Internet Storm Center state of the internet panel
by Manuel Humberto Santander Pelaez (Version: 1)
If you are at SANSFIRE 2015 in Hilton Baltimore, don't forget to join us today at 7:15 PM EDT for the SANS Internet Storm Center state of the internet panel!
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org
RFC 7540 - HTTP/2 protocol
by Manuel Humberto Santander Pelaez (Version: 1)
RFC 7540 has been out for a month now. What should we expect with this new version?
1. New frame: HTTP/2 implements a binary protocol with the following frame structure:
- Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter.
- Type: The 8-bit type of the frame. It determines the format and semantics of the frame. Implementations must ignore and discard any frame that has a type that is unknow. The following types are defined:
- Length: The length of the frame payload expressed as an unsigned 24 bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE.
- Type: The 8-bit type of the frame. The frame type determines the format and semantics of the frame. Implementations MUST ignore and discard any frame that has a type that is unknown. The following types are allowed:
- Data: Type 0x0, used to transmit regular data in a connection.
- Headers: Type 0x1, used to open a stream and additionally carries a header block fragment.
- Priority: Type 0x2, specifies the sender-advised priority of a stream
- RST_STREAM: Type 0x3, allows for immediate termination of a stream. RST_STREAM is sent to request cancellation of a stream or to indicate that an error condition has occurred
- Settings: Type 0x4, used to transmit configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior. The settings frame is also used to acknowledge the receipt of those parameters.
- PUSH_PROMISE: Type 0x5, used to notify the peer endpoint in advance of streams the sender intends to initiate.
- PING: Type 0x6, used as a mechanism for measuring a minimal round-trip time from the sender, as well as determining whether an idle connection is still functional.
- GOAWAY: 0x7, used to initiate shutdown of a connection or to signal serious error conditions. GOAWAY allows an endpoint to gracefully stop accepting new streams while still finishing processing of previously established streams.
- WINDOW_UPDATE: type=0x8, used to implement flow control.
- Continuation: type=0x9, used to continue a sequence of header block fragments. Any number of CONTINUATION frames can be sent, as long as the preceding frame is on the same stream and is a HEADERS, PUSH_PROMISE, or CONTINUATION frame without the END_HEADERS flag set.
- Flags: an 8-bit field reserved for boolean flags specific to the frame type
- R: A reserved 1-bit field.
- Stream Identifier: A stream identifier expressed as an unsigned 31-bit integer. The value 0x0 is reserved for frames that are associated with the connection as a whole as opposed to an individual stream.
2. Security:
- Implementations of HTTP/2 MUST use TLS version 1.2 or higher for HTTP/2 over TLS. The general TLS usage guidance in RFC 7525 should be followed.
- The TLS implementation MUST support the Server Name Indication (SNI) extension to TLS. HTTP/2 clients MUST indicate the target domain name when negotiating TLS.
3. Browser support: The following list resume browser support for HTTP/2 at this time:
- Chrome supports HTTP/2 by default, as of version 41.
- Google Chrome Canary supports HTTP/2 by default, as of version 43
- Chrome for iOS supports HTTP/2 by default, as of version 41
- Firefox supports HTTP/2 which has been enabled by default, as of version 36.
- Internet Explorer supports HTTP/2 in version 11, but only for Windows 10 beta, and is enabled by default.
- Opera supports HTTP/2 by default, as of version 28.
- Safari supports HTTP/2 in version 8.1, but only for OS X v10.11 and iOS 9.
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org
Comments