rfc9211.original		rfc9211.txt
	HTTP M. Nottingham		Internet Engineering Task Force (IETF) M. Nottingham
	Internet-Draft Fastly		Request for Comments: 9211 Fastly
	Intended status: Standards Track 17 August 2021		Category: Standards Track June 2022
	Expires: 18 February 2022		ISSN: 2070-1721
	The Cache-Status HTTP Response Header Field		The Cache-Status HTTP Response Header Field
	draft-ietf-httpbis-cache-header-10
	Abstract		Abstract
	To aid debugging, HTTP caches often append header fields to a		To aid debugging, HTTP caches often append header fields to a
	response explaining how they handled the request in an ad hoc manner.		response, explaining how they handled the request in an ad hoc
	This specification defines a standard mechanism to do so that is		manner. This specification defines a standard mechanism to do so
	aligned with HTTP's caching model.		that is aligned with HTTP's caching model.
	Note to Readers
	_RFC EDITOR: please remove this section before publication_
	Discussion of this draft takes place on the HTTP working group
	mailing list (ietf-http-wg@w3.org), which is archived at
	https://lists.w3.org/Archives/Public/ietf-http-wg/
	(https://lists.w3.org/Archives/Public/ietf-http-wg/).
	Working Group information can be found at https://httpwg.org/
	(https://httpwg.org/); source code and issues list for this draft can
	be found at https://github.com/httpwg/http-extensions/labels/cache-
	header (https://github.com/httpwg/http-extensions/labels/cache-
	header).
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This is an Internet Standards Track document.
	provisions of BCP 78 and BCP 79.
	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		This document is a product of the Internet Engineering Task Force
	and may be updated, replaced, or obsoleted by other documents at any		(IETF). It represents the consensus of the IETF community. It has
	time. It is inappropriate to use Internet-Drafts as reference		received public review and has been approved for publication by the
	material or to cite them other than as "work in progress."		Internet Engineering Steering Group (IESG). Further information on
			Internet Standards is available in Section 2 of RFC 7841.
	This Internet-Draft will expire on 18 February 2022.		Information about the current status of this document, any errata,
			and how to provide feedback on it may be obtained at
			https://www.rfc-editor.org/info/rfc9211.
	Copyright Notice		Copyright Notice
	Copyright (c) 2021 IETF Trust and the persons identified as the		Copyright (c) 2022 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents (https://trustee.ietf.org/		Provisions Relating to IETF Documents
	license-info) in effect on the date of publication of this document.		(https://trustee.ietf.org/license-info) in effect on the date of
	Please review these documents carefully, as they describe your rights		publication of this document. Please review these documents
	and restrictions with respect to this document. Code Components		carefully, as they describe your rights and restrictions with respect
	extracted from this document must include Simplified BSD License text		to this document. Code Components extracted from this document must
	as described in Section 4.e of the Trust Legal Provisions and are		include Revised BSD License text as described in Section 4.e of the
	provided without warranty as described in the Simplified BSD License.		Trust Legal Provisions and are provided without warranty as described
			in the Revised BSD License.
	Table of Contents		Table of Contents
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2		1. Introduction
	1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3		1.1. Notational Conventions
	2. The Cache-Status HTTP Response Header Field . . . . . . . . . 3		2. The Cache-Status HTTP Response Header Field
	2.1. The hit parameter . . . . . . . . . . . . . . . . . . . . 4		2.1. The hit Parameter
	2.2. The fwd parameter . . . . . . . . . . . . . . . . . . . . 4		2.2. The fwd Parameter
	2.3. The fwd-status parameter . . . . . . . . . . . . . . . . 5		2.3. The fwd-status Parameter
	2.4. The ttl parameter . . . . . . . . . . . . . . . . . . . . 6		2.4. The ttl Parameter
	2.5. The stored parameter . . . . . . . . . . . . . . . . . . 6		2.5. The stored Parameter
	2.6. The collapsed parameter . . . . . . . . . . . . . . . . . 6		2.6. The collapsed Parameter
	2.7. The key parameter . . . . . . . . . . . . . . . . . . . . 6		2.7. The key Parameter
	2.8. The detail parameter . . . . . . . . . . . . . . . . . . 6		2.8. The detail Parameter
	3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 7		3. Examples
	4. Defining New Cache-Status Parameters . . . . . . . . . . . . 8		4. Defining New Cache-Status Parameters
	5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8		5. IANA Considerations
	6. Security Considerations . . . . . . . . . . . . . . . . . . . 9		6. Security Considerations
	7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9		7. References
	7.1. Normative References . . . . . . . . . . . . . . . . . . 9		7.1. Normative References
	7.2. Informative References . . . . . . . . . . . . . . . . . 10		7.2. Informative References
	Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10		Author's Address
	1. Introduction		1. Introduction
	To aid debugging (both by humans and automated tools), HTTP caches		To aid debugging (both by humans and automated tools), HTTP caches
	often append header fields to a response explaining how they handled		often append header fields to a response explaining how they handled
	the request. Unfortunately, the semantics of these headers are often		the request. Unfortunately, the semantics of these header fields are
	unclear, and both the semantics and syntax used vary between		often unclear, and both the semantics and syntax used vary between
	implementations.		implementations.
