- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Sat, 9 Mar 1996 00:55:38 PST
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
To: Larry Masinter <masinter@parc.xerox.com> Cc: hallam@w3.org Subject: Footers and Chunked Date: Fri, 8 Mar 1996 11:30:00 -0800 From: hallam@w3.org X-Mts: smtp content-length: 3311 Larry, I've been asked about whether footers should be in the HTTP/1.1 chunked encoding or not. I have code written which has a vital and essential need for footers, specifically to add signatures to the end of documents. Since footers have been in the 1.1 spec for some time and since nobody has made a case on the list for removing them I would be extreemly and deeply unhappy if the footers were removed. I would not be unhappy if chunked was removed from 1.1 entirely and defferred to 1.2 however. The need to be able to put footers at the end of the documents is a serious one, one which both Jeff Schiller and myself are very firm on - if not to say wedged. The biggest mistake made in PGP was a decision to put a length encoding at the front of the document which prevents it from being used as a filter to encrypt a backup tape to a disk. The parallels with the Web are obvious. Ideally I would like to have footers plus a requirement that implementations be tolerant of additional material following the length code of a chunk and the CRLF. This will permit the chunked encoding to be progressed to one which supports multiple streams or segment by segment message digests at a future date. Ie my existing code (almost) produces: HTTP/1.1 201 O.K. Here is some data Server: condom/1.0 Prevent virii! always take net.precautions! Content-Encoding: chunked Signature-RSA: key-id=KEY:RSA:server; place=footer; digest=RSA-MD5 20 <BODY><H1>This is a test 63 Message</h1><p>Hello</p><HR><address>PHB</ADDRESS></body> 0 Signature-RSA: key-id=KEY:RSA:server; signature=fLQk4ZyOdUbuoldrNTPX3P/Yb6PXXhS9xCnTe9xMihEdvDt66rXDpf34NAzfjayyWWfekM 2qArK+xqcUNbxOZw== I would like to be able to produce HTTP/1.1 201 O.K. Here is some data Server: condom/1.0 Prevent virii! always take net.precautions! Content-Encoding: chunked Signature-RSA: key-id=KEY:RSA:server; place=footer; digest=RSA-MD5 Authentication: key-id=KEY:SYMETRIC:fred; algorithm=RSA-KD5; mask=1A237E28F28123B021 20 auth=2qArK+xqcUNbxOZw== <BODY><H1>This is a test 63 auth=63P/Yb6PXXhS9xCn== Message</h1><p>Hello</p><HR><address>PHB</ADDRESS></body> 0 auth=o7ldrNTPX3P/Yb6P== Signature-RSA: key-id=KEY:RSA:server; signature=fLQk4ZyOdUbuoldrNTPX3P/Yb6PXXhS9xCnTe9xMihEdvDt66rXDpf34NAzfjayyWWfekM 2qArK+xqcUNbxOZw== Clearly I would be happier if this would not break proxies which are based on the 1.1 spec. I see no possibility whatsoever of providing the same functionality if signatures are required to go at the beginning. The content produced is likely to be generated by an automaton such as a gateway interface. I have recently been expreimenting with a number of highly interactive systems where there is a clear need for continuous authentication at the segment level. Unless someone can come up with a clear reason why footers are bad I think that we should continue with the status quo rather than make a change at this stage which would inevitably lead to delay in reaching consensus. I would like us to be able to finish 1.1 as soon as possible in order that we can start on some new topics. In addition to the demographics issues I raised there is a long standing problem of notification which I beleive can be solved with a few minor but significant additions to the spec.. Phill
Received on Saturday, 9 March 1996 00:58:08 UTC