-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-murchison-nntp-compress.xml
1214 lines (1010 loc) · 45.9 KB
/
draft-murchison-nntp-compress.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="US-ASCII" ?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc1951 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1951.xml'>
<!ENTITY rfc1962 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1962.xml'>
<!ENTITY rfc2119 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc3749 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3749.xml'>
<!ENTITY rfc3977 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3977.xml'>
<!ENTITY rfc4422 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4422.xml'>
<!ENTITY rfc4642 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4642.xml'>
<!ENTITY rfc4643 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4643.xml'>
<!ENTITY rfc4644 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4644.xml'>
<!ENTITY rfc4648 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4648.xml'>
<!ENTITY rfc4978 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4978.xml'>
<!ENTITY rfc5226 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5226.xml'>
<!ENTITY rfc5234 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5234.xml'>
<!ENTITY rfc5246 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5246.xml'>
<!ENTITY rfc7405 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7405.xml'>
<!ENTITY rfc7457 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7457.xml'>
<!ENTITY rfc7525 PUBLIC ''
'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7525.xml'>
]>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<!--
<rfc category="std" ipr="trust200902"
docName="draft-murchison-nntp-compress-06">
-->
<rfc number="8054" category="std" ipr="trust200902"
submissionType="IETF" consensus="yes">
<front>
<title abbrev="NNTP Extension for Compression">
Network News Transfer Protocol (NNTP) Extension for Compression
</title>
<author initials="K." surname="Murchison" fullname="Kenneth Murchison">
<organization>Carnegie Mellon University</organization>
<address>
<postal>
<street>5000 Forbes Avenue</street>
<city>Pittsburgh</city> <region>PA</region>
<code>15213</code> <country>United States of America</country>
</postal>
<phone>+1 412 268 1982</phone>
<email>[email protected]</email>
</address>
</author>
<author initials="J." surname="Élie" fullname="Julien Élie">
<organization/>
<address>
<postal>
<street>10 allée Clovis</street>
<code>93160</code>
<city>Noisy-le-Grand</city>
<country>France</country>
</postal>
<email>[email protected]</email>
<uri>http://www.trigofacile.com/</uri>
</address>
</author>
<date month="January" year="2017"/>
<!--
<area>Applications</area>
<workgroup>Independent Submission</workgroup>
-->
<keyword>NNTP</keyword>
<keyword>Usenet</keyword>
<keyword>NetNews</keyword>
<keyword>COMPRESS</keyword>
<keyword>DEFLATE</keyword>
<keyword>compression</keyword>
<abstract>
<t>This document defines an extension to the Network News Transport
Protocol (NNTP) that allows a connection to be effectively and
efficiently compressed between an NNTP client and server.</t>
</abstract>
</front>
<middle>
<section title="Introduction" anchor="intro">
<t>The goal of COMPRESS is to reduce the bandwidth usage of NNTP.</t>
<t>Compared to PPP compression <xref target="RFC1962"/> and
modem-based compression (<xref target="MNP"/> and
<xref target="V42bis"/>), COMPRESS offers greater compression
efficiency. COMPRESS can be used together with Transport Layer
Security (TLS) <xref target="RFC5246"/>, Simple Authentication and
Security Layer (SASL) encryption <xref target="RFC4422"/>, Virtual
Private Networks (VPNs), etc.</t>
<t>The point of COMPRESS as an NNTP extension is to act as a compression
layer, similar to a security layer like the one negotiated by STARTTLS
<xref target="RFC4642"/>. Therefore, compression can be beneficial to
all NNTP commands sent or received after the use of COMPRESS. This
facility responds to a long-standing need for NNTP to compress data.
It is currently addressed only partially by unstandardized commands
like XZVER, XZHDR, XFEATURE COMPRESS, or MODE COMPRESS. Yet, these
commands are not wholly satisfactory because they enable compression
only for the responses sent by the news server. In comparison,
the COMPRESS command permits the compression of data sent by both
the client and the server, and removes the constraint of having to
implement compression separately in each NNTP command. Besides, the
compression level can be dynamically adjusted and optimized at any
time during the connection, which even allows disabling compression
for certain commands, if needed. If the news client wants to stop
compression on a particular connection, it can simply use QUIT (<xref
target="RFC3977"/>, Section 5.4) and establish a new connection.