	This specification defines a new HTTP response header field, "Cache-		This specification defines a new HTTP response header field, "Cache-
	Status" for this purpose, with standardized syntax and semantics.		Status", for this purpose with standardized syntax and semantics.
	1.1. Notational Conventions		1.1. Notational Conventions
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and		"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
	"OPTIONAL" in this document are to be interpreted as described in BCP		"OPTIONAL" in this document are to be interpreted as described in
	14 [RFC2119] [RFC8174] when, and only when, they appear in all		BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
	capitals, as shown here.		capitals, as shown here.
	This document uses ABNF as defined in [RFC5234], with rules prefixed		This document uses the following terminology from Section 3 of
	with "sf-" and the "key" rule as defined in [STRUCTURED-FIELDS]. It		[STRUCTURED-FIELDS] to specify syntax and parsing: List, String,
	uses terminology from [HTTP] and [HTTP-CACHING].		Token, Integer, and Boolean.
			This document also uses terminology from [HTTP] and [HTTP-CACHING].
	2. The Cache-Status HTTP Response Header Field		2. The Cache-Status HTTP Response Header Field
	The Cache-Status HTTP response header field indicates how caches have		The Cache-Status HTTP response header field indicates how caches have
	handled that response and its corresponding request. The syntax of		handled that response and its corresponding request. The syntax of
	this header field conforms to [STRUCTURED-FIELDS].		this header field conforms to [STRUCTURED-FIELDS].
	Its value is a List ([STRUCTURED-FIELDS], Section 3.1):		Its value is a List. Each member of the List represents a cache that
			has handled the request. The first member represents the cache
	Cache-Status = sf-list		closest to the origin server, and the last member represents the
	Each member of the list represents a cache that has handled the
	request. The first member of the list represents the cache closest
	to the origin server, and the last member of the list represents the
	cache closest to the user (possibly including the user agent's cache		cache closest to the user (possibly including the user agent's cache
	itself, if it appends a value).		itself if it appends a value).
	Caches determine when it is appropriate to add the Cache-Status		Caches determine when it is appropriate to add the Cache-Status
	header field to a response. Some might add it to all responses,		header field to a response. Some might add it to all responses,
	whereas others might only do so when specifically configured to, or		whereas others might only do so when specifically configured to, or
	when the request contains a header field that activates a debugging		when the request contains a header field that activates a debugging
	mode. See Section 6 for related security considerations.		mode. See Section 6 for related security considerations.
	An intermediary SHOULD NOT append a Cache-Status member to responses		An intermediary SHOULD NOT append a Cache-Status member to responses
	that it generates locally, even if that intermediary contains a		that it generates locally, even if that intermediary contains a
	cache, unless the generated response is based upon a stored response		cache, unless the generated response is based upon a stored response
	(e.g., 304 Not Modified and 206 Partial Content are both based upon a		(e.g., 304 (Not Modified) and 206 (Partial Content) are both based
	stored response). For example, a proxy generating a 400 response due		upon a stored response). For example, a proxy generating a 400
	to a malformed request will not add a Cache-Status value, because		response due to a malformed request will not add a Cache-Status
	that response was generated by the proxy, not the origin server.		value, because that response was generated by the proxy, not the
			origin server.
