HTTP (httpbis) Internet Drafts

 Cookies: HTTP State Management Mechanism
 Date: 21/07/2024
 Authors: Steven Bingler, Mike West, John Wilander
 Working Group: HTTP (httpbis)
This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265.
 Resumable Uploads for HTTP
 Date: 08/07/2024
 Authors: Marius Kleidl, Guoye Zhang, Lucas Pardue
 Working Group: HTTP (httpbis)
HTTP clients often encounter interrupted data transfers as a result of canceled requests or dropped connections. Prior to interruption, part of a representation may have been exchanged. To complete the data transfer of the entire representation, it is often desirable to issue subsequent requests that transfer only the remainder of the representation. HTTP range requests support this concept of resumable downloads from server to client. This document describes a mechanism that supports resumable uploads from client to server using HTTP.
 Structured Field Values for HTTP
 Date: 21/04/2024
 Authors: Mark Nottingham, Poul-Henning Kamp
 Working Group: HTTP (httpbis)
This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values. This document obsoletes RFC 8941.
 The Concealed HTTP Authentication Scheme
 Date: 05/07/2024
 Authors: David Schinazi, David Oliver, Jonathan Hoyland
 Working Group: HTTP (httpbis)
Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed. At the time of writing, there was no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document proposes a new non-probeable cryptographic authentication scheme.
 Template-Driven HTTP CONNECT Proxying for TCP
 Date: 01/07/2024
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
TCP proxying using HTTP CONNECT has long been part of the core HTTP specification. However, this proxying functionality has several important deficiencies in modern HTTP environments. This specification defines an alternative HTTP proxy service configuration for TCP connections. This configuration is described by a URI Template, similar to the CONNECT-UDP and CONNECT-IP protocols.
 Compression Dictionary Transport
 Date: 05/07/2024
 Authors: Patrick Meenan, Yoav Weiss
 Working Group: HTTP (httpbis)
This specification defines a mechanism for using designated HTTP responses as an external dictionary for future HTTP responses for compression schemes that support using external dictionaries (e.g., Brotli (RFC 7932) and Zstandard (RFC 8878)).
 HTTP Cache Groups
 Date: 17/06/2024
 Authors: Mark Nottingham
 Working Group: HTTP (httpbis)
This specification introduces a means of describing the relationships between stored responses in HTTP caches, "grouping" them by associating a stored response with one or more opaque strings.
 Secondary Certificate Authentication of HTTP Servers
 Date: 11/04/2024
 Authors: Eric Gorbaty, Mike Bishop
 Working Group: HTTP (httpbis)
This document defines a way for HTTP/2 and HTTP/3 servers to send additional certificate-based credentials after a TLS connection is established, based on TLS Exported Authenticators.
 Window Sizing for Zstandard Content Encoding
 Date: 11/06/2024
 Authors: Nidhi Jaju, W. Handte
 Working Group: HTTP (httpbis)
Deployments of Zstandard, or "zstd", can use different window sizes to limit memory usage during compression and decompression. Some browsers and user agents limit window sizes to mitigate memory usage concerns, causing interoperability issues. This document updates the window size limit in RFC8878 from a recommendation to a requirement in HTTP contexts.
 Security Considerations for Optimistic Use of HTTP Upgrade
 Date: 02/07/2024
 Authors: Benjamin Schwartz
 Working Group: HTTP (httpbis)
The HTTP/1.1 Upgrade mechanism allows the client to request a change to a new protocol. This document discusses the security considerations that apply to data sent by the client before this request is confirmed, and updates RFC 9298 to avoid related security issues.

data-group-menu-data-url="/group/groupmenu.json"> Skip to main content

HTTP (httpbis)

Acronym httpbis
Area Web and Internet Transport (wit)
State Active
Charter charter-ietf-httpbis-08 Approved
Document dependencies
Additional resources Zulip stream
alternate list archives
home page
Personnel Chairs Mark Nottingham, Tommy Pauly
Area Director Francesca Palombini
Mailing list Address
To subscribe
Chat Room address

Charter for Working Group

This Working Group is charged with maintaining and developing the "core" specifications for HTTP, and generic extensions to it (i.e., those that are not specific to one application).

