Re: New Version Notification for draft-thomson-http-encryption-00.txt

In message <>, Willy Tarreau writes:

>> Notice that Range is not in C-E for the very same reason:  By pulling
>> it out of C-E its exact placement in the pipeline gets nailed down.
>Well, thinking about it, C-E, C-T, range, etc are the body's meta-data
>so they should be hidden from the clear-text headers and encrypted with
>the body.

>So I tend to think now that moving all entity headers to the body (including
>C-E) and using a separate header to indicate what's being compressed makes
>sense.  You ask for a blob, you get a blob and until you decipher it, you
>cannot tell how it was made nor what it contains.

Exactly.  This is why I say that encryption goes first: The moment
you perform the encryption, all metadata except for the encryption
parameters disappear, and you get an entirely new message.

We have to decide precisly how far that goes however, does an plaintext
403 response arrive as an encrypted 200 response which only reveal its
true colors on decryption ?

It follows from this that if you receive a message with both
(Content-)Encryption and Range it means:


and if you get Encryption, Range and C-E: gzip it means


so as to not reveal anything about the plaintext.

>At this point, reusing Content-Encoding to indicate the envelope's format
>doesn't seem problematic at all to me since any previous occurrence of it
>would have moved inside the body.

It is problematic if "gzip, aesbla" and "aesbla, gzip" means different

C-E is defined today as giving them different meanings, so either
we have to add veribiage which mandates that "aesbla" always must
be first in the C-E, or (better) avoid the issue by not involving C-E.

The fact that encryption needs to care about metadata means that it
is not really a "Content-Encoding" but rather a "Message-Encoding".

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 12 May 2015 18:35:30 UTC