For these reasons, using other NNTP commands than COMPRESS to enable
compression is discouraged once COMPRESS is supported.</t>
<t>In order to increase interoperability, it is desirable to have as
few different compression algorithms as possible, so this document
specifies only one. The DEFLATE algorithm (defined in <xref
target="RFC1951"/>) MUST be implemented as part of this extension.
This compression algorithm is standard, widely available, and fairly
efficient.</t>
<t>This specification should be read in conjunction with the NNTP
base specification <xref target="RFC3977"/>. In the case of a
conflict between these two documents, <xref target="RFC3977"/>
takes precedence.</t>
<section title="About TLS-Level Compression" anchor="tlslevel">
<t>Though lossless data compression is already possible via the use of
TLS with NNTP <xref target="RFC4642"/>, the best current practice
is to disable TLS-level compression as explained in Section 3.3 of
<xref target="RFC7525"/>. The COMPRESS command will permit keeping
the compression facility in NNTP, and control when it is available
during a connection.</t>
<t>Compared to TLS-level compression
<xref target="RFC3749"/>, NNTP COMPRESS has the following
advantages:
<list style="symbols">
<t>COMPRESS can be implemented easily both by NNTP servers and
clients.</t>
<t>COMPRESS benefits from an intimate knowledge of the NNTP
protocol's state machine, allowing for dynamic and aggressive
optimization of the underlying compression algorithm's
parameters.</t>
<t>COMPRESS can be activated after authentication has completed, thus
reducing the chances that authentication credentials can be leaked via,
for instance, a CRIME attack (<xref target="RFC7457"/>, Section 2.6).</t>
</list></t>
</section> <!-- tlslevel -->
<section title="Conventions Used in This Document" anchor="conventions">
<t>The notational conventions used in this document are the same as
those in <xref target="RFC3977"/>, and any term not defined in this
document has the same meaning as it does in that one.</t>
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
<xref target="RFC2119"/>.</t>
<t>In the examples, commands from the client are indicated with [C], and
responses from the server are indicated with [S]. The client is the
initiator of the NNTP connection; the server is the other endpoint.</t>
</section> <!-- conventions -->
</section> <!-- intro -->
<section title="The COMPRESS Extension" anchor="compressext">
<t>The COMPRESS extension is used to enable lossless data compression
on an NNTP connection.</t>
<t>This extension provides a new COMPRESS command and has the capability
label COMPRESS.</t>
<section title="Advertising the COMPRESS Extension" anchor="advertising">
<t>A server supporting the COMPRESS command as defined in this document
will advertise the "COMPRESS" capability label in response to the
CAPABILITIES command (<xref target="RFC3977"/>, Section 5.2). However,
this capability MUST NOT be advertised once a compression layer is
active (see <xref target="description"/>). This capability MAY be
advertised both before and after any use of the MODE READER command
(<xref target="RFC3977"/>, Section 5.3), with the same semantics.</t>
<t>The COMPRESS capability label contains a whitespace-separated
list of available compression algorithms. This document defines
one compression algorithm: DEFLATE. This algorithm is mandatory to
implement; it MUST be supported and listed in the advertisement of
the COMPRESS extension.</t>
<t>Future extensions may add additional compression algorithms to this
capability. Unrecognized algorithms MUST be ignored by the
client.</t>
<t>Example:</t>
<figure>
<artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] IHAVE
[S] COMPRESS DEFLATE SHRINK
[S] LIST ACTIVE NEWSGROUPS
[S] .
</artwork>
</figure>
<t>As the COMPRESS command is related to security because it can
weaken encryption, cached results of CAPABILITIES from a previous
session MUST NOT be relied on, as per Section 12.6 of <xref
target="RFC3977"/>.</t>
</section> <!-- advertising -->
<section title="COMPRESS Command" anchor="compresscmd">
<section title="Usage" anchor="usage">
<t>This command MUST NOT be pipelined.</t>
<figure>
<artwork>
Syntax
COMPRESS algorithm
Responses
206 Compression active
403 Unable to activate compression
502 Command unavailable [1]
[1] If a compression layer is already active, COMPRESS is not a valid
command (see Section 2.2.2).