	When adding a value to the Cache-Status header field, caches SHOULD		When adding a value to the Cache-Status header field, caches SHOULD
	preserve the existing field value, to allow debugging of the entire		preserve the existing field value, to allow debugging of the entire
	chain of caches handling the request.		chain of caches handling the request.
	Each list member identifies the cache that inserted it and this		Each List member identifies the cache that inserted it, and this
	identifier MUST be a String or Token. Depending on the deployment,		identifier MUST be a String or Token. Depending on the deployment,
	this might be a product or service name (e.g., ExampleCache or		this might be a product or service name (e.g., "ExampleCache" or
	"Example CDN"), a hostname ("cache-3.example.com"), an IP address, or		"Example CDN"), a hostname ("cache-3.example.com"), an IP address, or
	a generated string.		a generated string.
	Each member of the list can have parameters that describe that		Each member of the list can have parameters that describe that
	cache's handling of the request. While these parameters are		cache's handling of the request. While these parameters are
	OPTIONAL, caches are encouraged to provide as much information as		OPTIONAL, caches are encouraged to provide as much information as
	possible.		possible.
	This specification defines the following parameters:		This specification defines the following parameters.
	hit = sf-boolean
	fwd = sf-token
	fwd-status = sf-integer
	ttl = sf-integer
	stored = sf-boolean
	collapsed = sf-boolean
	key = sf-string
	detail = sf-token / sf-string
	2.1. The hit parameter		2.1. The hit Parameter
	"hit", when true, indicates that the request was satisfied by the		The value of "hit" is a Boolean that, when true, indicates that the
	cache; i.e., it was not forwarded, and the response was obtained from		request was satisfied by the cache; that is, it was not forwarded,
	the cache.		and the response was obtained from the cache.
	A response that was originally produced by the origin but was		A response that was originally produced by the origin but was
	modified by the cache (for example, a 304 or 206 status code) is		modified by the cache (for example, a 304 or 206 status code) is
	still considered a hit, as long as it did not go forward (e.g., for		still considered a hit, as long as it did not go forward (e.g., for
	validation).		validation).
	A response that was in cache but not able to be used without going		A response that was in cache but not able to be used without going
	forward (e.g., because it was stale, or partial) is not considered a		forward (e.g., because it was stale or partial) is not considered a
	hit. Note that a stale response that is used without going forward		hit. Note that a stale response that is used without going forward
	(e.g., because the origin server is not available) can be considered		(e.g., because the origin server is not available) can be considered
	a hit.		a hit.
	"hit" and "fwd" are exclusive; only one of them should appear on each		"hit" and "fwd" are exclusive; only one of them should appear on each
	list member.		list member.
	2.2. The fwd parameter		2.2. The fwd Parameter
	"fwd" indicates that the request went forward towards the origin, and		"fwd", when present, indicates that the request went forward towards
	why.		the origin; its value is a Token that indicates why.
	The following parameter values are defined to explain why the request		The following parameter values are defined to explain why the request
	went forward, from most specific to least:		went forward, from most specific to least:
	* bypass - The cache was configured to not handle this request		bypass: The cache was configured to not handle this request.
	* method - The request method's semantics require the request to be		method: The request method's semantics require the request to be
	forwarded		forwarded.
	* uri-miss - The cache did not contain any responses that matched		uri-miss: The cache did not contain any responses that matched the
	the request URI		request URI.
	* vary-miss - The cache contained a response that matched the		vary-miss: The cache contained a response that matched the request
	request URI, but could not select a response based upon this		URI, but it could not select a response based upon this request's
	request's headers and stored Vary headers.		header fields and stored Vary header fields.
	* miss - The cache did not contain any responses that could be used		miss: The cache did not contain any responses that could be used to
	to satisfy this request (to be used when an implementation cannot		satisfy this request (to be used when an implementation cannot
	distinguish between uri-miss and vary-miss)		distinguish between uri-miss and vary-miss).
