Fastly

kazuhooku@gmail.com

Cloudflare

lucaspardue.24.7@gmail.com

Applications and Real-Time HTTP Internet-Draft This document describes a scheme for prioritizing HTTP responses. This scheme expresses the priority of each HTTP response using absolute values, rather than as a relative relationship between a group of HTTP responses. This document defines the Priority header field for communicating the initial priority in an HTTP version-independent manner, as well as HTTP/2 and HTTP/3 frames for reprioritizing the responses. These share a common format structure that is designed to provide future extensibility. RFC EDITOR: please remove this section before publication Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org), which is archived at https://lists.w3.org/Archives/Public/ietf-http-wg/. Working Group information can be found at https://httpwg.org/; source code and issues list for this draft can be found at https://github.com/httpwg/http-extensions/labels/priorities.

It is common for an HTTP () resource representation to have relationships to one or more other resources. Clients will often discover these relationships while processing a retrieved representation, leading to further retrieval requests. Meanwhile, the nature of the relationship determines whether the client is blocked from continuing to process locally available resources. For example, visual rendering of an HTML document could be blocked by the retrieval of a CSS file that the document refers to. In contrast, inline images do not block rendering and get drawn incrementally as the chunks of the images arrive. To provide meaningful presentation of a document at the earliest moment, it is important for an HTTP server to prioritize the HTTP responses, or the chunks of those HTTP responses, that it sends. HTTP/2 () provides such a prioritization scheme. A client sends a series of PRIORITY frames to communicate to the server a “priority tree”; this represents the client’s preferred ordering and weighted distribution of the bandwidth among the HTTP responses. However, the design and implementation of this scheme has been observed to have shortcomings, explained in . This document defines the Priority HTTP header field that can be used by both client and server to specify the precedence of HTTP responses in a standardized, extensible, protocol-version-independent, end-to-end format. Along with the protocol-version-specific frame for reprioritization, this prioritization scheme acts as a substitute for the original prioritization scheme of HTTP/2.

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in . The terms sf-token and sf-boolean are imported from . Example HTTP requests and responses use the HTTP/2-style formatting from . This document uses the variable-length integer encoding from . The term control stream is used to describe the HTTP/2 stream with identifier 0x0, and HTTP/3 control stream; see , Section 6.2.1.

An important feature of any implementation of a protocol that provides multiplexing is the ability to prioritize the sending of information. This was an important realization in the design of HTTP/2. Prioritization is a difficult problem, so it will always be suboptimal, particularly if one endpoint operates in ignorance of the needs of its peer. HTTP/2 introduced a complex prioritization signaling scheme that used a combination of dependencies and weights, formed into an unbalanced tree. This scheme has suffered from poor deployment and interoperability. The rich flexibility of client-driven HTTP/2 prioritization tree building is rarely exercised. Experience has shown that clients tend to choose a single model optimized for a web use case and experiment within the model constraints, or do nothing at all. Furthermore, many clients build their prioritization tree in a unique way, which makes it difficult for servers to understand their intent and act or intervene accordingly. Many HTTP/2 server implementations do not include support for the priority scheme. Some instead favor custom server-driven schemes based on heuristics or other hints, such as resource content type or request generation order. For example, a server, with knowledge of the document structure, might want to prioritize the delivery of images that are critical to user experience above other images, but below the CSS files. Since client trees vary, it is impossible for the server to determine how such images should be prioritized against other responses. The HTTP/2 scheme allows intermediaries to coalesce multiple client trees into a single tree that is used for a single upstream HTTP/2 connection. However, most intermediaries do not support this. The scheme does not define a method that can be used by a server to express the priority of a response. Without such a method, intermediaries cannot coordinate client-driven and server-driven priorities. HTTP/2 describes denial-of-service considerations for implementations. On 2019-08-13 Netflix issued an advisory notice about the discovery of several resource exhaustion vectors affecting multiple HTTP/2 implementations. One attack, aka “Resource Loop”, is based on manipulation of the priority tree. The HTTP/2 scheme depends on in-order delivery of signals, leading to challenges in porting the scheme to protocols that do not provide global ordering. For example, the scheme cannot be used in HTTP/3 without changing the signal and its processing. Considering the problems with deployment and adaptability to HTTP/3, retaining the HTTP/2 priority scheme increases the complexity of the entire system without any evidence that the value it provides offsets that complexity. In fact, multiple experiments from independent research have shown that simpler schemes can reach at least equivalent performance characteristics compared to the more complex HTTP/2 setups seen in practice, at least for the web use case.

