<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.1.2 -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC7231 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7231.xml">
<!ENTITY RFC7232 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7232.xml">
<!ENTITY RFC7234 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7234.xml">
]>


<rfc ipr="trust200902" docName="draft-ietf-httpbis-immutable-02" category="std">

  <feedback xmlns='http://purl.org/net/xml2rfc/ext' template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=%3c{ref}%3e:"/><front>
    <title>HTTP Immutable Responses</title>

    <author initials="P." surname="McManus" fullname="Patrick McManus">
      <organization>Mozilla</organization>
      <address>
        <email>pmcmanus@mozilla.com</email>
      </address>
    </author>

    <date year="2017" month="4" day="30"/>

    <area>Applications and Real-Time</area>
    <workgroup>HTTP</workgroup>
    

    <abstract>


<t>The immutable HTTP response Cache-Control extension allows servers to identify
resources that will not be updated during their freshness lifetime. This
assures that a client never needs to revalidate a cached fresh resource to be
certain it has not been modified.</t>



    </abstract>


    <note title="Note to Readers">


<t>Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org),
which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/">https://lists.w3.org/Archives/Public/ietf-http-wg/</eref>.</t>

<t>Working Group information can be found at <eref target="http://httpwg.github.io/">http://httpwg.github.io/</eref>; source
code and issues list for this draft can be found at
<eref target="https://github.com/httpwg/http-extensions/labels/immutable">https://github.com/httpwg/http-extensions/labels/immutable</eref>.</t>


    </note>


  </front>

  <middle>


<section anchor="introduction" title="Introduction">

<t>HTTP’s freshness lifetime mechanism <xref target="RFC7234"></xref> allows a client to safely reuse a
stored response to satisfy future requests for a specified period of time.
However, it is still possible that the resource will be modified during that
period.</t>

<t>For instance, a front page newspaper photo with a freshness lifetime of one
hour would mean that no user would see a cached photo more than one hour old.
However, the photo could be updated at any time resulting in different users
seeing different photos depending on the contents of their caches for up to one
hour. This is compliant with the caching mechanism defined in <xref target="RFC7234"></xref>.</t>

<t>Users that need to confirm there have been no updates to their cached responses
typically use the reload (or refresh) mechanism in their user agents. This in
turn generates a conditional request <xref target="RFC7232"></xref> and either a new representation
or, if unmodified, a 304 (Not Modified) response <xref target="RFC7232"></xref> is returned. A user
agent that understands HTML and fetches its dependent sub-resources might issue
hundreds of conditional requests to refresh all portions of a common page
<xref target="REQPERPAGE"></xref>.</t>

<t>However some content providers never create more than one variant of a
sub-resource, because they use “versioned” URLs. When these resources need an
update they are simply published under a new URL, typically embedding an
identifier unique to that version of the resource in the path, and references
to the sub-resource are updated with the new path information.</t>

<t>For example, <spanx style="verb">https://www.example.com/101016/main.css</spanx> might be updated and
republished as <spanx style="verb">https://www.example.com/102026/main.css</spanx>, with any links that
reference it being changed at the same time. This design pattern allows a very
large freshness lifetime to be used for the sub-resource without guessing
when it will be updated in the future.</t>

<t>Unfortunately, the user agent does not know when this versioned URL design
pattern is used. As a result, user-driven refreshes still translate into wasted
conditional requests for each sub-resource as each will return 304 responses.</t>

<t>The <spanx style="verb">immutable</spanx> HTTP response Cache-Control extension allows servers to
identify responses that will not be updated during their freshness lifetimes.</t>

<t>This effectively informs clients that any conditional request for that response
can be safely skipped without worrying that it has been updated.</t>

</section>
<section anchor="the-immutable-cache-control-extension" title="The immutable Cache-Control extension">

<t>When present in an HTTP response, the <spanx style="verb">immutable</spanx> Cache-Control
extension indicates that the origin server will not update the representation
of that resource during the freshness lifetime of the
response.</t>

<t>Clients SHOULD NOT issue a conditional request during the
response’s freshness lifetime (e.g. upon a reload) unless explicitly
overridden by the user (e.g. a force reload).</t>