Parameters
algorithm = Name of compression algorithm (e.g., "DEFLATE")
</artwork>
</figure>
</section> <!-- usage -->
<section title="Description" anchor="description">
<t>The COMPRESS command instructs the server to use the named
compression algorithm ("DEFLATE" is the only one defined in this
document) for all commands and responses after COMPRESS.</t>
<t>The client MUST NOT send any further commands until it has seen the
result of COMPRESS.</t>
<t>If the requested compression algorithm is syntactically incorrect,
the server MUST reject the COMPRESS command with a 501 response code
(<xref target="RFC3977"/>, Section 3.2.1). If the requested compression
algorithm is invalid (e.g., is not supported), the server MUST reject
the COMPRESS command with a 503 response code (<xref target="RFC3977"/>,
Section 3.2.1). If the server is unable to activate compression for
any reason (e.g., a server configuration or resource problem), the
server MUST reject the COMPRESS command with a 403 response code (<xref
target="RFC3977"/>, Section 3.2.1). Otherwise, in case no other generic
response code representing the situation applies, the server issues a 206
response code and the compression layer takes effect for both client
and server immediately following the CRLF of the success reply.</t>
<t>Additionally, the client MUST NOT issue a MODE READER command after
activating a compression layer, and a server MUST NOT advertise the
MODE-READER capability.</t>
<t>Both the client and the server MUST know if there is a compression
layer active (for instance, via the previous use of the COMPRESS
command or the negotiation of a TLS-level compression method <xref
target="RFC3749"/>). A client MUST NOT attempt to activate compression
(for instance, via the COMPRESS command) or negotiate a TLS security
layer (because STARTTLS <xref target="RFC4642"/> may activate
TLS-level compression) if a compression layer is already active.
A server MUST NOT return the COMPRESS or STARTTLS capability labels
in response to a CAPABILITIES command received after a compression
layer is active, and a server MUST reply with a 502 response code if
a syntactically valid COMPRESS or STARTTLS command is received while
a compression layer is already active.</t>
<t>In order to help mitigate leaking authentication credentials via,
for instance, a CRIME attack <xref target="CRIME"/>, authentication
MUST NOT be attempted after a successful use of the COMPRESS command.
Consequently, a server MUST either list the AUTHINFO capability with
no arguments or not advertise it at all, in response to a CAPABILITIES
command received from an unauthenticated client after a successful
use of the COMPRESS command, and such a client MUST NOT attempt to
utilize any AUTHINFO <xref target="RFC4643"/> commands. This implies
that a server MUST reply with a 502 response code if a syntactically
valid AUTHINFO command is received after a successful use of the
COMPRESS command. (Note that this specification does not change
the behavior of AUTHINFO as described in <xref target="RFC4643"/>
independently of TLS-level compression. Authentication is therefore
still allowed, even though TLS-level compression is active.)</t>
<t>For DEFLATE <xref target="RFC1951"/> (as for many other compression
algorithms), the sending compressor can trade speed against compression
ratio. The receiving decompressor MUST automatically adjust to the
parameters selected by the sender. Consequently, the client and server
are both free to pick the best reasonable rate of compression for the
data they send. Besides, all data that was submitted for compression
MUST be included in the compressed output, and appropriately flushed
so as to ensure that the receiving decompressor can completely
decompress it.</t>
<t>When COMPRESS is combined with TLS <xref target="RFC5246"/> or SASL
<xref target="RFC4422"/> security layers, the processing order of
the three layers MUST be first COMPRESS, then SASL, and finally TLS.
That is, before data is transmitted, it is first compressed. Second,
if a SASL security layer has been negotiated, the compressed data is
then signed and/or encrypted accordingly. Third, if a TLS security
layer has been negotiated, the data from the previous step is signed
and/or encrypted accordingly (with a possible additional TLS-level
compression). When receiving data, the processing order MUST
be reversed. This ensures that before sending, data is compressed
before it is encrypted.</t>
<t>When compression is active and either the client or the server
receives invalid or corrupted compressed data, the receiving end
immediately closes the connection, in response to which the sending
end will do the same.</t>
</section> <!-- description -->
<section title="Examples" anchor="examples">
<t>Example of layering a TLS security layer and NNTP compression:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] STARTTLS
[S] AUTHINFO
[S] COMPRESS DEFLATE
[S] LIST ACTIVE NEWSGROUPS
[S] .