	* request - The cache was able to select a fresh response for the		request: The cache was able to select a fresh response for the
	request, but the request's semantics (e.g., Cache-Control request		request, but the request's semantics (e.g., Cache-Control request
	directives) did not allow its use		directives) did not allow its use.
	* stale - The cache was able to select a response for the request,		stale: The cache was able to select a response for the request, but
	but it was stale		it was stale.
	* partial - The cache was able to select a partial response for the		partial: The cache was able to select a partial response for the
	request, but it did not contain all of the requested ranges (or		request, but it did not contain all of the requested ranges (or
	the request was for the complete response)		the request was for the complete response).
	The most specific reason that the cache is aware of SHOULD be used,		The most specific reason known to the cache SHOULD be used, to the
	to the extent that it is possible to implement. See also		extent that it is possible to implement. See also [HTTP-CACHING],
	[HTTP-CACHING], Section 4.		Section 4.
	2.3. The fwd-status parameter		2.3. The fwd-status Parameter
	"fwd-status" indicates what status code (see [HTTP], Section 15) the		The value of "fwd-status" is an Integer that indicates which status
	next hop server returned in response to the forwarded request. Only		code (see [HTTP], Section 15) the next-hop server returned in
	meaningful when "fwd" is present; if "fwd-status" is not present but		response to the forwarded request. The fwd-status parameter is only
	"fwd" is, it defaults to the status code sent in the response.		meaningful when fwd is present. If fwd-status is not present but the
			fwd parameter is, it defaults to the status code sent in the
			response.
	This parameter is useful to distinguish cases when the next hop		This parameter is useful to distinguish cases when the next-hop
	server sends a 304 Not Modified response to a conditional request, or		server sends a 304 (Not Modified) response to a conditional request
	a 206 Partial Response because of a range request.		or a 206 (Partial Content) response because of a range request.
	2.4. The ttl parameter		2.4. The ttl Parameter
	"ttl" indicates the response's remaining freshness lifetime (see		The value of "ttl" is an Integer that indicates the response's
	[HTTP-CACHING], Section 4.2.1) as calculated by the cache, as an		remaining freshness lifetime (see [HTTP-CACHING], Section 4.2.1) as
	integer number of seconds, measured as closely as possible to when		calculated by the cache, as an integer number of seconds, measured as
	the response header section is sent by the cache. This includes		closely as possible to when the response header section is sent by
	freshness assigned by the cache; e.g., through heuristics (see		the cache. This includes freshness assigned by the cache through,
	[HTTP-CACHING], Section 4.2.2), local configuration, or other		for example, heuristics (see [HTTP-CACHING], Section 4.2.2), local
	factors. May be negative, to indicate staleness.		configuration, or other factors. It may be negative, to indicate
			staleness.
	2.5. The stored parameter		2.5. The stored Parameter
	"stored" indicates whether the cache stored the response (see		The value of "stored" is a Boolean that indicates whether the cache
	[HTTP-CACHING], Section 3); a true value indicates that it did. Only		stored the response (see [HTTP-CACHING], Section 3); a true value
	meaningful when fwd is present.		indicates that it did. The stored parameter is only meaningful when
			fwd is present.
	2.6. The collapsed parameter		2.6. The collapsed Parameter
	"collapsed" indicates whether this request was collapsed together		The value of "collapsed" is a Boolean that indicates whether this
	with one or more other forward requests (see [HTTP-CACHING],		request was collapsed together with one or more other forward
	Section 4); if true, the response was successfully reused; if not, a		requests (see [HTTP-CACHING], Section 4). If true, the response was
	new request had to be made. If not present, the request was not		successfully reused; if not, a new request had to be made. If not
	collapsed with others. Only meaningful when fwd is present.		present, the request was not collapsed with others. The collapsed
			parameter is only meaningful when fwd is present.
	2.7. The key parameter		2.7. The key Parameter
	"key" conveys a representation of the cache key (see [HTTP-CACHING],		The value of "key" is a String that conveys a representation of the
	Section 2) used for the response. Note that this may be		cache key (see [HTTP-CACHING], Section 2) used for the response.
	implementation-specific.		Note that this may be implementation specific.
