HTTP (httpbis) Internet Drafts

      
 Cookies: HTTP State Management Mechanism
 
 draft-ietf-httpbis-rfc6265bis-21.txt
 Date: 24/09/2025
 Authors: Steven Bingler, Mike West, John Wilander
 Working Group: HTTP (httpbis)
 This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265.
 The HTTP QUERY Method
 
 draft-ietf-httpbis-safe-method-w-body-12.txt
 Date: 29/09/2025
 Authors: Julian Reschke, James Snell, Mike Bishop
 Working Group: HTTP (httpbis)
 This specification defines the QUERY method for HTTP. A QUERY requests that the request target process the enclosed content in a safe/idempotent manner and then respond with the result of that processing. This is similar to POST requests but can be automatically repeated or restarted without concern for partial state changes.
 Resumable Uploads for HTTP
 
 draft-ietf-httpbis-resumable-upload-09.txt
 Date: 04/06/2025
 Authors: Marius Kleidl, Guoye Zhang, Lucas Pardue
 Working Group: HTTP (httpbis)
 Data transfer using the Hypertext Transfer Protocol (HTTP) is often interrupted by canceled requests or dropped connections. If the intended recipient can indicate how much of the data was received prior to interruption, a sender can resume data transfer at that point instead of attempting to transfer all of the data again. HTTP range requests support this concept of resumable downloads from server to client. This document describes a mechanism that supports resumable uploads from client to server using HTTP.
 Template-Driven HTTP CONNECT Proxying for TCP
 
 draft-ietf-httpbis-connect-tcp-09.txt
 Date: 30/06/2025
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
 TCP proxying using HTTP CONNECT has long been part of the core HTTP specification. However, this proxying functionality has several important deficiencies in modern HTTP environments. This specification defines an alternative HTTP proxy service configuration for TCP connections. This configuration is described by a URI Template, similar to the CONNECT-UDP and CONNECT-IP protocols.
 HTTP Cache Groups
 
 draft-ietf-httpbis-cache-groups-07.txt
 Date: 16/05/2025
 Authors: Mark Nottingham
 Working Group: HTTP (httpbis)
 This specification introduces a means of describing the relationships between stored responses in HTTP caches, "grouping" them by associating a stored response with one or more strings.
 Security Considerations for Optimistic Protocol Transitions in HTTP/1.1
 
 draft-ietf-httpbis-optimistic-upgrade-06.txt
 Date: 18/09/2025
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
 In HTTP/1.1, the client can request a change to a new protocol on the existing connection. This document discusses the security considerations that apply to data sent by the client before this request is confirmed, and adds new requirements to RFC 9112 and RFC 9298 to avoid related security issues.
 The No-Vary-Search HTTP Response Header Field
 
 draft-ietf-httpbis-no-vary-search-03.txt
 Date: 28/09/2025
 Authors: Domenic Denicola, Jeremy Roman
 Working Group: HTTP (httpbis)
 This specification defines a proposed HTTP response header field for changing how URL search parameters impact caching.
 The HTTP Wrap Up Capsule
 
 draft-ietf-httpbis-wrap-up-01.txt
 Date: 07/07/2025
 Authors: David Schinazi, Lucas Pardue
 Working Group: HTTP (httpbis)
 HTTP intermediaries sometimes need to terminate long-lived request streams in order to facilitate load balancing or impose data limits. However, Web browsers commonly cannot retry failed proxied requests when they cannot ascertain whether an in-progress request was acted on. To avoid user-visible failures, it is best for the intermediary to inform the client of upcoming request stream terminations in advance of the actual termination so that the client can wrap up existing operations related to that stream and start sending new work to a different stream or connection. This document specifies a new "WRAP_UP" capsule that allows a proxy to instruct a client that it should not start new requests on a tunneled connection, while still allowing it to finish existing requests.
 Incremental HTTP Messages
 
 draft-ietf-httpbis-incremental-01.txt
 Date: 25/09/2025
 Authors: Kazuho Oku, Tommy Pauly, Martin Thomson
 Working Group: HTTP (httpbis)
 This document specifies the "Incremental" HTTP header field, which instructs HTTP intermediaries to forward the HTTP message incrementally.
 Cookies: HTTP State Management Mechanism
 
 draft-ietf-httpbis-layered-cookies-00.txt
 Date: 14/05/2025
 Authors: Anne van Kesteren, Johann Hofmann
 Working Group: HTTP (httpbis)
 This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265 and 6265bis.
 HTTP Unencoded Digest
 
 draft-ietf-httpbis-unencoded-digest-01.txt
 Date: 22/07/2025
 Authors: Lucas Pardue, Mike West
 Working Group: HTTP (httpbis)
 The Repr-Digest and Content-Digest integrity fields are subject to HTTP content coding considerations. There are some use cases that benefit from the unambiguous exchange of integrity digests of unencoded representation. The Unencoded-Digest and Want-Unencoded- Digest fields complement existing integrity fields for this purpose.

data-group-menu-data-url="/group/groupmenu.json">

HTTP (httpbis)

WG Name HTTP
Acronym httpbis
Area Web and Internet Transport (wit)
State Active
Charter charter-ietf-httpbis-09 Approved
Document dependencies
Additional resources Zulip stream
alternate list archives
home page
repositories
Personnel Chairs Mark Nottingham, Tommy Pauly
Area Director Mike Bishop
Mailing list Address ietf-http-wg@w3.org
To subscribe ietf-http-wg-request@w3.org
Archive http://lists.w3.org/Archives/Public/ietf-http-wg/
Chat Room address https://zulip.ietf.org/#narrow/stream/httpbis

Charter for Working Group

Hypertext Transfer Protocol (HTTP) is an Internet Standard defined in STD 97 / RFC 9110, with caching behavior in RFC 9111. HTTP semantics are used in multiple versions, which are mappings to various transports:

Together, these make up the core specifications of HTTP.

This Working Group is charged with maintaining and developing the core specifications for HTTP and generic extensions to it (i.e., those that are not specific to one application).

Beyond specification work, the Working Group is a forum for implementers, practitioners, and researchers to discuss the protocol, its operation and evolution, to improve interoperability and ecosystem health.

Work Mode

The Working Group may define extensions and other documents related to HTTP as work items, provided that they are generic; i.e., not specific to one application using HTTP. (Note that Web browsing by definition is a generic use.) The Working Group may also make updates to the core HTTP specifications and existing extensions to clarify existing functionality or address security issues. These documents may be published as Informational, Experimental, BCP, or Standards Track at the discretion of the working group.

New extension points, new functionality outside an existing extension point, and new HTTP versions are not in scope without a recharter.

Work that may need substantial input from other areas (e.g., Security) or other standards bodies (W3C, etc.) should be coordinated through the appropriate bodies (such as the responsible Area Director or a general / 'dispatch' group).

Milestones

Order Milestone Associated documents
Last Submit Secondary Server Certs draft-ietf-httpbis-secondary-server-certs
Submit Resumable Uploads draft-ietf-httpbis-resumable-upload
Submit Compression Dictionaries rfc9842 (was draft-ietf-httpbis-compression-dictionary)
Submit Unprompted Auth rfc9729 (was draft-ietf-httpbis-unprompted-auth)
Submit Cache Groups draft-ietf-httpbis-cache-groups
Submit Client-Cert Header rfc9440 (was draft-ietf-httpbis-client-cert-field)
Submit The HTTP QUERY Method draft-ietf-httpbis-safe-method-w-body
Submit Retrofit Structured Fields draft-ietf-httpbis-retrofit
Next Submit RFC6265bis (Cookies) draft-ietf-httpbis-rfc6265bis