W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: (POST) new multi-phase and security

From: Paul Burchard <burchard@cs.princeton.edu>
Date: Thu, 9 May 96 02:17:10 -0400
Message-Id: <9605090617.AA11969@cs>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
[continued from a private discussion of the security implications
of the automatic retry in multi-phase POST...]

Jeffrey Mogul <mogul@pa.dec.com> writes:
> The problem is that if you insist on perfect
> failure-atomicity, you need an end-to-end "commit" mechanism.
[...]
> HTTP operates at least one level too low for that

Yes, that's what is troubling me.

For that reason, I don't think HTTP agents should make any  
*automatic* retry decisions for POST, a method which can initiate  
arbitrary state changes.  You are really inventing a completely new  
method, with dramatically different semantics.  Call the new method  
something else (maybe REPOST?), and let it compete side-by-side with  
POST.

In constrast, retry makes much more sense for a method like PUT,  
which is in principle idempotent.

> You should also note that the two-phase mechanism is
> entirely at the option of the server.

But at great cost in performance (compared to HTTP/1.0).  If a full  
wait is the only way to get standard POST semantics in HTTP/1.1,  
then my objections re the previous multi-phase draft still stand.

--------------------------------------------------------------------
Paul Burchard	<burchard@cs.princeton.edu>
``I'm still learning how to count backwards from infinity...''
--------------------------------------------------------------------
Received on Wednesday, 8 May 1996 23:27:20 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:59 EDT