The problems and insights set out above are motivation for allowing endpoints to opt out of using the HTTP/2 priority scheme, in favor of using an alternative such as the scheme defined in this specification. The SETTINGS_DEPRECATE_HTTP2_PRIORITIES setting described below enables endpoints to understand their peer’s intention. The value of the parameter MUST be 0 or 1. Any value other than 0 or 1 MUST be treated as a connection error (see , Section 5.4.1) of type PROTOCOL_ERROR. Endpoints MUST send this SETTINGS parameter as part of the first SETTINGS frame. When the peer receives the first SETTINGS frame, it learns the sender has deprecated the HTTP/2 priority scheme if it receives the SETTINGS_DEPRECATE_HTTP2_PRIORITIES parameter with the value of 1. A sender MUST NOT change the SETTINGS_DEPRECATE_HTTP2_PRIORITIES parameter value after the first SETTINGS frame. Detection of a change by a receiver MUST be treated as a connection error of type PROTOCOL_ERROR. Until the client receives the SETTINGS frame from the server, the client SHOULD send both the priority signal defined in the HTTP/2 priority scheme and also that of this prioritization scheme. Once the client learns that the HTTP/2 priority scheme is deprecated, it SHOULD stop sending the HTTP/2 priority signals. If the client learns that the HTTP/2 priority scheme is not deprecated, it SHOULD stop sending PRIORITY_UPDATE frames (), but MAY continue sending the Priority header field (), as it is an end-to-end signal that might be useful to nodes behind the server that the client is directly connected to. The SETTINGS frame precedes any priority signal sent from a client in HTTP/2, so a server can determine if it should respect the HTTP/2 scheme before building state. A server that receives SETTINGS_DEPRECATE_HTTP2_PRIORITIES MUST ignore HTTP/2 priority signals. Where both endpoints disable HTTP/2 priorities, the client is expected to send this scheme’s priority signal. Handling of omitted signals is described in .

The priority information is a sequence of key-value pairs, providing room for future extensions. Each key-value pair represents a priority parameter. The Priority HTTP header field () is an end-to-end way to transmit this set of parameters when a request or a response is issued. In order to reprioritize a request, HTTP-version-specific frames ( and ) are used by clients to transmit the same information on a single hop. If intermediaries want to specify prioritization on a multiplexed HTTP connection, they SHOULD use a PRIORITY_UPDATE frame and SHOULD NOT change the Priority header field. In both cases, the set of priority parameters is encoded as a Structured Fields Dictionary (). This document defines the urgency(u) and incremental(i) parameters. When receiving an HTTP request that does not carry these priority parameters, a server SHOULD act as if their default values were specified. Note that handling of omitted parameters is different when processing an HTTP response; see . Unknown parameters, parameters with out-of-range values or values of unexpected types MUST be ignored.

The urgency parameter (u) takes an integer between 0 and 7, in descending order of priority. This range provides sufficient granularity for prioritizing responses for ordinary web browsing, at minimal complexity. The value is encoded as an sf-integer. The default value is 3. This parameter indicates the sender’s recommendation, based on the expectation that the server would transmit HTTP responses in the order of their urgency values if possible. The smaller the value, the higher the precedence. The following example shows a request for a CSS file with the urgency set to 0:

A client that fetches a document that likely consists of multiple HTTP resources (e.g., HTML) SHOULD assign the default urgency level to the main resource. This convention allows servers to refine the urgency using knowledge specific to the web-site (see ). The lowest urgency level (7) is reserved for background tasks such as delivery of software updates. This urgency level SHOULD NOT be used for fetching responses that have impact on user interaction.