[C] STARTTLS
[S] 382 Continue with TLS negotiation
[TLS negotiation without compression occurs here]
[Following successful negotiation, all traffic is encrypted]
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] AUTHINFO USER
[S] COMPRESS DEFLATE
[S] LIST ACTIVE NEWSGROUPS
[S] .
[C] AUTHINFO USER fred
[S] 381 Enter passphrase
[C] AUTHINFO PASS flintstone
[S] 281 Authentication accepted
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] POST
[S] COMPRESS DEFLATE
[S] LIST ACTIVE NEWSGROUPS
[S] .
[C] COMPRESS DEFLATE
[S] 206 Compression active
[Henceforth, all traffic is compressed before being encrypted]
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] POST
[S] LIST ACTIVE NEWSGROUPS
[S] .
</artwork></figure>
<t>Example of a server failing to activate compression:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] COMPRESS DEFLATE
[S] .
[C] COMPRESS DEFLATE
[S] 403 Unable to activate compression
</artwork></figure>
<t>Example of attempting to use an unsupported compression algorithm:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] COMPRESS DEFLATE
[S] .
[C] COMPRESS SHRINK
[S] 503 Compression algorithm not supported
</artwork></figure>
<t>Example of a server refusing to compress twice:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] STARTTLS
[S] COMPRESS DEFLATE
[S] .
[C] STARTTLS
[S] 382 Continue with TLS negotiation
[TLS negotiation with compression occurs here]
[Following successful negotiation, all traffic is encrypted]
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] .
[C] COMPRESS DEFLATE
[S] 502 Compression already active via TLS
</artwork></figure>
<t>Example of a server refusing to negotiate a TLS security layer after
compression has been activated:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] STARTTLS
[S] COMPRESS DEFLATE
[S] .
[C] COMPRESS DEFLATE
[S] 206 Compression active
[Henceforth, all traffic is compressed]
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] IHAVE
[S] .
[C] STARTTLS
[S] 502 DEFLATE compression already active
</artwork></figure>
<t>Example of a server not advertising AUTHINFO arguments after
compression has been activated:</t>
<figure><artwork>
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] AUTHINFO USER
[S] COMPRESS DEFLATE
[S] LIST ACTIVE NEWSGROUPS
[S] .
[C] COMPRESS DEFLATE
[S] 206 Compression active
[Henceforth, all traffic is compressed]
[C] CAPABILITIES
[S] 101 Capability list:
[S] VERSION 2
[S] READER
[S] AUTHINFO
[S] LIST ACTIVE NEWSGROUPS
[S] .
[C] AUTHINFO USER fred
[S] 502 DEFLATE compression already active
</artwork></figure>
</section> <!-- examples -->
</section> <!-- compresscmd -->
</section> <!-- compressext -->
<section title="Compression Efficiency" anchor="efficiency">
<t>This section is informative, not normative.</t>
<t>NNTP poses some unusual problems for a compression layer.</t>
<t>Upstream traffic is fairly simple. Most NNTP clients send the same
few commands again and again, so any compression algorithm that can
exploit repetition works efficiently. The article posting and transfer
commands (e.g., POST, IHAVE, and TAKETHIS <xref target="RFC4644"/>) are
exceptions; clients that send many article posting or transfer commands
may want to surround large multi-line data blocks with a dictionary
flush and/or, depending on the compression algorithm, a change of
compression level in the same way as is recommended for servers later
in this document (<xref target="deflatespecificities"/>).</t>
<t>Downstream traffic has the unusual property that several kinds of
data are sent, possibly confusing a dictionary-based compression
algorithm.</t>
<t>NNTP responses that are not related to article header/body retrieval
are one type. Compressing NNTP simple responses (e.g., in answer to
CHECK <xref target="RFC4644"/>, DATE, GROUP, LAST, NEXT, STAT, etc.)
