W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Encryption simplification

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 30 Oct 2016 21:22:26 +1100
Message-ID: <CABkgnnWVB3mnkGn9OmvgmLU7yDww40OQ_0pp_HeNdziqGYA0og@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
After discussion about content codings, I've made something of a
drastic change to the encryption draft.  A preview is here:
    http://httpwg.org/http-extensions/encryption-preview.html

The pull request is here:
    https://github.com/httpwg/http-extensions/pull/252

This is a huge simplification in many ways, so I think that's a fair
improvement.

The main assertion that this assumes is this: content codings should
be self-descriptive.

Obviously, this isn't a strong assertion given that this content
coding requires a key, and SDCH relies on having an external
dictionary, but the point is that the contents of the message can be
decoded without reading additional header fields.  This is consistent
with the observation that James Manger made about the MICE content
coding previously [1].

To that end, I've removed the Encryption header field and packed the
critical data into the content itself.  This is more efficient and
avoids strange cross-header-field correlation between Encryption and
Content-Encoding.  It retains Crypto-Key and key identifiers, but
that's necessary since they generally travel separately.

I realize that we're close to the draft submission deadline, so I'm
planning to publish the draft with these modifications.  We can
continue to have this discussion.  Thanks to the magic of revision
control systems, it's easy to revert this change if needed.

(Yes, this messes with webpush, I still need to talk to people about
what to do there.)


[1] https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0242.html
Received on Sunday, 30 October 2016 10:22:58 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 30 October 2016 10:23:05 UTC