The incremental parameter (i) takes an sf-boolean as the value that indicates if an HTTP response can be processed incrementally, i.e. provide some meaningful output as chunks of the response arrive. The default value of the incremental parameter is false (0). A server might distribute the bandwidth of a connection between incremental responses that share the same urgency, hoping that providing those responses in parallel would be more helpful to the client than delivering the responses one by one. If a client makes concurrent requests with the incremental parameter set to false, there is no benefit serving responses in parallel because the client is not going to process those responses incrementally. Serving non-incremental responses one by one, in the order in which those requests were generated is considered to be the best strategy. The following example shows a request for a JPEG file with the urgency parameter set to 5 and the incremental parameter set to true.

When attempting to extend priorities, care must be taken to ensure any use of existing parameters leaves them either unchanged or modified in a way that is backwards compatible for peers that are unaware of the extended meaning. For example, if there is a need to provide more granularity than eight urgency levels, it would be possible to subdivide the range using an additional parameter. Implementations that do not recognize the parameter can safely continue to use the less granular eight levels. Alternatively, the urgency can be augmented. For example, a graphical user agent could send a visible parameter to indicate if the resource being requested is within the viewport.

The Priority HTTP header field can appear in requests and responses. A client uses it to specify the priority of the response. A server uses it to inform the client that the priority was overwritten. An intermediary can use the Priority information from client requests and server responses to correct or amend the precedence to suit it (see ). The Priority header field is an end-to-end signal of the request priority from the client or the response priority from the server. As is the ordinary case for HTTP caching (), a response with a Priority header field might be cached and re-used for subsequent requests. When an origin server generates the Priority response header field based on properties of an HTTP request it receives, the server is expected to control the cacheability or the applicability of the cached response, by using header fields that control the caching behavior (e.g., Cache-Control, Vary). An endpoint that fails to parse the Priority header field SHOULD use default parameter values.

After a client sends a request, it may be beneficial to change the priority of the response. As an example, a web browser might issue a prefetch request for a JavaScript file with the urgency parameter of the Priority request header field set to u=7 (background). Then, when the user navigates to a page which references the new JavaScript file, while the prefetch is in progress, the browser would send a reprioritization signal with the priority field value set to u=0. The PRIORITY_UPDATE frame () can be used for such reprioritization.

This document specifies a new PRIORITY_UPDATE frame for HTTP/2 () and HTTP/3 (). It carries priority parameters and references the target of the prioritization based on a version-specific identifier. In HTTP/2, this identifier is the Stream ID; in HTTP/3, the identifier is either the Stream ID or Push ID. Unlike the Priority header field, the PRIORITY_UPDATE frame is a hop-by-hop signal. PRIORITY_UPDATE frames are sent by clients on the control stream, allowing them to be sent independent from the stream that carries the response. This means they can be used to reprioritize a response or a push stream; or signal the initial priority of a response instead of the Priority header field. A PRIORITY_UPDATE frame communicates a complete set of all parameters in the Priority Field Value field. Omitting a parameter is a signal to use the parameter’s default value. Failure to parse the Priority Field Value MUST be treated as a connection error. In HTTP/2 the error is of type PROTOCOL_ERROR; in HTTP/3 the error is of type H3_FRAME_ERROR. A client MAY send a PRIORITY_UPDATE frame before the stream that it references is open. Furthermore, HTTP/3 offers no guaranteed ordering across streams, which could cause the frame to be received earlier than intended. Either case leads to a race condition where a server receives a PRIORITY_UPDATE frame that references a request stream that is yet to be opened. To solve this condition, for the purposes of scheduling, the most recently received PRIORITY_UPDATE frame can be considered as the most up-to-date information that overrides any other signal. Servers SHOULD buffer the most recently received PRIORITY_UPDATE frame and apply it once the referenced stream is opened. Holding PRIORITY_UPDATE frames for each stream requires server resources, which can can be bound by local implementation policy. (TODO: consider resolving #1261, and adding more text about bounds). Although there is no limit to the number PRIORITY_UPDATES that can be sent, storing only the most recently received frame limits resource commitment.