	2.8. The detail parameter		2.8. The detail Parameter
	"detail" allows implementations to convey additional information not		The value of "detail" is either a String or a Token that allows
	captured in other parameters; for example, implementation-specific		implementations to convey additional information not captured in
	states, or other caching-related metrics.		other parameters, such as implementation-specific states or other
			caching-related metrics.
	For example:		For example:
	Cache-Status: ExampleCache; hit; detail=MEMORY		Cache-Status: ExampleCache; hit; detail=MEMORY
	The semantics of a detail parameter are always specific to the cache		The semantics of a detail parameter are always specific to the cache
	that sent it; even if a member of details from another cache shares		that sent it; even if a details parameter from another cache shares
	the same name, it might not mean the same thing.		the same value, it might not mean the same thing.
	This parameter is intentionally limited. If an implementation's		This parameter is intentionally limited. If an implementation's
	developer or operator needs to convey additional information in an		developer or operator needs to convey additional information in an
	interoperable fashion, they are encouraged to register extension		interoperable fashion, they are encouraged to register extension
	parameters (see Section 4) or define another header field.		parameters (see Section 4) or define another header field.
	3. Examples		3. Examples
	The most minimal cache hit:		The following is an example of a minimal cache hit:
	Cache-Status: ExampleCache; hit		Cache-Status: ExampleCache; hit
	... but a polite cache will give some more information, e.g.:		However, a polite cache will give some more information, e.g.:
	Cache-Status: ExampleCache; hit; ttl=376		Cache-Status: ExampleCache; hit; ttl=376
	A stale hit just has negative freshness:		A stale hit just has negative freshness, as in this example:
	Cache-Status: ExampleCache; hit; ttl=-412		Cache-Status: ExampleCache; hit; ttl=-412
	Whereas a complete miss is:		Whereas this is an example of a complete miss:
	Cache-Status: ExampleCache; fwd=uri-miss		Cache-Status: ExampleCache; fwd=uri-miss
	A miss that successfully validated on the back-end server:		This is an example of a miss that successfully validated on the
			backend server:
	Cache-Status: ExampleCache; fwd=stale; fwd-status=304		Cache-Status: ExampleCache; fwd=stale; fwd-status=304
	A miss that was collapsed with another request:		This is an example of a miss that was collapsed with another request:
	Cache-Status: ExampleCache; fwd=uri-miss; collapsed		Cache-Status: ExampleCache; fwd=uri-miss; collapsed
	A miss that the cache attempted to collapse, but couldn't:		This is an example of a miss that the cache attempted to collapse,
			but couldn't:
	Cache-Status: ExampleCache; fwd=uri-miss; collapsed=?0		Cache-Status: ExampleCache; fwd=uri-miss; collapsed=?0
	Going through two separate layers of caching, where the cache closest		The following is an example of going through two separate layers of
	to the origin responded to an earlier request with a stored response,		caching, where the cache closest to the origin responded to an
	and a second cache stored that response and later reused it to		earlier request with a stored response, and a second cache stored
	satisfy the current request:		that response and later reused it to satisfy the current request:
	Cache-Status: OriginCache; hit; ttl=1100,		Cache-Status: OriginCache; hit; ttl=1100,
	"CDN Company Here"; hit; ttl=545		"CDN Company Here"; hit; ttl=545
	Going through a three-layer caching system, where the closest to the		The following is an example of going through a three-layer caching
	origin is a reverse proxy (where the response was served from cache),		system, where the closest to the origin is a reverse proxy (where the
	the next is a forward proxy interposed by the network (where the		response was served from cache); the next is a forward proxy
	request was forwarded because there wasn't any response cached with		interposed by the network (where the request was forwarded because
	its URI, the request was collapsed with others, and the resulting		there wasn't any response cached with its URI, the request was
	response was stored), and the closest to the user is a browser cache		collapsed with others, and the resulting response was stored); and
	(where there wasn't any response cached with the request's URI):		the closest to the user is a browser cache (where there wasn't any
			response cached with the request's URI):
	Cache-Status: ReverseProxyCache; hit		Cache-Status: ReverseProxyCache; hit
	Cache-Status: ForwardProxyCache; fwd=uri-miss; collapsed; stored		Cache-Status: ForwardProxyCache; fwd=uri-miss; collapsed; stored
	Cache-Status: BrowserCache; fwd=uri-miss		Cache-Status: BrowserCache; fwd=uri-miss
	4. Defining New Cache-Status Parameters		4. Defining New Cache-Status Parameters
	New Cache-Status Parameters can be defined by registering them in the		New Cache-Status parameters can be defined by registering them in the
	HTTP Cache-Status Parameters registry.		"HTTP Cache-Status" registry.