<t>The immutable extension only applies during the freshness lifetime of the
stored response. Stale responses SHOULD be revalidated as they normally would
be in the absence of immutable.</t>

<t>The immutable extension takes no arguments. If any arguments are present, they
have no meaning, and MUST be ignored. Multiple instances of the immutable
extension are equivalent to one instance. The presence of an immutable
Cache-Control extension in a request has no effect.</t>

<section anchor="about-intermediaries" title="About Intermediaries">

<t>An immutable response has the same semantic meaning when received by
proxy clients as it does when received by User-Agent based
clients. Therefore proxies SHOULD skip conditionally revalidating fresh
responses containing the immutable extension unless there is a signal
from the client that a validation is necessary (e.g. a no-cache
Cache-Control request directive).</t>

<t>A proxy that uses immutable to bypass a conditional revalidation may choose
whether to reply with a 304 or 200 to its requesting client based on
the request headers the proxy received.</t>

</section>
<section anchor="example" title="Example">

<figure><artwork type="example"><![CDATA[
Cache-Control: max-age=31536000, immutable
]]></artwork></figure>

</section>
</section>
<section anchor="security-considerations" title="Security Considerations">

<t>The immutable mechanism acts as form of soft pinning and, as with all pinning
mechanisms, creates a vector for amplification of cache corruption incidents.
These incidents include cache poisoning attacks. Three mechanisms are suggested
for mitigation of this risk:</t>

<t><list style="symbols">
  <t>Clients SHOULD ignore immutable from resources that are not part of an
authenticated context such as HTTPS. Authenticated resources are less
vulnerable to cache poisoning.</t>
  <t>User-Agents often provide two different refresh mechanisms: reload and some
form of force-reload. The latter is used to rectify interrupted loads and
other corruption. These reloads, typically indicated through no-cache request
attributes, SHOULD ignore immutable as well.</t>
  <t>Clients SHOULD ignore immutable for resources that do not provide a strong
indication that the stored response size is the correct response size such as
responses delimited by connection close.</t>
</list></t>

</section>
<section anchor="iana-considerations" title="IANA Considerations">

<t><xref target="RFC7234"></xref> sections 7.1 and 7.1.2 require registration of the immutable
extension in the “Hypertext Transfer Protocol (HTTP) Cache Directive Registry”
with IETF Review.</t>

<t><list style="symbols">
  <t>Cache-Directive: immutable</t>
  <t>Pointer to specification text: [this document]</t>
</list></t>

</section>
<section anchor="acknowledgments" title="Acknowledgments">

<t>Thank you to Ben Maurer for partnership in developing and testing this
idea. Thank you to Amos Jeffries for help with proxy interactions and
to Mark Nottingham for help with the documentation.</t>

</section>


  </middle>

  <back>

    <references title='Normative References'>

&RFC7231;
&RFC7232;
&RFC7234;


    </references>

    <references title='Informative References'>

<reference anchor="REQPERPAGE" target="http://httparchive.org/interesting.php#reqTotal">
  <front>
    <title>HTTP Archive</title>
    <author >
      <organization></organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>


