ABSTRACT
The simplicity of HTTP was a major factor in the success of the Web. However, as both the protocol and its uses have evolved, HTTP has grown complex. This complexity results in numerous problems, including confused implementors, interoperability failures, difficulty in extending the protocol, and a long specification without much documented rationale.Many of the problems with HTTP can be traced to unfortunate choices about fundamental definitions and models. This paper analyzes the current (HTTP/1.1) protocol design, showing how it fails in certain cases, and how to improve these fundamentals. Some problems with HTTP can be fixed simply by adopting new models and terminology, allowing us to think more clearly about implementations and extensions. Other problems require explicit (but compatible) protocol changes.
- M. Baker. An abstract model for HTTP resource state. Internet-Draft draft-baker-http-resource-state-model-01.txt, IETF, Nov. 2001. This is a work in progress. http://www.ietf.org/internet-drafts/draft-baker-http-resource-state-model-01.txt.Google Scholar
- T. Berners-Lee. Hypertext transfer protocol (HTTP). Internet Draft draft-ietf-iiir-http-00.txt, IETF, Nov. 1993. This is a work in progress. ftp://ftp.std.com/obi/Networking/WWW/draft-ietf-iiir-http-00.txt.Google Scholar
- M. Blumenthal and D. Clark. Rethinking the design of the Internet: The end to end arguments vs. the brave new world. ACM Trans. Internet Technology, 1(1):70--109, Aug. 2001. Google ScholarDigital Library
- M. C. Chan and T. Woo. Cache-based compaction: A new technique for optimizing Web transfer. In Proc. IEEE Infocom '99, pages 117--125, New York, NY, March 1999.Google Scholar
- J. Dilley. The effect of consistency on cache response time. IEEE Network, 14(3):24--28, May/June 2000. Google ScholarDigital Library
- F. Douglis, A. Feldmann, B. Krishnamurthy, and J. Mogul. Rate of change and other metrics: a live study of the World Wide Web. In Proc. Symp. on Internet Technologies and Systems, pages 147--158, Monterey, CA, Dec. 1997. USENIX. Google ScholarDigital Library
- D. E. Eastlake 3rd. Protocol versus document points of view. Internet-Draft draft-eastlake-proto-doc-pov-04.txt, IETF, Sep. 2001. This is a work in progress. http://www.ietf.org/internet-drafts/draft-eastlake-proto-doc-pov-04.txt.Google Scholar
- A. Einstein. Widely attributed quotation. Various forms of this quotation are attributed to Einstein.Google Scholar
- R. T. Fielding, J. Gettys, J. C. Mogul, H. Frystyk Nielsen, and T. Berners-Lee. Hypertext transfer protocol -- HTTP/1.1. RFC 2068, HTTP Working Group, Jan. 1997. Google ScholarDigital Library
- R. T. Fielding, J. Gettys, J. C. Mogul, H. Frystyk Nielsen, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol -- HTTP/1.1. RFC 2616, HTTP Working Group, June 1999. Google ScholarDigital Library
- R. T. Fielding and R. N. Taylor. Principled design of the modern Web architecture. In Proc. 22nd Intl. Conf. on Software Engineering, pages 407--416, Limerick, Ireland, June 2000. Google ScholarDigital Library
- N. Freed and N. Borenstein. Multipurpose internet mail extensions (MIME) part one: Format of Internet message bodies. RFC 2045, Network Working Group, Nov. 1996. Google ScholarDigital Library
- H. Frystyk Nielsen, P. J. Leach, and S. Lawrence. An HTTP extension framework. RFC 2774, IETF, Feb. 2000. Google ScholarDigital Library
- H. Frystyk Nielsen, M. Spreitzer, B. Janssen, and J. Gettys. HTTP-NG overview: Problem statement, requirements, and solution outline. Internet Draft draft-frystyk-httpng-overview-00.txt, IETF, Nov. 1998. This is a work in progress. http://www.w3.org/Protocols/HTTP-NG/1998/11/draft-frystyk-httpng-overview-00.Google Scholar
- Y. Goland, E. Whitehead, Jr, A. Faizi, S. Carter, and D. Jensen. HTTP extensions for distributed authoring -- WEBDAV. RFC 2518, IETF, Feb. 1999. Google ScholarDigital Library