generally does not save many bytes, unless repeated several times
in the same NNTP session. On the contrary, most of the NNTP multi-line
responses (e.g., in answer to LIST, LISTGROUP, NEWGROUPS, NEWNEWS,
etc.) are highly compressible; using its least CPU-intensive
setting, zlib compresses typical responses to 25-40% of their original
size.</t>
<t>Article headers (as retrieved, for instance, via the HEAD, HDR, OVER,
or ARTICLE commands) are another type. These are equally compressible,
and benefit from using the same dictionary as the NNTP responses.</t>
<t>A third type is article body text (as retrieved, for instance, via the
BODY or ARTICLE commands). Text is usually fairly short and includes
much ASCII, so the same compression dictionary will do a good job here,
too. When multiple messages in the same thread are read at the same
time, quoted lines, etc., can often be compressed almost to zero.</t>
<t>Finally, non-text article bodies or attachments (as retrieved,
for instance, via the BODY or ARTICLE commands) are transmitted in
encoded form, usually Base64 <xref target="RFC4648"/>, UUencode <xref
target="IEEE.1003.1-2008"/>, or yEnc <xref target="yEnc"/>.</t>
<t>When such non-text article bodies or attachments are retrieved, a
compression algorithm may be able to compress them, but the format
of their encoding is usually not NNTP-like, so the dictionary built
while compressing NNTP does not help much. The compressor has to
adapt its dictionary from NNTP to the attachment's encoding format,
and then back.</t>
<t>When attachments are retrieved in Base64 or UUencode form, the
Huffman coding usually compresses those to approximately only 75%
of their encoding size. 8-bit compression algorithms such
as DEFLATE work well on 8-bit file formats; however, both Base64
and UUencode transform a file into something resembling 6-bit bytes,
hiding most of the 8-bit file format from the compressor.</t>
<t>On the other end, attachments encoded using a compression algorithm
that retains the full 8-bit spectrum, like yEnc, are much more likely
to be incompressible.</t>
</section> <!-- efficiency -->
<section title="DEFLATE Specificities" anchor="deflatespecificities">
<t>When using the zlib library (see <xref target="RFC1951"/>), the
functions deflateInit2(), deflate(), inflateInit2(), and inflate()
suffice to implement this extension.</t>
<t>The windowBits value MUST be in the range -8 to -15 for
deflateInit2(), or else it will use the wrong format. The windowBits
value SHOULD be -15 for inflateInit2(), or else it will not be able
to decompress a stream with a larger window size, thus reducing
interoperability. deflateParams() can be used to improve compression
rate and resource use. Regarding flush operations, the Z_FULL_FLUSH
argument to deflate() permits to clear the dictionary, which generally
results in compression that is less effective than performing a
Z_PARTIAL_FLUSH. As a matter of fact, keeping the 32 KB dictionary from
previous data, no matter how unrelated, can be of help (if there are
no matching strings in there, then it is simply not referenced).</t>
<t>A server can improve downstream compression and the CPU efficiency
of both the server and the client if it adjusts the compression
level (e.g., using the deflateParams() function in zlib) at the
start and end of large non-text multi-line data blocks (before and
after 'content-lines' in the definition of 'multi-line-data-block'
in <xref target="RFC3977"/>, Section 9.8). This mechanism prevents
the server from trying to compress incompressible attachments.</t>
<t>A very simple strategy is to change the compression level to 0 at the
start of an incompressible multi-line data block, for instance when
encoded using yEnc <xref target="yEnc"/>, and to keep it at 1-5 the
rest of the time. More complex strategies are, of course, possible
and encouraged.</t>
</section> <!-- deflatespecificities -->
<section title="Augmented BNF Syntax for the COMPRESS Extension"
anchor="ABNF">
<t>This section describes the formal syntax of the COMPRESS extension
using ABNF <xref target="RFC7405"/> and <xref target="RFC5234"/>.
It extends the syntax in Section 9 of <xref target="RFC3977"/>,
and non-terminals not defined in this document are defined there.
