Re: (POST) new multi-phase and security

[continued from a private discussion of the security implications
of the automatic retry in multi-phase POST...]

Jeffrey Mogul <mogul@pa.dec.com> writes:
> The problem is that if you insist on perfect
> failure-atomicity, you need an end-to-end "commit" mechanism.
[...]
> HTTP operates at least one level too low for that

Yes, that's what is troubling me.

For that reason, I don't think HTTP agents should make any  
*automatic* retry decisions for POST, a method which can initiate  
arbitrary state changes.  You are really inventing a completely new  
method, with dramatically different semantics.  Call the new method  
something else (maybe REPOST?), and let it compete side-by-side with  
POST.

In constrast, retry makes much more sense for a method like PUT,  
which is in principle idempotent.

> You should also note that the two-phase mechanism is
> entirely at the option of the server.

But at great cost in performance (compared to HTTP/1.0).  If a full  
wait is the only way to get standard POST semantics in HTTP/1.1,  
then my objections re the previous multi-phase draft still stand.

--------------------------------------------------------------------
Paul Burchard	<burchard@cs.princeton.edu>
``I'm still learning how to count backwards from infinity...''
--------------------------------------------------------------------

Received on Wednesday, 8 May 1996 23:27:20 UTC