Re: draft-ietf-httpbis-resumable-upload-01

Hi both,

Speaking as co-author on both digests and resumable uploads

I agree digests could be used. I think that document provides all the
details needed to make it work in implementations or deployments.

Resumable uploads should probably minimally mention something about
integrity of HTTP message content (parts) and the integrity of the whole
object. We might want to consider going a step further and sketching a
completely optional ways to use digests to achieve that. But I'm hesitant
at this stage about overcomplicating the design.

Cheers
Lucas

On Thu, Jul 27, 2023 at 5:48 PM Guoye Zhang <guoye_zhang@apple.com> wrote:

> Hi Rob,
>
> The integrity is provided by the strength of the resume URL described in
> the security section. The resume URL should have a secret non-guessable
> path, treated similar to a TLS session ticket. And only the client that
> started the upload knows the resume URL.
>
> We don’t think there is a message integrity issue with the current
> approach assuming TLS is used and resume URL is kept secret. You can
> additionally adopt the digest header to validate the content if desired.
>
> Guoye
>
> > On Jul 26, 2023, at 14:45, Rob Sayre <sayrer@gmail.com> wrote:
> >
> > Hi,
> >
> > Firstly, this is the right idea. Every social network does something
> similar, because image and video uploads succeed over slow and unreliable
> networks at a much higher rate. Big operators like AWS have also have a
> similar feature for much larger chunks, like 1MB+.
> >
> > I think the solution is a bit too low-level in HTTP terms. The working
> solutions I've seen use POST and something like the mechanisms in the
> draft-ietf-httpbis-digest-headers-13. This is because the message integrity
> properties that come with TLS are lost when combining chunks.
> >
> > thanks,
> > Rob
> >
>
>