Its current work items are:

HTTP/1.1 Revision

After the revision of the core HTTP document set in the RFC723x series, the Working Group published HTTP/2, which defines an alternative mapping of HTTP's semantics to TCP, and introduced new capabilities, like Server Push.

Additionally, several ambiguities, interoperability issues and errata have been identified since their publication.

The Working Group will revise the "core" HTTP document set (RFC 7230-RFC 7235) to:

  • Incorporate errata

  • Address ambiguities

  • Fix editorial problems which have led to misunderstandings of the specification

  • Clarify conformance requirements

  • Remove known ambiguities where they affect interoperability

  • Clarify existing methods of extensibility

  • Remove or deprecate those features that are not widely implemented and also unduly affect interoperability

  • Where necessary, add implementation advice

In doing so, it should consider:

  • Implementer experience

  • Demonstrated use of HTTP

  • Impact on existing implementations and deployments


Upon request from the QUIC Working Group, the HTTPBIS Working Group will review the QUIC Working Group's documents regarding the use of HTTP over the transport protocol they define, providing feedback and collaborating where necessary.

Once the QUIC Working Group publishes the expression of HTTP semantics in QUIC (HTTP/3), the HTTPBIS Working Group will maintain and develop extensions for HTTP/3 as necessary. This includes ancillary specifications (e.g. QPACK).

Other HTTP-Related Work

The Working Group may define extensions and other documents related to HTTP as work items, provided that:

  • They are generic; i.e., not specific to one application using HTTP. Note that Web browsing by definition is a generic use.

  • The Working Group Chairs judge that there is consensus to take on the item and believe that it will not interfere with the work described above, and

  • The Area Director approves the addition and add corresponding milestones.


Order Milestone Associated documents
Last Submit Secondary Server Certs draft-ietf-httpbis-secondary-server-certs
Submit Resumable Uploads draft-ietf-httpbis-resumable-upload
Submit Compression Dictionaries draft-ietf-httpbis-compression-dictionary
Submit Unprompted Auth draft-ietf-httpbis-unprompted-auth
Submit Cache Groups draft-ietf-httpbis-cache-groups
Submit Client-Cert Header draft-ietf-httpbis-client-cert-field
Submit The HTTP QUERY Method draft-ietf-httpbis-safe-method-w-body
Submit Retrofit Structured Fields draft-ietf-httpbis-retrofit
Next Submit RFC6265bis (Cookies) draft-ietf-httpbis-rfc6265bis

Done milestones

Order Milestone Associated documents
Done Submit HTTP Message Signatures draft-ietf-httpbis-message-signatures
Done Submit ORIGIN in HTTP/3 draft-ietf-httpbis-origin-h3
Done Submit Binary Representation of HTTP Messages draft-ietf-httpbis-binary-message
Done Submit Digest Headers draft-ietf-httpbis-digest-headers
Done Submit Proxy-Status Header draft-ietf-httpbis-proxy-status
Done Submit Cache-Status Header draft-ietf-httpbis-cache-header
Done Submit Building Protocols with HTTP (BCP56bis) draft-ietf-httpbis-bcp56bis
Done Submit Structured Headers draft-ietf-httpbis-header-structure
Done Submit Client Hints draft-ietf-httpbis-client-hints
Done Submit the "core" HTTP documents for consideration as Internet Standards draft-ietf-httpbis-semantics

Parked milestones

Order Milestone Associated documents
Parked Submit HTTP Alternative Services draft-ietf-httpbis-rfc7838bis
Parked Submit HTTP Representation Variants draft-ietf-httpbis-variants