuq1jxDNC2HjU/bcRt3dvvNfw/k8xFzJRtbyfqE6hGT9Z2SWqUSF
OGfmJXFZJtplB8/0VxRXvlywCN9bsWePU/Y6Uj7krlrX9g24gtVvdApcyAd7
hlgTbopUlu7ocQJVR4TO3iuJBSmy1SYMcrJcUoogx6gnSKnSaVAUFERFbRfr
1PKYzZdUXekjB2S//PLLkYsiM+d87Br2Nz9ZkV3nqBnACWdNZBlBKFvJkuCA
O1qpTQjLDET6if3mmlKES8MiqbdKzQ2MT13lt1mo8LLFevaKAs76Vphnxs0+
BhePPlMBV/i5XAq64otJTd5WCalYG7liBfdy8Qxh0wNViVsSUxm6qsD05jAt
DuSGnN2ekbRSXQUSepGuRx9yA1l3HSARurpVx/bVlqRVQkVIGFYA3LrlTkI5
zbx5W8/WN5N4QEzS8Lsd2jYtqK+CIJmyXOZHCEhjrsZ7+tHYymxlkLibHrzQ
B3HQK9LqumK6zB46G1HmPdcWPC7M27T44uTTifqoDcF3Qdi1HuFYJGJt728b
6cqkQQ6Slp7V4cItt2UoqSYgEyyk7UWyymoXIg+MmJbZMpPqBsy82051RhNT
qP7JTRmo8+GQ7JYICGUDLULYgqhNUVYUGoeKC/MJFfldJrahLnOdbl9WJUsa
IWj72NxTMEg9NBd3b/Ao0dsfkeTEeeLIBVxuRMCm2pY2TE5WTnITxqBRe6dq
TUYWd+LAOOShtFdFhkD3hJIMisH/xX0YTr6opNJVOjAxN7q4iTmEEOkopoOo
6Jci38Lu0yAlMaJJCS7Pz6QRYyNFRPlxwhRwx3IZfaChk8jRta2VftbSpbHG
QYyX22H5zLdUWwNdTml3IyKi+nqjdvdT10mbtOqJ182SrvoJcv2RGpzLF+MK
VhDe01RLQHm0KZll78Q20BgD8+ZaS2mXTJ1rZzh8KWEClqSxjc7yfEBgUeuN
akastqClJhrKnMZmYr0fnKETIhIUnldwVbRmkblG58sXrjZAHp6eHG7eSoW1
HbW6T0X9V+kHI1ccgSGSDcFpnPHQ0o/9/cODnVf9/f03vd2d/g/iNT6zVaj7
fEMYKEli2Xk0m/bSf2K/6gZflgvldJSToroICVcRUgZaZhmQvmn2ZKlQFCTb
qR5lZbxIwhorO3PABoPoKqkFtffYzZHxjEMtzZUz56kaswZzMaN8dhKEYyzx
C6DJMUmrJuluQjlO4qo4xsU5XrsbPuLmszXOzeGERlRBZDBUKUW45LnwBesk
wRBZYmllKwsNNZCpwsrYlw22qyKGz5phriJx6dXWDLhVCyUMoohZFCQeJ1DS
LlkxA2U9BCnu2DW7OJMxqnNbVDQk1XkXJEZ3yN937tL7NJumHds0kez6sdYn
myriwl++1ALNSCKKnMO2oK3ue2SsGctvgNpQlFVwLarWqDQBcytfuqJO7cAJ
NjKuDrxIVSpLgb31pT1rIqnKJPKCX2Xshb4QuBmLLUyRmRdhmM83VhgWeM2V
NWxoNjTu9UxigqYG4B/XvC5iQ0McnplUoxGPhgVlCUNYj6EN8IXrKmdZ2wlK
XxR2f8n5/AShs/0yKCvF/UHSmNCYewI7G0E0I6cAezDTMBo2avN49gKqX9O4
PiKyvebFrhiTyVse11uY5zCwDtz3/kQmb3kmQ1CkORqiFxsH24JOM5UNHmjk
xAvJibNVW8aleclED0v4Q/0YTAie67ZDv7nBxUJDYQzonAhPmOetWSGRNWJ1
l2LFwHCsKHJjG5vLbABVWy33ueXRrKLz5r2qh+hsV1IM4Q3zsK6dWaNs2j1X
