Re: Digest, trailers and buffering was: Re: Updating Digest header RFC3230 using "selected representation" from Lucas Pardue on 2019-07-24 (ietf-http-wg@w3.org from July to September 2019)

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Tue, 23 Jul 2019 22:41:54 -0400
To: Rob Sayre <sayrer@gmail.com>
Cc: Roberto Polli <roberto@teamdigitale.governo.it>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CALGR9obz3e_os3MXyW9hBU8PLPjhuAUYy5UeYq3_5tW46nqEeA@mail.gmail.com>

On Tue, 23 Jul 2019, 21:08 Rob Sayre, <sayrer@gmail.com> wrote:

> On Tue, Jul 23, 2019 at 2:41 PM Lucas Pardue <lucaspardue.24.7@gmail.com>
> wrote:
>
>>  Progressive consumption implies an ability for progressive digest
>> calculation, and if that cannot happen then I don't know if sending the
>> digest as trailer does address trade-offs.
>>
>
> I agree that the digest is meaningless if you're doing progressive
> rendering, since you can't calculate it until you have the whole message.
> But you can calculate the digest as a trailer if you're doing progressive
> production.
>
> Sending the digest as a trailer reduces costs for the sender, whether it's
> an upload or download. If the message is small, it's also likely that TLS
> is good enough in that case.
>

I broadly agree but there are several nuances here that may not be
immediately obvious to the passing reader. So I'm inclined to write
something up.

I disagree that TLS is good enough, it provides integrity protection for
only a single transport hop. Digest allows for integrity protection of the
object over multiple hops and, importantly, at rest.

Cheers
Lucas

Received on Wednesday, 24 July 2019 02:42:30 UTC