]> Massachusetts Institute of Technology

Room E15-411 20 Ames Street Cambridge MA 02139 US +1 617 253 0392 gersh@cba.mit.edu

Sun Microsystems, Inc.

Mailstop UBUR02-306 One Network Drive Burlington MA 01803 US +1 781 442 0716 douglas.johnson@sun.com

Schneider Electric

1 High Street North Andover MA 01845 US +1 978 975 9472 todd.snide@us.schneider-electric.com

Cisco Systems

1414 Massachusetts Avenue Boxborough MA 01719 US +1 978 936 1342 kelynn@cisco.com

THTP, the Trivial Hypertext Transfer Protocol, is an implementation of HTTP over UDP transport. THTP is designed for environments with limited computational power or bandwidth and single-packet exchanges. As such, THTP is best suited for the emerging class of applications running on embedded devices and sensor networks. THTP decouples HTTP from TCP and provides a subset of HTTP's functionality, in particular URI naming. This document describes the THTP protocol.

This memo details Trivial Hypertext Transfer Protocol or THTP, an application-layer protocol. THTP is a scaled-down adaptation of HTTP designed to run over the UDP transport layer. It is not intended as a replacement of HTTP over TCP, but rather a complementary scheme to expand HTTP-like semantics to a wider range of possible environments.

HTTP provides a powerful naming construct that simultaneously identifies and locates resources. However, the tight coupling between HTTP and TCP necessitates TCP's protocol overhead and state machine complexity. Decoupling HTTP from TCP enables a well-standardized protocol to operate in a wider range of environments and devices. For example, the anticipated proliferation of smart, tiny, networked devices require a standards-based naming scheme , , but often cannot tolerate large amounts of overhead. In addition the communication requirements and patterns of small, inexpensive devices and sensors may differ from traditional network participants. Specifically, embedded devices and sensors receiving or sending single-packet commands and responses require neither mandated reliable network transport nor packet sequencing at the transport layer. Consider the application of a light switch using IP to communicate with a light bulb over a network. The light switch sending an "on" instruction to the networked light bulb in the same physical room does not need the overhead of a TCP full three-way handshake. In addition, implementing TCP or even T/TCP is prohibitively expensive in terms of the communication and state machine complexity on such a resource constrained computing platform. Rather than requiring constrained devices or environments to implement a new lightweight protocol, THTP codifies a simple, portable, standards-based means of extending HTTP to UDP.

THTP is designed to be lightweight and easy for applications and application designers to implement. THTP uses HTTP's URI naming scheme, however THTP differs from HTTP in several important ways. These differences are conscious design decisions based on THTP's intended environment of limited computational power or bandwidth and single-packet exchanges. This section details critical aspects of the THTP design.

THTP uses UDP as its transport layer. shows the relationship between THTP and various Internet protocols.

Protocol Relationships +-----+ +------+ +------+ +------+ +-----+ | FTP | | HTTP | | TFTP | | THTP | ... | ... | +-----+ +------+ +------+ +------+ +-----+ | | | | | +-------+ +---------+ +-----+ | TCP | | UDP | ...... | ... | +-------+ +---------+ +-----+ | | | +------------------------------------------+ | IP (Internet Protocol) | +------------------------------------------+ | | +------------------------+ +------------------------+ | Local Network Protocol | | Local Network Protocol | +------------------------+ +------------------------+

THTP defines a naming scheme analogous to HTTP's Uniform Resource Locator (URL) which has been subsumed into the more abstract notion of a Uniform Resource Identifier (URI) . THTP leverages the URI naming and large base of existing implementations to provide an efficient means of addressing and communicating with devices in a range of environments. A THTP URI is semantically identically to those in HTTP, but with UDP as transport. The THTP URI format is defined as follows:

THTP_URI = "thtp:" "//" host [ ":" port ] [ abs_path [ "?" query]]

THTP URIs MUST BE processed identically to HTTP URIs. THTP SHOULD use UDP port 80 by default, but MAY use other UDP ports via the optional port specification in the URI.

THTP explicitly separates requests and responses. While HTTP uses a request/response paradigm, responses in THTP are not required. Responses may be either unnecessary or implicit via an out-of-band channel. For instance, a THTP request to turn a light bulb "on" does not require a response. A user may query the state of the light bulb remotely, receive a notification that the filament is burned out, or require a device to periodically report its status via THTP. The separation of request and response in THTP has several design implications, notably on reliability and message size. A THTP request MAY generate a THTP response. Because THTP uses UDP, requests and responses do not have congestion control. Therefore, THTP responses MUST NOT be sent without a THTP request. A THTP message MUST fit entirely in a single UDP packet (one PDU). THTP cannot transfer data larger than a single packet in a single request. Applications that require ordered delivery, large messages, flow control or congestion control should use HTTP (over TCP). Multiple messages cannot be placed within a single THTP packet. "Chunked" transfer-coding MUST NOT be used.

