| Independent Submission | K. Murchison |
| Internet-Draft | Carnegie Mellon University |
| Intended status: Standards Track | November 12, 2015 |
| Expires: May 15, 2016 |
Network News Transfer Protocol (NNTP) Extension for Compression
draft-murchison-nntp-compress-02
This memo defines an extension to the Network News Transport Protocol (NNTP) to allow a connection to be effectively and efficiently compressed.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 15, 2016.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The goal of COMPRESS is to reduce the bandwidth usage of NNTP.
Compared to PPP compression [RFC1962] and modem-based compression ([MNP] and [V42bis]), COMPRESS offers greater compression efficiency. COMPRESS can be used together with Transport Layer Security (TLS) [RFC5246], Simple Authentication and Security Layer (SASL) encryption [RFC4422], Virtual Private Networks (VPNs), etc.
Compared to TLS-level compression [RFC3749], NNTP COMPRESS has the following advantages:
Also note that best current practice is to disable TLS-level compression [RFC7525].
In order to increase interoperability, it is desirable to have as few different compression algorithms as possible, so this document specifies only one. The DEFLATE algorithm (defined in [RFC1951]) is standard, widely available and fairly efficient, and MUST be implemented as part of this extension.
The notational conventions used in this document are the same as those in [RFC3977] and any term not defined in this document has the same meaning as in that one.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
In the examples, commands from the client are indicated with [C], and responses from the server are indicated with [S].
The COMPRESS extension is used to enable data compression on an NNTP connection.
This extension provides a new COMPRESS command and has capability label COMPRESS.
A server supporting the COMPRESS command as defined in this document will advertise the "COMPRESS" capability label in response to the CAPABILITIES command ([RFC3977] Section 5.2). This capability MAY be advertised both before and after any use of the MODE READER command ([RFC3977] Section 5.3), with the same semantics.
The COMPRESS capability label contains a whitespace-separated list of available compression algorithms. This document defines one compression algorithm: DEFLATE. This algorithm is mandatory to implement and MUST be supported in order to advertise the COMPRESS extension.
Future extensions may add additional compression algorithms to this capability. Unrecognized algorithms MUST be ignored by the client.
Example:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] IHAVE [S] COMPRESS DEFLATE X-SHRINK [S] LIST ACTIVE NEWSGROUPS [S] .
This command MUST NOT be pipelined.
Syntax
COMPRESS algorithm
Responses
206 Compression active
403 Unable to activate compression
502 Command unavailable [1]
[1] If a compression layer is already active, COMPRESS is not a valid
command (see Section 2.2.2).
Parameters
algorithm = Name of compression algorithm: "DEFLATE"
The COMPRESS command instructs the server to use the named compression algorithm ("DEFLATE" is the only one defined in this document) for all commands and/or responses after COMPRESS.
The client MUST NOT send any further commands until it has seen the result of COMPRESS.
If the requested compression algorithm is invalid (e.g., is not supported), the server MUST reject the COMPRESS command with a 503 response ([RFC3977] Section 3.2.1). If the server is unable to activate compression for any reason (e.g., a server configuration or resource problem), the server MUST reject the COMPRESS command with a 403 response ([RFC3977] Section 3.2.1). Otherwise, the server issues a 206 response and the compression layer takes effect for both client and server immediately following the CRLF of the success reply.
Both the client and the server MUST know if there is a compression layer active. A client MUST NOT attempt to activate compression (via either the COMPRESS or STARTTLS [RFC4642] commands) if a compression layer is already active. A server MUST NOT return the COMPRESS or STARTTLS capability labels in response to a CAPABILITIES command received after a compression layer is active, and a server MUST reply with a 502 response code if a syntactically valid COMPRESS or STARTTLS command is received while a compression layer is already active.
In order help mitigate leaking authentication credentials via a CRIME attack [CRIME], a server SHOULD NOT return any arguments with the AUTHINFO capability label in response to a CAPABILTIES command received after a compression layer is active. In this case, a client SHOULD NOT attempt to utilize any AUTHINFO commands.
For DEFLATE [RFC1951] (as for many other compression mechanisms), the compressor can trade speed against quality. The decompressor MUST automatically adjust to the parameters selected by the sender. Consequently, the client and server are both free to pick the best reasonable rate of compression for the data they send.
When COMPRESS is combined with TLS [RFC5246] or SASL [RFC4422] security layers, the processing order of the three layers MUST be first COMPRESS, then SASL, and finally TLS. That is, before data is transmitted it is first compressed. Second, if a SASL security layer has been negotiated, the compressed data is then signed and/or encrypted accordingly. Third, if a TLS security layer has been negotiated, the data from the previous step is signed and/or encrypted accordingly. When receiving data, the processing order MUST be reversed. This ensures that before sending, data is compressed before it is encrypted, independent of the order in which the client issues the COMPRESS, AUTHINFO SASL [RFC4643], and STARTTLS [RFC4642] commands.