The HTTP/2 PRIORITY_UPDATE frame (type=0x10) is used by clients to signal the initial priority of a response, or to reprioritize a response or push stream. It carries the stream ID of the response and the priority in ASCII text, using the same representation as the Priority header field value. The Stream Identifier field (, Section 4.1) in the PRIORITY_UPDATE frame header MUST be zero (0x0). Receiving a PRIORITY_UPDATE frame with a field of any other value MUST be treated as a connection error of type PROTOCOL_ERROR.

The PRIORITY_UPDATE frame payload has the following fields: A reserved 1-bit field. The semantics of this bit are undefined, and the bit MUST remain unset (0x0) when sending and MUST be ignored when receiving. A 31-bit stream identifier for the stream that is the target of the priority update. The priority update value in ASCII text, encoded using Structured Fields. The Prioritized Stream ID MUST be within the stream limit. If a server receives a PRIORITY_UPDATE with a Prioritized Stream ID that is beyond the stream limits, this SHOULD be treated as a connection error of type PROTOCOL_ERROR. If a PRIORITY_UPDATE frame is received with a Prioritized Stream ID of 0x0, the recipient MUST respond with a connection error of type PROTOCOL_ERROR. If a client receives a PRIORITY_UPDATE frame, it MUST respond with a connection error of type PROTOCOL_ERROR.

The HTTP/3 PRIORITY_UPDATE frame (type=0xF0700 or 0xF0701) is used by clients to signal the initial priority of a response, or to reprioritize a response or push stream. It carries the identifier of the element that is being prioritized, and the updated priority in ASCII text, using the same representation as that of the Priority header field value. PRIORITY_UPDATE with a frame type of 0xF0700 is used for request streams, while PRIORITY_UPDATE with a frame type of 0xF0701 is used for push streams. The PRIORITY_UPDATE frame MUST be sent on the client control stream (, Section 6.2.1). Receiving a PRIORITY_UPDATE frame on a stream other than the client control stream MUST be treated as a connection error of type H3_FRAME_UNEXPECTED.

The PRIORITY_UPDATE frame payload has the following fields: The stream ID or push ID that is the target of the priority update. The priority update value in ASCII text, encoded using Structured Fields. The request-stream variant of PRIORITY_UPDATE (type=0xF0700) MUST reference a request stream. If a server receives a PRIORITY_UPDATE (type=0xF0700) for a Stream ID that is not a request stream, this MUST be treated as a connection error of type H3_ID_ERROR. The Stream ID MUST be within the client-initiated bidirectional stream limit. If a server receives a PRIORITY_UPDATE (type=0xF0700) with a Stream ID that is beyond the stream limits, this SHOULD be treated as a connection error of type H3_ID_ERROR. The push-stream variant PRIORITY_UPDATE (type=0xF0701) MUST reference a promised push stream. If a server receives a PRIORITY_UPDATE (type=0xF0701) with a Push ID that is greater than the maximum Push ID or which has not yet been promised, this MUST be treated as a connection error of type H3_ID_ERROR. PRIORITY_UPDATE frames of either type are only sent by clients. If a client receives a PRIORITY_UPDATE frame, this MUST be treated as a connection error of type H3_FRAME_UNEXPECTED.