p188AVYvJl9n42lTD5/tv1nQEu85e1SPYSCyGHNDeZq5S05g64dukKKZSTps
llr+Mrao1IkaQo+F5RN64tl+cFdtbZ6KrfbPYRcoQNtEMMoCIxVq1znmhalm
qdh8waXkepVbAy5t/nn83XAT1KZmKHlDWE0O0bc2T8JQ5yX2Uv7EM1c84mTn
qmj6yVaPBPnWENI8AOpCSyqqgnu2+ywCwz3YTW5mbUrPXaYdgNKXL/9RTwGR
GaN6uQyGAnCtLYQQN1GSwObEHy8+nnddmyIo55ECtADmLcBdgUjMlWE5+Khd
Sa0f+9Jks503Pyt8jhfix2YPrvnz7/OSgpR8hfmctjuScsrWIluPh6Q4jlNs
bz0ZllSdP493egedJa5Iiit61mAVKxARcaoTmtP72ekMD3pZ9aQeAwtkV2VV
oeaGYdlDeo05gAGuM9GtmQQ3+CYOtjWPIKl2HI1slx3B7ggSyUOeXFk1OY3+
um6DoaYHICHNI91gybKzyb0V08mrZiWoLQIEYRd4JO9et1m6xKnjFd16IStM
aiY5C4HqvOSy4P9FJLxmKbfLIxquNo9Hchm/voxvLcvxYv23v8GE9pvRnczC
N3/DvkVcf1UvuY7LkvJCEOLPNRGA+nHHzQ40JwemetNGGuRZ3SQjGUSSCxLe
nkj8JyhtSQ4k44YRc9Wat02j9l835g95Akzt73zXZcMeJBSYzqglyjF4ZCsW
MiVUR9xd69FSGwloHm96qEMFViQ7DS5pgW0xTgj5mQU3n2JViEt0M1aj/KwV
ZLVaYRIhAJ8yiBOz6HFs2LhQrEM4wSvqWVmcTm1Us+CkaCywVc4RBaaqhK3o
uElBJ5R5LHKPWxcjbY4InQ31SRrMdb+fKdbuG7OB5tFFrjwpdc0TALRQshaq
7/CoEBvVKrW5goQ91jVy4OXmt4gWN1wxpJSCp3FZTbfe9Ppvdl/t9Q8Pd/Sb
F/Mxcyoa2g40F0UQlHEmbf0jjyQYedRYimikohRUwjMaEzd2GjZPKgkoaBqJ
yi8DxLBSGSCi0aQHTQM6udOPITbA/9DAj6abXF3e1N08rzFALES9rX/wPOev
aarTdnrEZDRBtNr5gam7HxlCvTYvYiGIEzmqut1cvn6107fRKtkhDspMnpVS
XSWMbqQRLeR6oApbHVMQd3MSjOZYvbFjrDpmf4GgUAq5put99/io7q4/+GQv
3a8UmZ76ppzxpGx47xuuvbk9rkgkA9ecHruMi8T6t+rxkYDadrvdRcUTjv2g
v77gNi8YItewXXUa6pYYir5ahsmUjRdPZMSmCwnhe/B0qBu8Ae3ubt+9ZkEG
Ef3Xrw/e+P2GAMmsuCW00PGtDFZQiRrEvBwimFJ1L3m550xHSABDqmAr1drG
Xl0O/1l4VKfj/1llxH2uBmQMGIwGANr1+qDexaEwuOwBz7SOj5Tstlhe1AEU
2RMuuFPLvUkbW+Rs2tw6opobULFZF0YsIUgvhwV0Z5g4JZ4TsBuR9k8iZO4d
Byp6xWbMfh9OfGIbAKKhC3PDXU8ScqjjiHMBN48+ZKGHhNvjpgWNAAecsUoF
37PvSnATZsZqxb59kEWcv5F5yG2+z9vEjNI7IgK1Ti/sqxhSvEBEqnlcA89H
WRbJjcWvWHT4HQ+ASthmN6IfO/Zra1x1oXTeJ3AzsTpqv0HRFteCrM7i1Cx7
VbEoZN8BgdwV/dActN2K6f0+auG8sGRnpbVXAX0DW2+q33qYjlmghSDzl3ik