Example of layering TLS and NNTP compression:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] STARTTLS [S] AUTHINFO [S] COMPRESS DEFLATE [S] . [C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation without compression occurs here] [Following successful negotiation, all traffic is encrypted] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] AUTHINFO USER [S] COMPRESS DEFLATE [S] . [C] AUTHINFO USER fred [S] 381 Enter passphrase [C] AUTHINFO PASS flintstone [S] 281 Authentication accepted [C] COMPRESS DEFLATE [S] 206 Compression active [From this point on, all traffic is compresssed before being encrypted]
Example of a server failing to activate compression:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] COMPRESS DEFLATE [S] . [C] COMPRESS DEFLATE [S] 403 Unable to activate compression
Example of attempting to use an unsupported compression algorithm:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] COMPRESS DEFLATE [S] . [C] COMPRESS X-SHRINK [S] 503 Compression algorithm not supported
Examples of a server refusing to compress twice:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] STARTTLS [S] COMPRESS DEFLATE [S] . [C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation with compression occurs here] [Following successful negotiation, all traffic is protected by TLS] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] . [C] COMPRESS DEFLATE [S] 502 Compression already active via TLS
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] STARTTLS [S] COMPRESS DEFLATE [S] . [C] COMPRESS DEFLATE [S] 206 Compression active [From this point on, all traffic is compresssed] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] IHAVE [S] . [C] STARTTLS [S] 502 DEFLATE compression already active
Example of a server not advertising AUTHINFO mechanisms after compression has been activated:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] AUTHINFO USER [S] COMPRESS DEFLATE [S] . [C] COMPRESS DEFLATE [S] 206 Compression active [From this point on, all traffic is compresssed] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] AUTHINFO [S] .
This section is informative, not normative.
NNTP poses some unusual problems for a compression layer.
Upstream traffic is fairly simple. Most NNTP clients send the same few commands again and again, so any compression algorithm that can exploit repetition works efficiently. The article posting and transfer commands (e.g., POST, IHAVE, and TAKETHIS [RFC4644]) are exceptions; clients that send many article posting or transfer commands may want to surround large multi-line data blocks with flushes in the same way as is recommended for servers later in this section.
Downstream traffic has the unusual property that several kinds of data are sent, confusing all dictionary-based compression algorithms.
One type is NNTP simple responses and NNTP multi-line responses not related to article header/body retrieval (e.g, CAPABILITIES, GROUP, LISTGROUP, LAST, NEXT, STAT, DATE, NEWNEWS, NEWGROUPS, LIST, CHECK [RFC4644], etc). These are highly compressible; zlib using its least CPU-intensive setting compresses typical responses to 25-40% of their original size.
Another type is article headers (as retrieved via the HEAD, HDR, OVER, or ARTICLE commands). These are equally compressible, and benefit from using the same dictionary as the NNTP responses.
A third type is article body text (as retrieved via the BODY or ARTICLE commands). Text is usually fairly short and includes much ASCII, so the same compression dictionary will do a good job here, too. When multiple messages in the same thread are read at the same time, quoted lines, etc. can often be compressed almost to zero.
Finally, attachments (non-text article bodies retrieved via the BODY and ARTICLE commands) are transmitted in encoded form, usually Base64 [RFC4648], UUencode [IEEE.1003-2.1992], or yEnc [yEnc].
When attachments are retrieved, DEFLATE may be able to compress them, but the format of the attachment's encoding is usually not NNTP-like, so the dictionary built while compressing NNTP does not help. The compressor has to adapt its dictionary from NNTP to the attachment's encoding format, and then back.
When attachments are retrieved in Base64 or UUencode form, these encodings add another problem. 8-bit compression algorithms such as DEFLATE work well on 8-bit file formats, however both Base64 and UUencode transform a file into something resembling 6-bit bytes, hiding most of the 8-bit file format from the compressor.
When using the zlib library (see [RFC1951]), the functions deflateInit2(), deflate(), inflateInit2(), and inflate() suffice to implement this extension. The windowBits value must be in the range -8 to -15 for deflateInit2(), or else it will use the wrong format. The windowBits value should be -15 for inflateInit2(), or else it will not be able to decompress a stream with a larger window size. deflateParams() can be used to improve compression rate and resource use. The Z_FULL_FLUSH argument to deflate() can be used to clear the dictionary (the receiving peer does not need to do anything).
A server can improve downstream compression if it hints to the compressor that the data type is about to change strongly, e.g., by sending a Z_FULL_FLUSH at the start and end of large non-text multi-line data blocks (before and after 'content-lines' in the definition of 'multi-line-data-block' in [RFC3977] Section 9.8). Small multi-line data blocks are best left alone. A possible boundary is 5kB.
This section describes the syntax of the COMPRESS extension using ABNF [RFC7405] [RFC5234]. It extends the syntax in Section 9 of [RFC3977], and non-terminals not defined in this document are defined there. The [RFC3977] ABNF should be imported first before attempting to validate these rules.