It is not always the case that the client has the best understanding of how the HTTP responses deserve to be prioritized. The server might have additional information that can be combined with the client’s indicated priority in order to improve the prioritization of the response. For example, use of an HTML document might depend heavily on one of the inline images; existence of such dependencies is typically best known to the server. Or, a server that receives requests for a font and images with the same urgency might give higher precedence to the font, so that a visual client can render textual information at an early moment. An origin can use the Priority response header field to indicate its view on how an HTTP response should be prioritized. An intermediary that forwards an HTTP response can use the parameters found in the Priority response header field, in combination with the client Priority request header field, as input to its prioritization process. No guidance is provided for merging priorities, this is left as an implementation decision. Absence of a priority parameter in an HTTP response indicates the server’s disinterest in changing the client-provided value. This is different from the logic being defined for the request header field, in which omission of a priority parameter implies the use of their default values (see ). As a non-normative example, when the client sends an HTTP request with the urgency parameter set to 5 and the incremental parameter set to true

and the origin responds with

the intermediary might alter its understanding of the urgency from 5 to 1, because it prefers the server-provided value over the client’s. The incremental value continues to be true, the value specified by the client, as the server did not specify the incremental(i) parameter.

A client MAY use priority values to make local processing or scheduling choices about the requests it initiates.

Priority signals are input to a prioritization process. They do not guarantee any particular processing or transmission order for one response relative to any other response. An endpoint cannot force a peer to process concurrent request in a particular order using priority. Expressing priority is therefore only a suggestion. A server can use priority signals along with other inputs to make scheduling decisions. No guidance is provided about how this can or should be done. Factors such as implementation choices or deployment environment also play a role. Any given connection is likely to have many dynamic permutations. For these reasons, there is no unilateral perfect scheduler and this document only provides some basic recommendations for implementations. Clients cannot depend on particular treatment based on priority signals. Servers can use other information to prioritize responses. It is RECOMMENDED that, when possible, servers respect the urgency parameter (), sending higher urgency responses before lower urgency responses. It is RECOMMENDED that, when possible, servers respect the incremental parameter (). Non-incremental responses of the same urgency SHOULD be served one-by-one based on the Stream ID, which corresponds to the order in which clients make requests. Doing so ensures that clients can use request ordering to influence response order. Incremental responses of the same urgency SHOULD be served in round-robin manner. The incremental parameter indicates how a client processes response bytes as they arrive. Non-incremental resources are only used when all of the response payload has been received. Incremental resources are used as parts, or chunks, of the response payload are received. Therefore, the timing of response data reception at the client, such as the time to early bytes or the time to receive the entire payload, plays an important role in perceived performance. Timings depend on resource size but this scheme provides no explicit guidance about how a server should use size as an input to prioritization. Instead, the following examples demonstrate how a server that strictly abides the scheduling guidance based on urgency and request generation order could find that early requests prevent serving of later requests. At the same urgency level, a non-incremental request for a large resource followed by an incremental request for a small resource. At the same urgency level, an incremental request of indeterminate length followed by a non-incremental large resource. It is RECOMMENDED that servers avoid such starvation where possible. The method to do so is an implementation decision. For example, a server might pre-emptively send responses of a particular incremental type based on other information such as content size.

As a general guideline, a server SHOULD NOT use priority information for making schedule decisions across multiple connections, unless it knows that those connections originate from the same client. Due to this, priority information conveyed over a non-coalesced HTTP connection (e.g., HTTP/1.1) might go unused. The remainder of this section discusses scenarios where unfairness is problematic and presents possible mitigations, or where unfairness is desirable. TODO: Discuss if we should add a signal that mitigates this issue. For example, we might add a SETTINGS parameter that indicates the next hop that the connection is NOT coalesced (see https://github.com/kazuho/draft-kazuho-httpbis-priority/issues/99).

