Re: Digests, signatures and chunk extensions from Lucas Pardue on 2022-12-01 (ietf-http-wg@w3.org from October to December 2022)

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Thu, 1 Dec 2022 16:20:19 +0000
To: Samuel Hurst <samuelh@rd.bbc.co.uk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CALGR9ob8u3FwUuZZs+f=wdmWXTB4qzN_d2W7rYOc_pG_-n3eJQ@mail.gmail.com>

Hiya Sam,



On Thu, Dec 1, 2022 at 4:07 PM Samuel Hurst <samuelh@rd.bbc.co.uk> wrote:

> Hello HTTPWG,
>
> I have a somewhat prickly question pertaining to something that I found in
> HTTP/1.1, around chunk extensions [1]. Specifically, where it mentions
> supplying per-chunk metadata "*such as a signature or hash*". However,
> upon reading the Digest [2] and Message Signatures [3] draft, they don't
> seem to cover specifying a chunk extension to add the hashes and signatures
> on a per-chunk basis. I've been doing some digging, but I've not been able
> to find anywhere that a chunk extension for presenting hashes and
> signatures for each chunk is specified, so is this somewhere else that I
> haven't been able to find yet?
>
> The specific use-case which I've been tasked with figuring out is related
> to low-latency MPEG-DASH streaming, where you have media segments
> containing several CMAF chunks that can be decoded without receiving the
> full media segment. Each CMAF chunk gets sent the moment it is complete,
> possibly shaving a good few seconds off your distribution latency.
> Therefore, you don't have the whole object to perform a digest on when you
> start it, and therefore no digest or signature in the headers. Fine, you
> can just put it in a trailer, or so I thought.
>
> However, if an intermediary or decoding client has to wait for the trailer
> section to come in to verify the integrity and authenticity of the
> representation that it has received, it rather defeats the goals of low
> latency streaming as you have to wait for the whole representation, so you
> may as well just stick it in the regular header and not push per-CMAF
> chunks. Therefore, being able to present a digest or signature on each of
> those chunks would be highly beneficial.
>
> Doing this in HTTP/1.1 seems easier if it can be done with the
> aforementioned chunk extensions. I'm at a total loss of how you'd do this
> in H2 or H3, so I welcome any advice there.
>
> Best Regards,
> -Sam
>

This sounds like something that the MICE (Merkle Integrity Content
Encoding( draft [1] might help you solve?

Cheers,
Lucas

[1] - https://datatracker.ietf.org/doc/draft-thomson-http-mice/

Received on Thursday, 1 December 2022 16:20:43 UTC