THTP uses UDP as its transport layer. Since UDP is an unreliable transport protocol and THTP does not include reliability, THTP makes no guarantees of packet delivery. In many instances where THTP will be used, reliability is not required. For example, a user turning a light switch receives immediate feedback: the room illuminates, therefore the request over the network was successful. If the packet is corrupted or lost and the light bulb does not light, the user can actuate the light switch again. However, THTP does not preclude reliability at other layers. An application MAY implement THTP on top of THTP. Consider for example an application that requires lightweight, reliable single-message passing but not ordered delivery. Such an application could use THTP in conjunction with reliability at the physical or application layer. In addition, automated systems without an out-of-band feedback mechanism require additional verification, either by actively querying the state of the remote device or by adding application layer reliability.

Because THTP uses UDP, THTP MAY use multicast group addresses. Assuming the underlying data-link layer network supports broadcast or multicast transmission, a single THTP message could be sent to, and received by, multiple nodes. An immediately practical application is to assign locally scoped multicast group addresses to a set of nodes. For example, a single light switch might send a THTP "on" instruction to multicast group M. All light bulbs assigned to group M would process the message and switch on. While Internet multicast deployment is limited, THTP multicast messages are useful in many local area networks.

THTP implements a minimum subset of HTTP's features, but is not required to implement all of HTTP. The subset of features THTP supports are a natural consequence of using UDP and maintaining simplicity. THTP clients and servers MUST support the HTTP GET and POST methods and MAY support other methods. A server MUST always respond to a GET request or provide the appropriate status code error. A server MAY respond to a POST request or provide the appropriate status code error. A server MUST respond with an error on an error event regardless of the method type. A THTP server MUST always legally respond with the status code 501 (not implemented) for requests it cannot process as needed. Status codes are documented in .

THTP and HTTP's use of the GET method are identical. THTP MUST support the GET method. A THTP GET request from a client expects a response and the server MUST send the requested object identified by the Request-URI or an error. If the Request-URI refers to a data-producing process, the data from that process is returned. To send information from the client to the server process, a client MAY imbed that information in the HTTP URI and use the GET method. The user agent appends a '?' to the action URI along with the data set in `application/x-www-form-urlencoded' format. THTP MAY support "conditional GET" in instances where cached entities can be used without consuming unneeded network bandwidth

THTP MUST accept the POST method, but uses POST in a slightly different manner than HTTP. A THTP server MAY respond to a successful POST, but is not required to do so. The optional response covers cases where the client is not expecting a response and where communication resources are scarce, for instance sensor nodes. In the case of a lightbulb and lightswitch, a POST request may be used to change the state of the light and does not require a response. However, a THTP server MUST always respond with an error status code on an error condition for POST. The POST method requests that the destination server process the data within the request as a subordinate of the the Request-URI resource. To perform an action with a POST, the user agent uses the action URI and adds a message body of type `application/x-www-form-urlencoded'.

THTP uses the same status codes as defined by HTTP. THTP servers MUST implement the following status codes at a minimum:

200 OK The 200 successful status code differs slightly from that in HTTP due to it being optional for POST requests. Code 200 indicates that the request has succeeded. A successful GET request must result in response containing the 200 status code along the information queried. A POST request may return a 200 status code.

400 Bad Request The request is malformed and rejected by the server. 404 Not Found The request cannot be honored by the server because the requested resource is not available.

501 Not Implemented The request cannot be honored by the server because the server does not support the requested functionality. Such an error may occur for unsupported methods.

THTP messages MAY be proxied. Proxies are a natural consequence of interconnecting a local area network, e.g. for home automation, with the larger Internet.

HTTP explicitly allows and makes provisions for content caching. A request may be honored by an intermediary other than the final recipient. When cached, the response comes from this intermediary. Clearly, in THTP's intended environments such as control and automation networks, caching is not expected. Because THTP's request model anticipates all requests to be carried through to the final recipient, THTP SHOULD NOT be cached.

Since THTP is implemented on top of UDP, many of the security issues inherent in UDP are inherited by THTP. By eliminating the minimal source validation afforded by the three-way handshake of TCP, THTP is vulnerable to source IP address spoofing. Without a stronger means of authentication, THTP MAY rely on ingress filtering of source addresses. Enterprises MAY use transport layer packet filtering to keep all THTP internal to their private intranet. For example, a packet filter rule on the enterprise gateway would block UDP port 80 traffic from entering or exiting the intranet. Applications that require strong encryption and/or authentication MAY employ appropriate lightweight encryption .

&rfc0768; &rfc1644; &rfc1945; &rfc2827; &rfc3986; CrossGain Microsoft MIT/Center for Bits and Atoms MIT/Center for Bits and Atoms Sun Microsystems MIT/Center for Bits and Atoms Sun Microsystems MIT/Center for Bits and Atoms

The authors gratefully acknowledge the contributions of (alphabetically): Robert Beverly, Danny Cohen, David Dalrymple, and Karen Sollins.