W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: MACing HTTP requests/responses (Re: Content-Integrity header)

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Thu, 12 Jul 2012 13:39:29 -0400
Message-ID: <CAMm+Lwi6X9SsB-wosch=KJ6wrK127s+9KHh8AyXE9KKNQeokww@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: James M Snell <jasnell@gmail.com>, Nico Williams <nico@cryptonector.com>, ietf-http-wg@w3.org
I am very big on legacy support.

But 'I can't implement this new Web service efficiently unless I
upgrade my server' is a much lower concern for me than 'I can't
implement unless I upgrade' which in turn is much less of a concern
than 'this won't work for granny with her IE4.0'

The ability to put the integrity check at the end is nice, not being
able to do that is not a concern for most Web services where the
transactions are pretty small and easily buffered in memory.

On Thu, Jul 12, 2012 at 1:09 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2012-07-12 19:00, James M Snell wrote:
>>
>> To provide one example... using the servlet API within Apache Tomcat
>> 7... I can easily access trailers included in a post.. but there is no
>> obvious means of including a trailer in the response...
>>
>> Given the input...
>>
>>    POST /Testing/test HTTP/1.1
>>    Host: localhost
>>    Transfer-Encoding: chunked
>>    Content-Type: text/plain
>>    Trailer: x-foo
>>    TE: chunked
>>
>>    4
>>    ABCD
>>    6
>>    EFGHIJ
>>    0
>>    x-foo: test
>>
>> On the server side...
>>
>>    protected void doPost(
>>      HttpServletRequest request,
>>      HttpServletResponse response)
>>        throws IOException {
>>
>>      // outputs null since the trailer hasn't been parsed yet...
>>      System.out.println(request.getHeader("x-foo"));
>>
>>      // consume the input
>>      InputStream in = request.getInputStream();
>>      int r = -1;
>>      while((r = in.read(new byte[100])) > -1) {}
>>
>>      // outputs the value of the x-foo trailer... so far so good...
>>      System.out.println(request.getHeader("x-foo"));
>>
>>      // let's do a chunked response and try that...
>>      response.addHeader("Trailer", "x-foo");
>>      OutputStream out = response.getOutputStream();
>>      for (int n = 0; n < 10000; n++) {
>>        out.write('a');
>>      }
>>      // x-foo is never included in the response...
>>      // there is no obvious means of including trailers
>>      // in chunked responses using the servlet api...
>>      response.addHeader("x-foo", "response");
>>    }
>> ...
>
>
>
> I have to say that I'm surprised that at least it works for trailers in a
> HttpServletRequest...
>
> Best regards, Julian



-- 
Website: http://hallambaker.com/
Received on Thursday, 12 July 2012 17:39:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 12 July 2012 17:40:03 GMT