Encryption simplification

After discussion about content codings, I've made something of a
drastic change to the encryption draft.  A preview is here:

The pull request is here:

This is a huge simplification in many ways, so I think that's a fair

The main assertion that this assumes is this: content codings should
be self-descriptive.

Obviously, this isn't a strong assertion given that this content
coding requires a key, and SDCH relies on having an external
dictionary, but the point is that the contents of the message can be
decoded without reading additional header fields.  This is consistent
with the observation that James Manger made about the MICE content
coding previously [1].

To that end, I've removed the Encryption header field and packed the
critical data into the content itself.  This is more efficient and
avoids strange cross-header-field correlation between Encryption and
Content-Encoding.  It retains Crypto-Key and key identifiers, but
that's necessary since they generally travel separately.

I realize that we're close to the draft submission deadline, so I'm
planning to publish the draft with these modifications.  We can
continue to have this discussion.  Thanks to the magic of revision
control systems, it's easy to revert this change if needed.

(Yes, this messes with webpush, I still need to talk to people about
what to do there.)

[1] https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0242.html

Received on Sunday, 30 October 2016 10:22:58 UTC