Xm0pY3kNicwq2Mky8+o3D5xcyLyFm9uRSkkmb9YIuuRdm+UnD4FP7ialw7FG
ei6trnqylC2bEBN2khO42ywKZg0g80l5nsbr8hwqa1JEYsgOXS/OMLtslafh
ZUZ8IO+G1NNKKdGVRBImlRRLZvNdHYtb4PRmEDwqFM8qiC2gqbqA1uFbzGOu
zhr5mNEAfpjlM3t/OtvGR9BTXIpfniDCFEz+QMZ26p6VgPVMTgNltLFR4+OV
cmyWc/fEuDfpsDKfR2H2dRchESj0Fo9AJICfgZtGPAyelnFYIfxmr8/ZW2nn
1ki2erYWTW9STXKaiSmrKBYHR3vr1/ukUNAVOTGApFihPO4iIj8pqSPCVnZA
ORtTll9Cqc0Ohf/sVIVpBvTTXo0oVZXmU5bynlbDCDU6GDc0Ls81CnsHwUR1
bAeNyqkdHsLZWCq7sW3pLNYoOurLho0OPe+lkrS43Vl27630n566VPhiVh30
9nq79QafWt9UX3t+w958g0vwn9+w37XPXr3Zbz5rAPqA2Kqi4sWzgA5og120
6m777Q19Ws4dnm8gxWFvnzfMSxLLG3aaG1655a1Sx1r4e71+b5eJ7bY077x2
y157i05H4P96pPYWNtwiqH/22nRGnwl7/kgjBt8kNH2++sfg0X8n72iZr24g
pKj64f9Dy6Dyqg0neY54GJnpCR9we748ILHy1vssk7cFEiCo0Tcs35flqRnq
osm6tTQldO5yBF2R/jr8V71DLP8HhXDfJnl9ILRe2V0U3lb3Oh30vP5CWtsc
ychSrkDBwD7oqC4FFhp2jWzXg+aZ0LpcIe3WIzIi6jShQu83kP81yOMdrEMi
cG8OUSnHMGjuTX0raUR2IJ38ruuqLQtqT7JwMfQ/gqlcarjh4cj58t0F5sry
u3TS3rBmOYnOB6Q2NfwFZFrLSeG93f11pKHGtwsU7Ht4tk7AbAtornOU8KvO
VNonSnJ9k0u4LpXnou7R3Oz715KnttHaa6O15ynlw9GBIzR5Vaptqdn5nOTy
TwSQ/96BCwbbAA/aGkU8uiqyx5nf3rRm+T6fHxY6klDHkM2iP3Dgn9oi97Ms
3uXt/Q3+mwh+FNO4Or1h3LCUWVhjvdbw7VtAwcBkSVVq/+76ApTgkCNI6FsD
otQjnqGqg0ZU9W27UuhZU7f1K0n1bTBapwi7qzhG1CpnfhmMsNsa31oEm7vf
PD1ZGg3dKjdJSTuptPgtCnjQIzdKgOgvHgyyR6tbQRmOv4q0mE0sp/ZQa8+a
5UK/zssOCNbfaN0VUJoMWM8FB2W+G8DI/vhkfwDpPUWLa+6+0767SGlVxP6Y
Nv32K1c7OQX57XeyAw0h+6odE7QgUz6sLywwzTSQzgSjSbAam/1V2PQ3ct7S
kvol0qynTn8uo1LQ8l0hrWgbgcYDOoFxXu1clyTmG7TqWpcFbMWwbMBcSzqR
/ZqJAIZ0MZi52XWAuyH/VqwmwFKYR7aK3jvwEUum5TfcR87P5Y9VqJdb6vrz
jdqqf9jmTIZAvVAvyPPHCwxdL2GHlh/9ja16nsev31akY+pfkZVAAOknd9pv
v/Nxn+kPxKSjlcctiNCBPWwqW2Q8umW5SW1Cds9rLDe5y8+fPy8sXrvcXS8c
018cIKtHPXAkGiRhbkwL3vZb/vLPzo7nndCkLg+r4J9X+wMZouMyJhWw6U9A
FFnOJbeuHfiQAVZ+TZamRuVdSXx6ejo6WvlOQVZ4SwPJ9J4mI63G/T94dpSG
AynV4xkdsgvyEkZns0NxF+fDqvyDione/wDMXI5qCEkAAA==

-->

</rfc>