This syntax extends the non-terminal "command", which represents an NNTP command.
command =/ compress-command compress-command = "COMPRESS" WS algorithm
This syntax extends the non-terminal "capability-entry", which represents a capability that may be advertised by the server.
capability-entry =/ compress-capability compress-capability = "COMPRESS" 1*(WS algorithm)
algorithm = %s"DEFLATE" / 1*20alg-char ; case-sensitive alg-char = UPPER / DIGIT / "-" / "_"
This section contains a list of each new response code defined in this document and indicates whether it is multi-line, which commands can generate it, what arguments it has, and what its meaning is.
Response code 206 Generated by: COMPRESS Meaning: Compression layer activated
TODO
The NNTP Compression Algorithm registry will be maintained by IANA. The registry will be available at <http://www.iana.org/assignments/nntp-compression-algorithms>.
The purpose of this registry is not only to ensure uniqueness of values used to name NNTP compression algorithms, but also to provide a definitive reference to technical specifications detailing each NNTP compression algorithm available for use on the Internet.
There is no naming convention for NNTP compression algorithms; any name that conforms to the syntax of a NNTP compression algorithm name can be registered.
The procedure detailed in Section 7.1.1 is to be used for registration of a value naming a specific individual mechanism.
Comments may be included in the registry as discussed in Section 7.1.2 and may be changed as discussed in Section 7.1.3.
IANA will register new NNTP compression algorithm names on a First Come First Served basis, as defined in BCP 26 [RFC5226]. IANA has the right to reject obviously bogus registration requests, but will perform no review of claims made in the registration form.
Registration of an NNTP compression algorithm is requested by filling in the following template and sending it via electronic mail to IANA at <iana@iana.org>:
Subject: Registration of NNTP compression algorithm X
NNTP compression algorithm name:
Security considerations:
Published specification (recommended):
Contact for further information:
Intended usage: (One of COMMON, LIMITED USE, or OBSOLETE)
Owner/Change controller:
Note: (Any other information that the author deems relevant may be
added here.)
While this registration procedure does not require expert review, authors of NNTP compression algorithms are encouraged to seek community review and comment whenever that is feasible. Authors may seek community review by posting a specification of their proposed mechanism as an Internet-Draft. NNTP compression algorithms intended for widespread use should be standardized through the normal IETF process, when appropriate.
Comments on a registered NNTP compression algorithm should first be sent to the "owner" of the algorithm and/or to the <ietf-nntp@lists.eyrie.org> mailing list.
Submitters of comments may, after a reasonable attempt to contact the owner, request IANA to attach their comment to the NNTP compression algorithm registration itself by sending mail to <iana@iana.org>. At IANA's sole discretion, IANA may attach the comment to the NNTP compression algorithm's registration.
Once an NNTP compression algorithm registration has been published by IANA, the author may request a change to its definition. The change request follows the same procedure as the registration request.
The owner of an NNTP compression algorithm may pass responsibility for the algorithm to another person or agency by informing IANA; this can be done without discussion or review.
The IESG may reassign responsibility for an NNTP compression algorithm. The most common case of this will be to enable changes to be made to algorithms where the author of the registration has died, has moved out of contact, or is otherwise unable to make changes that are important to the community.
NNTP compression algorithm registrations may not be deleted; algorithms that are no longer believed appropriate for use can be declared OBSOLETE by a change to their "intended usage" field; such algorithms will be clearly marked in the lists published by IANA.
The IESG is considered to be the owner of all NNTP compression algorithms that are on the IETF standards track.
This section gives a formal definition of the DEFLATE compression algorithm as required by Section 7.1.1 for the IANA registry.
NNTP compression algorithm name: DEFLATE
Security considerations: See Section 6 of this document
Published specification: This document
Contact for further information: Author of this document
Intended usage: COMMON
Owner/Change controller: IESG <iesg@ietf.org>.
Note: This algorithm is mandatory to implement
This section gives a formal definition of the COMPRESS extension as required by Section 3.3.3 of [RFC3977] for the IANA registry.
| [RFC1951] | Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, DOI 10.17487/RFC1951, May 1996. |
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
| [RFC3977] | Feather, C., "Network News Transfer Protocol (NNTP)", RFC 3977, DOI 10.17487/RFC3977, October 2006. |
| [RFC4642] | Murchison, K., Vinocur, J. and C. Newman, "Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)", RFC 4642, DOI 10.17487/RFC4642, October 2006. |
| [RFC5226] | Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008. |
| [RFC5234] | Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008. |
| [RFC7405] | Kyzivat, P., "Case-Sensitive String Support in ABNF", RFC 7405, DOI 10.17487/RFC7405, December 2014. |
This document draws heavily on ideas in [RFC4978] by Arnt Gulbrandsen and a large portion of this text was borrowed from that specification.
The author would like to thank the following individuals for contributing their ideas and support for writing this specification: Russ Allbery, Michael Bäuerle, and Julien ÉLIE,