When an intermediary coalesces HTTP requests coming from multiple clients into one HTTP/2 or HTTP/3 connection going to the backend server, requests that originate from one client might have higher precedence than those coming from others. It is sometimes beneficial for the server running behind an intermediary to obey to the value of the Priority header field. As an example, a resource-constrained server might defer the transmission of software update files that would have the background urgency being associated. However, in the worst case, the asymmetry between the precedence declared by multiple clients might cause responses going to one user agent to be delayed totally after those going to another. In order to mitigate this fairness problem, a server could use knowledge about the intermediary as another signal in its prioritization decisions. For instance, if a server knows the intermediary is coalescing requests, then it could serve the responses in round-robin manner. This can work if the constrained resource is network capacity between the intermediary and the user agent, as the intermediary buffers responses and forwards the chunks based on the prioritization scheme it implements. A server can determine if a request came from an intermediary through configuration, or by consulting if that request contains one of the following header fields: Forwarded, X-Forwarded-For () Via (, Section 5.7.1)

It is common for CDN infrastructure to support different HTTP versions on the front end and back end. For instance, the client-facing edge might support HTTP/2 and HTTP/3 while communication to back end servers is done using HTTP/1.1. Unlike with connection coalescing, the CDN will “de-mux” requests into discrete connections to the back end. As HTTP/1.1 and older do not provide a way to concurrently transmit multiple responses, there is no immediate fairness issue in protocol. However, back end servers MAY still use client headers for request scheduling. Back end servers SHOULD only schedule based on client priority information where that information can be scoped to individual end clients. Authentication and other session information might provide this linkability.

It is sometimes beneficial to deprioritize the transmission of one connection over others, knowing that doing so introduces a certain amount of unfairness between the connections and therefore between the requests served on those connections. For example, a server might use a scavenging congestion controller on connections that only convey background priority responses such as software update images. Doing so improves responsiveness of other connections at the cost of delaying the delivery of updates.

Contrary to the prioritization scheme of HTTP/2 that uses a hop-by-hop frame, the Priority header field is defined as end-to-end. The rationale is that the Priority header field transmits how each response affects the client’s processing of those responses, rather than how relatively urgent each response is to others. The way a client processes a response is a property associated to that client generating that request. Not that of an intermediary. Therefore, it is an end-to-end property. How these end-to-end properties carried by the Priority header field affect the prioritization between the responses that share a connection is a hop-by-hop issue. Having the Priority header field defined as end-to-end is important for caching intermediaries. Such intermediaries can cache the value of the Priority header field along with the response, and utilize the value of the cached header field when serving the cached response, only because the header field is defined as end-to-end rather than hop-by-hop. It should also be noted that the use of a header field carrying a textual value makes the prioritization scheme extensible; see the discussion below.

aka “Resource Loop”, is a DoS attack based on manipulation of the HTTP/2 priority tree. Extensible priorities does not use stream dependencies, which mitigates this vulnerability. TBD: depending on the outcome of reprioritization discussions, following paragraphs may change or be removed. , Section 5.3.4 describes a scenario where closure of streams in the priority tree could cause suboptimal prioritization. To avoid this, states that “an endpoint SHOULD retain stream prioritization state for a period after streams become closed”. Retaining state for streams no longer counted towards stream concurrency consumes server resources. Furthermore, identifies that reprioritization of a closed stream could affect dependents; it recommends updating the priority tree if sufficient state is stored, which will also consume server resources. To limit this commitment, it is stated that “The amount of prioritization state that is retained MAY be limited” and “If a limit is applied, endpoints SHOULD maintain state for at least as many streams as allowed by their setting for SETTINGS_MAX_CONCURRENT_STREAMS.”. Extensible priorities does not use stream dependencies, which minimizes most of the resource concerns related to this scenario. , Section 5.3.4 also presents considerations about the state required to store priority information about streams in an “idle” state. This state can be limited by adopting the guidance about concurrency limits described above. Extensible priorities is subject to a similar consideration because PRIORITY_UPDATE frames may arrive before the request that they reference. A server is required to store the information in order to apply the most up-to-date signal to the request. However, HTTP/3 implementations might have practical barriers to determining reasonable stream concurrency limits depending on the information that is available to them from the QUIC transport layer. TODO: so what can we suggest?