    </references>



  </back>

<!-- ##markdown-source:
H4sIABYvCFkAA51Za28URxb9PtL8hxJ8WIg8Y2OyQTu7i+LlEVhh4gWjfCAo
1HTXTJfcXdWpqvZ4+MBv33PvrX4wmCiKIhm7ux73ce6553YWi8V8lmyqzUq9
uLy8UC+bpkt6XRv1xsTWu2jifFb6wukGS8qgN2lhTdosqpTatY0L229YnJxi
pU5Ydnry4NF8VuD3rQ/7lYqpnM9sG1YqhS6m05OTf9BiHYxeqbO2rS3WWlym
tCtxsa4Xl7Yx89nOh6tt8F0r1s1n2NSlyofVfKYWCj+UdXGlLpbqvDjXrov0
SGy90CnY4mr6woetdvYT37VS5/6TrWtNL0yjbb1SbVM0tPbHRl4tC9/Qnc6H
BpuuDV375vmTR6cPH4y/no6/fr+i5dZtphvUm2f/u3j25uLsp2f8p0o6bE1a
KQrh6viY/tGhqLB8CQuPrUsmmJis2y7bqr0bzO+XPula9kqu7nCyzmTXHbp0
sVgovY4p6CLR35eVUUNuJLchZ1Q90UVlFk+8S8HXytwk4yJConRd+11U0YRr
E6JKXtnSuGQ3+/kMm30XCoPHlU5qh/go55NaG9W1lPZSlV2AzXhvbFAbbKic
iVHVdmMS0rlUl5VFHnSMXejP0aqoLe5QzuBO/DQlXxzMta4tnUtLyN5SjlS9
IbRqDYwUJiRtnbJJVTpmm4xTjS/txppy2UcHb8xvr+lH8r8BZCV8pHdPbSy6
yAHwG1hlo+AcebqCmW2tcRlewi+JI6GSHGVkKoIO/VXbmNS9oTYWu+2Pu4eU
0PtHAHJli0rh5JzoUsH3f9G6CATQ1riU1cc5qfH4olujMI6nJx4/Zm9+yQb8
xAYMcIONhXaUkY3v3HhFxthuu9zaVHXrpfXHj/+pJIwIoC8NF55FYkwUR3Dk
NBQH585ng+35SFRKvoT/WQygise1Xps6Hg9gfDxkpLFlWRv66656SWAsu4Lc
oCcU6b/FW2CkGlNUKOPYqPe56j70yB3QBGxEvTH1HnDpgHhUeUw+IO5DEfCS
ZONmrzZdAiLx6nf4nyI7r1VsTcEIUq0J1peMDsIxjPM7gusRgQ4xQq2iGloP
EFGxMbAJLQNUuVoQvx6TY6lQLOV4jspz3AxGS9oV5gg2bAKKVLV6a1Aau9hq
rFVt5WH8DoHnFV8FCHZ6h7BWuBxg7eoSMdNO7HJeISD982gm9SXnNggTLXV0
iOIzfF1OnSbXZG3Bh0wogCra7TlM5H1XE4vBIwW/N2A1OEO3o+5wM70an/OJ
wJtpjSvpVS65AhHA+yjFSdTC5kqWAH+YMXgrFEMpAR7RVrRLEic+CNvo3BE/
pdlYB6th3wAlTsO7yPzH8QIjKXbVbWxo6CTEp9LXRmiG4snOM21NDByhBm/T
vkWPq4FHQqNgo/a6VPfgRDCcxPsTy6zLR3GukH4EoHcO5QG4OoWHJvDFmqwr
LZWOrnsY9y6dfuDiNpYsx1LgCEta3IhDtZSbJyhvVOd6gBL2Hp58r+6BL9Eo
5eH9sXjGs2FRMGQPmFadsb2g+C0XIcUPhIFYAtDg9ReX56/YGACVU2hTn3Ba
H7v1Ymwzjd1WSTgJycUxgVoDQHCLr7llSIPQXItBBAXWU3SaBmiiMprP3o/t
WJKdcQ0+bAa0qTb4a0uW58ZUQKskc1Ac1zowxOgSIHpi/hHAUeica0n6Heqp
sMmUd9S7N6+Qzl8qw2mOI1NEwZtGTgRVsh9KSUULRO9VS10hErw4sjmhOBB1
OYDMNGtTchHRSbmJW6zunEXABKlITjYpl9bIVwI/BCxVR5wwxJaqtGAsM8y/
yBYb2HPAUHBkGB0x7VADy5kbDX8QqI99J9ntdsv8lNvJgxP898Mx+qtbFjF+