- K. Holtman. The Safe response header field. RFC 2310, IETF, April 1998. Google ScholarDigital Library
- B. C. Housel and D. B. Lindquist. Webexpress: A system for optimizing Web browsing in a wireless environment. In Proc. 2nd Annual Intl. Conf. on Mobile Computing and Networking, pages 108--116, Rye, NY, Nov. 1996. ACM. Google ScholarDigital Library
- Internet Architecture Board. IAB architectural and policy considerations for OPES. Internet Draft draft-iab-opes-01.txt, IETF, Oct. 2001. This is a work in progress. Google ScholarDigital Library
- G. Klyne and L. Masinter. Identifying composite media features. Internet Draft draft-ietf-conneg-feature-hash-03.txt, IETF CONNEG Working Group, July 1999. This is a work in progress. http://www1.ics.uci.edu/pub/ietf/http/draft-ietf-conneg-feature-hash-03.txt. Google ScholarDigital Library
- B. Krishnamurthy and M. Arlitt. PRO-COW: Protocol compliance on the web. In Proc. USENIX Symposium on Internet Technology and Systems, pages 109--122, San Francisco, CA, March 2001. Google ScholarDigital Library
- D. M. Kristol and L. Montulli. HTTP state management mechanism. RFC 2965, IETF, Oct. 2000. Google ScholarDigital Library
- D. Li, P. Cao, and M. Dahlin. WCIP: Web cache invalidation protocol. Internet Draft draft-danli-wrec-wcip-01.txt, IETF, March 2001. This is a work in progress. http://www.ietf.org/internet-drafts/draft-danli-wrec-wcip-01.txt.Google Scholar
- Merriam-Webster. Webster's Seventh New Collegiate Dictionary. G. & C. Merriam Co., Springfield, MA, 1963.Google Scholar
- J. Mogul, J. Cohen, and S. Lawrence. Specification of HTTP/1.1 OPTIONS messages. Internet Draft draft-ietf-http-options-02.txt, HTTP Working Group, Aug. 1997. This is a work in progress. http://www1.ics.uci.edu/pub/ietf/http/draft-ietf-http-options-02.txt.Google Scholar
- J. C. Mogul. Server-directed transcoding. Computer Communications, 24(2):155--162, Feb. 2001. Google ScholarDigital Library
- J. C. Mogul, F. Douglis, A. Feldmann, and B. Krishnamurthy. Potential benefits of delta encoding and data compression for HTTP. In Proc. SIGCOMM '97 Conference, pages 181--194, Cannes, France, Sep. 1997. Google ScholarDigital Library
- J. C. Mogul, R. T. Fielding, J. Gettys, and H. Frystyk Nielsen. Use and interpretation of HTTP version numbers. RFC 2145, HTTP Working Group, May 1997. Google ScholarDigital Library
- J. C. Mogul, B. Krishnamurthy, F. Douglis, A. Feldmann, Y. Goland, A. van Hoff, and D. Hellerstein. Delta encoding in HTTP. RFC 3229, IETF, Jan. 2002. Google ScholarDigital Library
- E. Rescorla and A. M. Schiffman. The Secure HyperText Transfer Protocol. RFC 2660, IETF, Aug. 1999. Google ScholarDigital Library
- J. Saltzer, D. Reed, and D. Clark. End-to-end arguments in system design. ACM Trans. Computer Systems, 2(4):277--288, Nov. 1984. Google ScholarDigital Library
- A. Tridgell and P. Mackerras. The rsync algorithm. Technical Report TR-CS-96-05, Dept. of Computer Science, Australian National University, June 1996. http://cs.anu.edu.au/techreports/1996/TR-CS-96-05.html.Google Scholar
Index Terms
- Clarifying the fundamentals of HTTP
Recommendations
Clarifying the fundamentals of HTTP
Special issue: Web technologiesThe simplicity of HTTP was a major factor in the success of the Web. However, as both the protocol and its uses have evolved, HTTP has grown complex. This complexity results in numerous problems, including confused implementors, interoperability ...
A framework for practical universally composable zero-knowledge protocols
ASIACRYPT'11: Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information SecurityZero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such ...
On the security of fair non-repudiation protocols
Special issue on SC 2003We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To ...
Comments