<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.0.30 -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC7231 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7231.xml">
<!ENTITY RFC7232 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7232.xml">
<!ENTITY RFC7234 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7234.xml">
]>


<rfc ipr="trust200902" docName="draft-ietf-httpbis-immutable-01" category="std">

  <feedback xmlns='http://purl.org/net/xml2rfc/ext' template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=%3c{ref}%3e:"/><front>
    <title>HTTP Immutable Responses</title>

    <author initials="P." surname="McManus" fullname="Patrick McManus">
      <organization>Mozilla</organization>
      <address>
        <email>pmcmanus@mozilla.com</email>
      </address>
    </author>

    <date year="2017" month="3" day="13"/>

    <area>Applications and Real-Time</area>
    <workgroup>HTTP</workgroup>
    

    <abstract>


<t>The immutable HTTP response Cache-Control extension allows servers to identify
resources that will not be updated during their freshness lifetime. This
assures that a client never needs to revalidate a cached fresh resource to be
certain it has not been modified.</t>



    </abstract>


    <note title="Note to Readers">


<t>Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org),
which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/">https://lists.w3.org/Archives/Public/ietf-http-wg/</eref>.</t>

<t>Working Group information can be found at <eref target="http://httpwg.github.io/">http://httpwg.github.io/</eref>; source
code and issues list for this draft can be found at
<eref target="https://github.com/httpwg/http-extensions/labels/immutable">https://github.com/httpwg/http-extensions/labels/immutable</eref>.</t>


    </note>


  </front>

  <middle>


<section anchor="introduction" title="Introduction">

<t>HTTP’s freshness lifetime mechanism <xref target="RFC7234"></xref> allows a client to safely reuse a
stored response to satisfy future requests for a specified period of time.
However, it is still possible that the resource will be modified during that
period.</t>

<t>For instance, a front page newspaper photo with a freshness lifetime of one
hour would mean that no user would see a cached photo more than one hour old.
However, the photo could be updated at any time resulting in different users
seeing different photos depending on the contents of their caches for up to one
hour. This is compliant with the caching mechanism defined in <xref target="RFC7234"></xref>.</t>

<t>Users that need to confirm there have been no updates to their cached responses
typically use the reload (or refresh) mechanism in their user agents. This in
turn generates a conditional request <xref target="RFC7232"></xref> and either a new representation
or, if unmodified, a 304 (Not Modified) response <xref target="RFC7232"></xref> is returned. A user
agent that understands HTML and fetches its dependent sub-resources might issue
hundreds of conditional requests to refresh all portions of a common page
<xref target="REQPERPAGE"></xref>.</t>

<t>However some content providers never create more than one variant of a
sub-resource, because they use “versioned” URLs. When these resources need an
update they are simply published under a new URL, typically embedding an
identifier unique to that version of the resource in the path, and references
to the sub-resource are updated with the new path information.</t>

<t>For example, <spanx style="verb">https://www.example.com/101016/main.css</spanx> might be updated and
republished as <spanx style="verb">https://www.example.com/102026/main.css</spanx>, with any links that
references it being changed at the same time. This design pattern allows a very
large freshness lifetime to be used for the sub-resource without guessing
when it will be updated in the future.</t>

<t>Unfortunately, the user agent does not know when this versioned URL design
pattern is used. As a result, user-driven refreshes still translate into wasted
conditional requests for each sub-resource as each will return 304 responses.</t>

<t>The <spanx style="verb">immutable</spanx> HTTP response Cache-Control extension allows servers to
identify responses that will not be updated during their freshness lifetimes.</t>

<t>This effectively informs clients that any conditional request for that response
can be safely skipped without worrying that it has been updated.</t>

</section>
<section anchor="the-immutable-cache-control-extension" title="The immutable Cache-Control extension">

<t>When present in an HTTP response, the <spanx style="verb">immutable</spanx> Cache-Control
extension indicates that the origin server will not update the representation
of that resource during the freshness lifetime of the
response.</t>

<t>Clients SHOULD NOT issue a conditional request during the
response’s freshness lifetime (e.g. upon a reload) unless explicitly
overridden by the user (e.g. a force reload).</t>

<t>The immutable extension only applies during the freshness lifetime of the
stored response. Stale responses SHOULD be revalidated as they normally would
be in the absence of immutable.</t>

<t>The immutable extension takes no arguments. If any arguments are present, they
have no meaning, and MUST be ignored. Multiple instances of the immutable
extension are equivalent to one instance. The presence of an immutable
Cache-Control extension in a request has no effect.</t>

<section anchor="about-intermediaries" title="About Intermediaries">

<t>An immutable response has the same semantic meaning whe received by
proxy clients as it does when received by User-Agent based
clients. Therefore proxies SHOULD skip conditionally revalidating fresh
responses containing the immutable extension unless there is a signal
from the client that a validation is necessary (e.g. a no-cache
Cache-Control request directive).</t>

<t>A proxy that uses immutable to bypass a conditional revalidation may choose
whether to reply with a 304 or 200 to its requesting client based on
the request headers the proxy received.</t>

</section>
<section anchor="example" title="Example">

<figure><artwork type="example"><![CDATA[
Cache-Control: max-age=31536000, immutable
]]></artwork></figure>

</section>
</section>
<section anchor="security-considerations" title="Security Considerations">

<t>The immutable mechanism acts as form of soft pinning and, as with all pinning
mechanisms, creates a vector for amplification of cache corruption incidents.
These incidents include cache poisoning attacks. Three mechanisms are suggested
for mitigation of this risk:</t>

<t><list style="symbols">
  <t>Clients SHOULD ignore immutable from resources that are not part of an
authenticated context such as HTTPS. Authenticated resources are less
vulnerable to cache poisoning.</t>
  <t>User-Agents often provide two different refresh mechanisms: reload and some
form of force-reload. The latter is used to rectify interrupted loads and
other corruption. These reloads, typically indicated through no-cache request
attributes, SHOULD ignore immutable as well.</t>
  <t>Clients SHOULD ignore immutable for resources that do not provide a strong
indication that the stored response size is the correct response size such as
responses delimited by connection close.</t>
</list></t>

</section>
<section anchor="iana-considerations" title="IANA Considerations">

<t><xref target="RFC7234"></xref> sections 7.1 and 7.1.2 require registration of the immutable
extension in the “Hypertext Transfer Protocol (HTTP) Cache Directive Registry”
with IETF Review.</t>

<t><list style="symbols">
  <t>Cache-Directive: immutable</t>
  <t>Pointer to specification text: [this document]</t>
</list></t>

</section>
<section anchor="acknowledgments" title="Acknowledgments">

<t>Thank you to Ben Maurer for partnership in developing and testing this
idea. Thank you to Amos Jeffries for help with proxy interactions and
to Mark Nottingham for help with the documentation.</t>

</section>


  </middle>

  <back>

    <references title='Normative References'>

&RFC7231;
&RFC7232;
&RFC7234;


    </references>

    <references title='Informative References'>

<reference anchor="REQPERPAGE" target="http://httparchive.org/interesting.php#reqTotal">
  <front>
    <title>HTTP Archive</title>
    <author >
      <organization></organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>


    </references>



  </back>
</rfc>