The NNTP ABNF <xref target="RFC3977"/> should be imported first, before
attempting to validate these rules.</t>
<section title="Commands" anchor="commands">
<t>This syntax extends the non-terminal <command>, which represents an
NNTP command.</t>
<figure>
<artwork type="abnf">
command =/ compress-command
compress-command = "COMPRESS" WS algorithm
</artwork>
</figure>
</section> <!-- commands -->
<section title="Capability Entries" anchor="capabilities">
<t>This syntax extends the non-terminal <capability‑entry>, which
represents a capability that may be advertised by the server.</t>
<figure>
<artwork type="abnf">
capability-entry =/ compress-capability
compress-capability = "COMPRESS" 1*(WS algorithm)
</artwork>
</figure>
</section> <!-- capabilities -->
<section title="General Non-terminals" anchor="non-terminals">
<figure>
<artwork>
algorithm = %s"DEFLATE" / 1*20alg-char ; case-sensitive
alg-char = UPPER / DIGIT / "-" / "_"
</artwork>
</figure>
</section> <!-- non-terminals -->
</section> <!-- ABNF -->
<section title="Summary of Response Codes" anchor="respcodes">
<t>This section defines the following new response code. It is not
multi-line and has no arguments.</t>
<figure>
<artwork>
Response code 206
Generated by: COMPRESS
Meaning: compression layer activated
</artwork>
</figure>
</section> <!-- respcodes -->
<section title="Security Considerations" anchor="security">
<t>Security issues are discussed throughout this document.</t>
<t>In general, the security considerations of the NNTP core specification
(<xref target="RFC3977"/>, Section 12) and the DEFLATE compressed
data format specification (<xref target="RFC1951"/>, Section 6) are
applicable here.</t>
<t>Implementers should be aware that combining compression with
encryption like TLS can sometimes reveal information that would not
have been revealed without compression, as explained in Section 6
of <xref target="RFC3749"/>. As a matter of fact, adversaries that
observe the length of the compressed data might be able to derive
information about the corresponding uncompressed data. The CRIME
and the BREACH attacks (<xref target="RFC7457"/>, Section 2.6) are
examples of such case.</t>
<t>In order to help mitigate leaking authentication credentials, this
document states in <xref target="description"/> that authentication
MUST NOT be attempted after a successful use of COMPRESS. Therefore,
when a client wants to authenticate, compress data, and negotiate a
TLS security layer (without TLS-level compression) in the same NNTP
connection, it MUST use the STARTTLS, AUTHINFO, and COMPRESS commands
in that order. Of course, instead of using the STARTTLS command,
a client can also use implicit TLS, that is to say it begins the TLS
negotiation immediately upon connection on a separate port dedicated
to NNTP over TLS.</t>
<t>NNTP commands other than AUTHINFO are not believed to divulge
confidential information as long as only public Netnews newsgroups and
articles are accessed. That is why this specification only prohibits
the use of AUTHINFO after COMPRESS. In case confidential articles are
accessed in private newsgroups, special care is needed: implementations
SHOULD NOT compress confidential data together with public data when
a TLS <xref target="RFC5246"/> or SASL <xref target="RFC4422"/>
security layer is active. As a matter of fact, adversaries that
observe the length of the compressed data might be able to derive
information about it, when public data (that adversaries know is read)
and confidential data are compressed in the same compression session.</t>
<t>Additionally, it is preferable not to compress the contents of
two distinct confidential articles together if it can be avoided,
as adversaries might be able to derive information about them (for
instance, if they have a few header fields or body lines in common).
This can be achieved, for instance, with DEFLATE by clearing the
compression dictionary each time a confidential article is sent. More
complex implementations are, of course, possible and encouraged.</t>
<t>Implementations are encouraged to unconditionally allow compression
when no security layer is active, and to support an option to enable or
disable compression when a security layer is active. Such an option
could, for instance, have global scope or be server/connection-based.