zIiYso0rSZiMIUH//4PjTk9OJ8cdZQYFXaF/X8VMxoOnxO1r5igqyq2QGzsO
ealGQQMAR7sldCXoNje2IgQXuqkmsXcbS7N8IWSUudkehJSs811SWwA8wgwS
EYZlTt9N+jDkbEkXE/6igKfO4XW9F8IeiUSV3ohOunJ+p3aCQjgyAJTglN1C
d8p+YQEZiyIn54Tcj/jYRRkgWFxfgKZviNCiLtYEYkhaNCwdYS3pjVvql0Jg
QJsHsIrykD0WmmFaGph12Uvdj4O8+PhXxe5QKPvx/L8sdnvLEDWDDlfQMIDC
lEqIWab0GhgQvI3ABRZY0JtDMxXrsKxt4pVt21xxBBUI07DvdUUviLlLZauX
orW+nA2+ESAWmoSN3CoIZrj9i+AKtKax/+Kw+WwMt4V/hbTJXh75YLc4VDIw
Bnkkvq/71GYIiABkzMI3hBDe8OzC5rL7T3Lo3774+d2rp+r1z5fSZL7RRccb
xnNu16X3zHK7hPWErdze74Nwa1pkbmjIxewGRvDwNkD5IrTr/Vibsl1T1ote
Htxffj3KjSH1DhjQND4jqn8uEgcieKneYrA0E7znqKzNZAJjXuU+xIMwNRhW
j/PZemgVGD2ZNHHRYOofGi/DFdQT+LFrRN+83HAtDE+4rWQEMNQQPVZe2EaK
Fg5Lezp/9/aSbAZhkX9LdU7KE8w/iOlePo62TMFJ9yDfFh7n6YHae793yQUj
doiLqIPJOd9iGCtAEBzJbJrJQOrwrjpbU9m+pIG/MaWFnDA8kp5Nzh+ZrJI0
SAOKpoH0sEUfCOHxYArD4+UaoYKGudkPVKNJbgn3Hy5VpHcXZ9wc1joyScsu
dh287jkR/saOECHymVYMz1oZMmQPo3CsmcjSCs23R+ltoMjVIhqbpmVFPYg+
fWAQakTF5wFPPh7093nuTw4uxajDfigm5xcsxg+TNFS3DcLNUmlnSmImypWM
Hq2kfr1vdfxabk+MaDQCXnlPXI0os+RmaUrSLU9s1MDA7KcnJ/yFJcXeGtYa
4h5nQRHlCQ1mDMlHC9FmbGifxB5Qz0Tw0F+fP3/uRdaB9yuYebOAFvj3wwd/
f/jDycnJ0RTO2Cht4q0pQCppr7AvkhiWj3RfV/U4t+hCkEZdjgol+g20tHVO
tCjNFTHHgVS6vJjPhgPiUVbaIqAK0JVM4zTNbfJnQh4CyCHkIYSulfS7gts3
Nd5L1tTDE/qt7kqTN7XeRi8GpaSLKwZ5MBM3hHhit90akSxkQoOEb4f7WTAF
G6/4i9936qCrCBFNQsT4PfiGRpdQw2t1kBnC0Sc++sBJMqRg5uV55IZmI8gg
Hbn9voUG+2LReC4dSSVEB113NQ2IGbsHviNKiuweK58YMnG758lHpZ2fTOf9
cDXGaNWPsETANDvRnX3euYktZIHQZ80ysleRUhQFiy3+3klpxGNaH0XXK+W5
fMYc80Gx741xOvD06gIHV8F322qo/L54OLQpBbvugK6jbyaK8Gnqevkn08rj
+xdZLb0kNYcRFIaaI5Cr3kpuf70IOvwsFe0npr6U4Y0gHbzMUKADR3ItTW2B
UKFzgMaZQj4I1j7rnrvq5dnrs1tqefyKFmVTVI+WDzit+Hd5yhG0/H1sa+kD
c5qMjLe206wJ7rzYtyYwfC9pFACU1EXwyRdg4HuE5PuiF9XTnobVG7ljfwf8
STTx8tnlczy8tmbXp4SpbNixmprwnbrwDCf+uiff7/qAw4yV+vW9fNT0BSuM
Xz9IZM4KGoVqU25ZdwjDaXel9r6jo/6DujjXmK6EjahgUVqxsi1/2zLQ9r7N
FIebhMoTf+1GrDUBd3LaWeOj+i+UALV7PrAydSu0KLTOPuhi+H8iPHSf63Cl
XvtEh1e6OdhIAe/d6ift/wMpMYKa3hkAAA==

-->

</rfc>