	Registration requests are reviewed and approved by a Designated		Registration requests are reviewed and approved by a designated
	Expert, as per [RFC8126], Section 4.5. A specification document is		expert, per [RFC8126], Section 4.5. A specification document is
	appreciated, but not required.		appreciated but not required.
	The Expert(s) should consider the following factors when evaluating		The expert(s) should consider the following factors when evaluating
	requests:		requests:
	* Community feedback		* Community feedback
	* If the value is sufficiently well-defined		* If the value is sufficiently well defined
	* Generic parameters are preferred over vendor-specific,		* Generic parameters are preferred over vendor-specific,
	application-specific, or deployment-specific values. If a generic		application-specific, or deployment-specific values. If a generic
	value cannot be agreed upon in the community, the parameter's name		value cannot be agreed upon in the community, the parameter's name
	should be correspondingly specific (e.g., with a prefix that		should be correspondingly specific (e.g., with a prefix that
	identifies the vendor, application or deployment).		identifies the vendor, application, or deployment).
	Registration requests should use the following template:		Registration requests should use the following template:
	* Name: [a name for the Cache-Status Parameter that matches the		Name: [a name for the Cache-Status parameter's key; see
	'key' ABNF rule]		Section 3.1.2 of [STRUCTURED-FIELDS] for syntactic requirements]
	* Description: [a description of the parameter semantics and value]		Type: [the Structured Type of the parameter's value; see
			Section 3.1.2 of [STRUCTURED-FIELDS]]
	* Reference: [to a specification defining this parameter, if		Description: [a description of the parameter's semantics]
			Reference: [to a specification defining this parameter, if
	available]		available]
	See the registry at https://iana.org/assignments/http-cache-status		See the registry at <https://www.iana.org/assignments/http-cache-
	(https://iana.org/assignments/http-cache-status) for details on where		status> for details on where to send registration requests.
	to send registration requests.
	5. IANA Considerations		5. IANA Considerations
	Upon publication, please create the HTTP Cache-Status Parameters		IANA has created the "HTTP Cache-Status" registry at
	registry at https://iana.org/assignments/http-cache-status		<https://www.iana.org/assignments/http-cache-status> and populated it
	(https://iana.org/assignments/http-cache-status) and populate it with		with the types defined in Section 2; see Section 4 for its associated
	the types defined in Section 2; see Section 4 for its associated
	procedures.		procedures.
	Also, please create the following entry in the Hypertext Transfer		IANA has added the following entry in the "Hypertext Transfer
	Protocol (HTTP) Field Name Registry defined in [HTTP], Section 18.4:		Protocol (HTTP) Field Name Registry" defined in [HTTP], Section 18.4:
	* Field name: Cache-Status
	* Status: permanent
	* Specification document: [this document]
	* Comments:		Field name: Cache-Status
			Status: permanent
			Reference: RFC 9211
	6. Security Considerations		6. Security Considerations
	Attackers can use the information in Cache-Status to probe the		Attackers can use the information in Cache-Status to probe the
	behaviour of the cache (and other components), and infer the activity		behavior of the cache (and other components) and infer the activity
	of those using the cache. The Cache-Status header field may not		of those using the cache. The Cache-Status header field may not
	create these risks on its own, but can assist attackers in exploiting		create these risks on its own, but it can assist attackers in
	them.		exploiting them.
	For example, knowing if a cache has stored a response can help an		For example, knowing if a cache has stored a response can help an
	attacker execute a timing attack on sensitive data.		attacker execute a timing attack on sensitive data.