Besides, as compression may in general weaken the confidentiality
of a security layer, implementations SHOULD NOT automatically enable
compression when a security layer is active unless the user explicitly
enabled it with this knowledge.</t>
<t>Future extensions to NNTP that define commands conveying confidential
data SHOULD be sure to state that these confidential data SHOULD
NOT be compressed together with public data when a security layer
is active.</t>
<t>Last but not least, careful consideration should be given to
protections against implementation errors that introduce security risks
with regards to compression algorithms. See, for instance, the part
of Section 6 of <xref target="RFC3749"/> about compression algorithms
that can occasionally expand, rather than compress, input data.</t>
</section> <!-- security -->
<section title="IANA Considerations" anchor="iana">
<section title='"NNTP Compression Algorithms" Registry' anchor="compreg">
<t>The "NNTP Compression Algorithms" registry is maintained by
IANA. The registry is available at
<vspace/>
<http://www.iana.org/assignments/nntp-parameters>.</t>
<t>The purpose of this registry is not only to ensure uniqueness of
values used to name NNTP compression algorithms, but also to
provide a definitive reference to technical specifications
detailing each NNTP compression algorithm available for use on the
Internet.</t>
<t>An NNTP compression algorithm is either a private algorithm, or
its name is included in the IANA "NNTP Compression Algorithms" registry
(in which case it is a "registered NNTP compression algorithm").
Different entries in the registry MUST use different names.</t>
<t>Private algorithms with unregistered names are allowed, but SHOULD
NOT be used because it is difficult to achieve interoperability
with them.</t>
<t>The 206, 403, and 502 response codes that a news server answers to
the COMPRESS command using a private compression algorithm MUST have
the same meaning as the one documented in <xref target="compresscmd"/>
of this document.</t>
<t>The procedure detailed in <xref target="regproc"/> is to be used
for registration of a value naming a specific individual compression
algorithm.</t>
<t>Any name that conforms to the syntax of an NNTP compression algorithm
name (<xref target="non-terminals"/>) can be used. Especially, NNTP
compression algorithms are named by strings, from 1 to 20 characters
in length, consisting of uppercase letters, digits, hyphens, and/or
underscores.</t>
<t>Comments may be included in the registry as discussed in
<xref target="regcomments"/> and may be changed as discussed in
<xref target="changecontrol"/>.</t>
<section title="Algorithm Name Registration Procedure"
anchor="regproc">
<t>IANA will register new NNTP compression algorithm names on a First
Come First Served basis, as defined in BCP 26
<xref target="RFC5226"/>. IANA has the right to reject obviously
bogus registration requests, but will not perform a review of claims
made in the registration form.</t>
<t>Registration of an NNTP compression algorithm is requested by
filling in the following template and sending it via electronic mail
to IANA at <[email protected]>:</t>
<figure>
<artwork>
Subject: Registration of NNTP compression algorithm Z
NNTP compression algorithm name:
Security considerations:
Published specification (recommended):
Contact for further information:
Intended usage: (One of COMMON, LIMITED USE, or OBSOLETE)
Owner/Change controller:
Note: (Any other information that the author deems relevant may be
added here.)
</artwork>
</figure>
<t>While this registration procedure does not require expert review,
authors of NNTP compression algorithms are encouraged to seek
community review and comment whenever that is feasible. Authors
may seek community review by posting a specification of their
proposed algorithm as an Internet-Draft. NNTP compression
algorithms intended for widespread use should be standardized
through the normal IETF process, when appropriate.</t>
</section> <!-- compreg -->
<section title="Comments on Algorithm Registrations"
anchor="regcomments">
<t>Comments on a registered NNTP compression algorithm should
first be sent to the "owner" of the algorithm and/or to the
mailing list for the now concluded NNTPEXT working group
(<ietf‑[email protected]>) of the IETF.</t>
<t>Submitters of comments may, after a reasonable attempt to contact
the owner and/or the above mailing list, request IANA to attach their
comment to the NNTP compression algorithm registration itself by
sending mail to <[email protected]>. At IANA's sole discretion,
IANA may attach the comment to the NNTP compression algorithm's
registration.</t>
</section> <!-- regcomments -->
<section title="Change Control" anchor="changecontrol">
<t>Once an NNTP compression algorithm registration has been published