This specification registers the following entry in the Permanent Message Header Field Names registry established by : Priority http standard IETF This document n/a This specification registers the following entry in the HTTP/2 Settings registry established by : SETTINGS_DEPRECATE_HTTP2_PRIORITIES 0x9 0 This document This specification registers the following entry in the HTTP/2 Frame Type registry established by : PRIORITY_UPDATE 0x10 This document This specification registers the following entries in the HTTP/3 Frame Type registry established by : PRIORITY_UPDATE 0xF0700 and 0xF0701 This document

The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations. This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients.This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values. This document defines the core of the QUIC transport protocol. Accompanying documents describe QUIC's loss detection and congestion control and the use of TLS for key negotiation. Note to Readers Discussion of this draft takes place on the QUIC working group mailing list (quic@ietf.org (mailto:quic@ietf.org)), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=quic Working Group information can be found at https://github.com/quicwg; source code and issues list for this draft can be found at https://github.com/quicwg/base-drafts/labels/-transport. The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC, and describes how HTTP/2 extensions can be ported to HTTP/3. Common Vulnerabilities and Exposures The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages. This memo serves to register and document the "font" top-level media type, under which subtypes for representation formats for fonts may be registered. This document also serves as a registration application for a set of intended subtypes, which are representative of some existing subtypes already in use, and currently registered under the "application" tree by their separate registrations. This document defines an HTTP extension header field that allows proxy components to disclose information lost in the proxying process, for example, the originating IP address of a request or IP address of the proxy on the user-agent-facing interface. In a path of proxying components, this makes it possible to arrange it so that each subsequent component will have access to, for example, all IP addresses used in the chain of proxied HTTP requests.This document also specifies guidelines for a proxy administrator to anonymize the origin of a request. This specification defines registration procedures for the message header fields used by Internet mail, HTTP, Netnews and other applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. HTTP/2 provides a prioritization scheme but experience has shown that implementation support varies. This document defines an HTTP/2 setting that endpoints can use as an affirmative signal to indicate their support for HTTP/2 Priorities.

Roy Fielding presented the idea of using a header field for representing priorities in http://tools.ietf.org/agenda/83/slides/slides-83-httpbis-5.pdf. In https://github.com/pmeenan/http3-prioritization-proposal, Patrick Meenan advocates for representing the priorities using a tuple of urgency and concurrency. The ability to deprecate HTTP/2 prioritization is based on , authored by Brad Lassey and Lucas Pardue, with modifications based on feedback that was not incorporated into an update to that document. The motivation for defining an alternative to HTTP/2 priorities is drawn from discussion within the broad HTTP community. Special thanks to Roberto Peon, Martin Thomson and Netflix for text that was incorporated explicitly in this document. In addition to the people above, this document owes a lot to the extensive discussion in the HTTP priority design team, consisting of Alan Frindell, Andrew Galloni, Craig Taylor, Ian Swett, Kazuho Oku, Lucas Pardue, Matthew Cox, Mike Bishop, Roberto Peon, Robin Marx, Roy Fielding.

PRIORITY_UPDATE frame changes (#1096, #1079, #1167, #1262, #1267, #1271) Add section to describe server scheduling considerations (#1215, #1232, #1266) Remove specific instructions related to intermediary fairness (#1022, #1264)

Move text around (#1217, #1218) Editorial change to the default urgency. The value is 3, which was always the intent of previous changes.

Minimize semantics of Urgency levels (#1023, #1026) Reduce guidance about how intermediary implements merging priority signals (#1026) Remove mention of CDN-Loop (#1062) Editorial changes Make changes due to WG adoption Removed outdated Consideration (#118)

Changed numbering from [-1,6] to [0,7] (#78) Replaced priority scheme negotiation with HTTP/2 priority deprecation (#100) Shorten parameter names (#108) Expand on considerations (#105, #107, #109, #110, #111, #113)

Consolidation of the problem statement (#61, #73) Define SETTINGS_PRIORITIES for negotiation (#58, #69) Define PRIORITY_UPDATE frame for HTTP/2 and HTTP/3 (#51) Explain fairness issue and mitigations (#56)

Explain how reprioritization might be supported.

Expand urgency levels from 3 to 8.