	Additionally, exposing the cache key can help an attacker understand		Additionally, exposing the cache key can help an attacker understand
	modifications to the cache key, which may assist cache poisoning		modifications to the cache key, which may assist cache poisoning
	attacks. See [ENTANGLE] for details.		attacks. See [ENTANGLE] for details.
	The underlying risks can be mitigated with a variety of techniques		The underlying risks can be mitigated with a variety of techniques
	(e.g., use of encryption and authentication; avoiding the inclusion		(e.g., using encryption and authentication and avoiding the inclusion
	of attacker-controlled data in the cache key), depending on their		of attacker-controlled data in the cache key), depending on their
	exact nature. Note that merely obfuscating the key does not mitigate		exact nature. Note that merely obfuscating the key does not mitigate
	this risk.		this risk.
	To avoid assisting such attacks, the Cache-Status header field can be		To avoid assisting such attacks, the Cache-Status header field can be
	omitted, only sent when the client is authorized to receive it, or		omitted, only sent when the client is authorized to receive it, or
	only send sensitive information (e.g., the key parameter) when the		sent with sensitive information (e.g., the key parameter) only when
	client is authorized.		the client is authorized.
	7. References		7. References
	7.1. Normative References		7.1. Normative References
			[HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
			Ed., "HTTP Semantics", STD 97, RFC 9110,
			DOI 10.17487/RFC9110, June 2022,
			<https://www.rfc-editor.org/info/rfc9110>.
			[HTTP-CACHING]
			Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
			Ed., "HTTP Caching", STD 98, RFC 9111,
			DOI 10.17487/RFC9111, June 2022,
			<https://www.rfc-editor.org/info/rfc9111>.
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,		Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997,		DOI 10.17487/RFC2119, March 1997,
	<https://www.rfc-editor.org/rfc/rfc2119>.		<https://www.rfc-editor.org/info/rfc2119>.
	[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for		[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
	Writing an IANA Considerations Section in RFCs", BCP 26,		Writing an IANA Considerations Section in RFCs", BCP 26,
	RFC 8126, DOI 10.17487/RFC8126, June 2017,		RFC 8126, DOI 10.17487/RFC8126, June 2017,
	<https://www.rfc-editor.org/rfc/rfc8126>.		<https://www.rfc-editor.org/info/rfc8126>.
	[STRUCTURED-FIELDS]
	Nottingham, M. and P-H. Kamp, "Structured Field Values for
	HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021,
	<https://www.rfc-editor.org/rfc/rfc8941>.
	[HTTP] Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
	Semantics", Work in Progress, Internet-Draft, draft-ietf-
	httpbis-semantics-17, 25 July 2021,
	<https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-
	semantics-17>.
	[HTTP-CACHING]
	Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
	Caching", Work in Progress, Internet-Draft, draft-ietf-
	httpbis-cache-17, 25 July 2021,
	<https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-
	cache-17>.
	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC		[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,		2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
	May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.		May 2017, <https://www.rfc-editor.org/info/rfc8174>.
	[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax		[STRUCTURED-FIELDS]
	Specifications: ABNF", STD 68, RFC 5234,		Nottingham, M. and P-H. Kamp, "Structured Field Values for
	DOI 10.17487/RFC5234, January 2008,		HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021,
	<https://www.rfc-editor.org/rfc/rfc5234>.		<https://www.rfc-editor.org/info/rfc8941>.
	7.2. Informative References		7.2. Informative References
	[ENTANGLE] Kettle, J., "Web Cache Entanglement: Novel Pathways to		[ENTANGLE] Kettle, J., "Web Cache Entanglement: Novel Pathways to
	Poisoning", 2020, <https://i.blackhat.com/USA-		Poisoning", September 2020,
	20/Wednesday/us-20-Kettle-Web-Cache-Entanglement-Novel-		<https://portswigger.net/research/web-cache-entanglement>.
	Pathways-To-Poisoning-wp.pdf>.
	Author's Address		Author's Address
	Mark Nottingham		Mark Nottingham
	Fastly		Fastly
	Prahran VIC		Prahran
	Australia		Australia
	Email: mnot@mnot.net		Email: mnot@mnot.net
	URI: https://www.mnot.net/		URI: https://www.mnot.net/
End of changes. 82 change blocks.
	240 lines changed or deleted		209 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/