by IANA, the owner may request a change to its definition. The
change request follows the same procedure as the initial registration
request.</t>
<t>The owner of an NNTP compression algorithm may pass responsibility
for the algorithm to another person or agency by informing IANA;
this can be done without discussion or review.</t>
<t>The IESG may reassign responsibility for an NNTP compression
algorithm. The most common case of this will be to enable changes
to be made to algorithms where the owner of the registration has
died, has moved out of contact, or is otherwise unable to make
changes that are important to the community.</t>
<t>NNTP compression algorithm registrations MUST NOT be deleted;
algorithms that are no longer believed appropriate for use can be
declared OBSOLETE by a change to their "intended usage" field; such
algorithms will be clearly marked in the registry published by
IANA.</t>
<t>The IESG is considered to be the owner of all NNTP compression
algorithms that are on the IETF Standards Track.</t>
</section> <!-- changecontrol -->
</section> <!-- iana -->
<section title="Registration of the DEFLATE Compression Algorithm"
anchor="registrationalg">
<t>This section gives a formal definition of the DEFLATE compression
algorithm as required by <xref target="regproc"/> for the IANA
registry.</t>
<figure>
<artwork>
NNTP compression algorithm name: DEFLATE
Security considerations: See Section 7 of this document
Published specification: This document
Contact for further information: Authors of this document
Intended usage: COMMON
Owner/Change controller: IESG <[email protected]>
Note: This algorithm is mandatory to implement
</artwork>
</figure>
<t>This registration appears as follows in the "NNTP Compression
Algorithms" registry:</t>
<texttable>
<ttcol>Algorithm Name</ttcol>
<ttcol>Intended Usage</ttcol>
<ttcol>Comment</ttcol>
<ttcol>Change Controller</ttcol>
<ttcol>Reference</ttcol>
<c>DEFLATE</c>
<c>COMMON</c>
<c>Mandatory to implement</c>
<c>IESG</c>
<c>RFC 8054</c>
</texttable>
</section> <!-- registrationalg -->
<section title="Registration of the NNTP COMPRESS Extension"
anchor="registrationext">
<t>This section gives a formal definition of the COMPRESS extension as
required by Section 3.3.3 of <xref target="RFC3977"/> for the IANA
registry.
<list style="symbols">
<t>The COMPRESS extension allows an NNTP connection to be effectively
and efficiently compressed.</t>
<t>The capability label for this extension is "COMPRESS", whose
arguments list the available compression algorithms.</t>
<t>This extension defines one new command, COMPRESS, whose behavior,
arguments, and responses are defined in
<xref target="compresscmd"/>.</t>
<t>This extension does not associate any new responses with
pre‑existing NNTP commands.</t>
<t>This extension does affect the overall behavior of both server and
client, in that after successful use of the COMPRESS command, all
communication is transmitted in a compressed format.</t>
<t>This extension does not affect the maximum length of commands or
initial response lines.</t>
<t>This extension does not alter pipelining, but the COMPRESS command
cannot be pipelined.</t>
<t>Use of this extension does alter the capabilities list; once the
COMPRESS command has been used successfully, the COMPRESS capability
can no longer be advertised by CAPABILITIES. Additionally, the
STARTTLS and MODE-READER capabilities MUST NOT be advertised, and the
AUTHINFO capability label MUST either be listed with no arguments or
not advertised at all after a successful execution of the COMPRESS
command.</t>
<t>This extension does not cause any pre‑existing command to produce a
401, 480, or 483 response code.</t>
<t>This extension is unaffected by any use of the MODE READER command;
however, the MODE READER command MUST NOT be used in the same session
following a successful execution of the COMPRESS command.</t>
<t>The STARTTLS and AUTHINFO commands MUST NOT be used in the same
session following a successful execution of the COMPRESS command.</t>
<t>Published Specification: This document.</t>
<t>Contact for Further Information: Authors of this document.</t>
<t>Change Controller: IESG <[email protected]></t>
</list></t>
<t>This registration appears as follows in the "NNTP Capability
Labels" registry contained in the "Network News Transfer Protocol (NNTP)
Parameters" registry:</t>
<texttable>
<ttcol>Label</ttcol>
<ttcol>Meaning</ttcol>
<ttcol>Reference</ttcol>
<c>COMPRESS</c>
<c>Supported compression algorithms</c>
<c>RFC 8054</c>
</texttable>
</section> <!-- registrationext -->
</section> <!-- iana -->
</middle>
<back>
<references title="Normative References">
&rfc1951;
&rfc2119;
&rfc3977;
&rfc5226;
&rfc5234;
&rfc7405;
</references> <!-- normative -->
<references title="Informative References">