Hi Rob,
The integrity is provided by the strength of the resume URL described in the security section. The resume URL should have a secret non-guessable path, treated similar to a TLS session ticket. And only the client that started the upload knows the resume URL.
We don’t think there is a message integrity issue with the current approach assuming TLS is used and resume URL is kept secret. You can additionally adopt the digest header to validate the content if desired.
Guoye
> On Jul 26, 2023, at 14:45, Rob Sayre <sayrer@gmail.com> wrote:
>
> Hi,
>
> Firstly, this is the right idea. Every social network does something similar, because image and video uploads succeed over slow and unreliable networks at a much higher rate. Big operators like AWS have also have a similar feature for much larger chunks, like 1MB+.
>
> I think the solution is a bit too low-level in HTTP terms. The working solutions I've seen use POST and something like the mechanisms in the draft-ietf-httpbis-digest-headers-13. This is because the message integrity properties that come with TLS are lost when combining chunks.
>
> thanks,
> Rob
>