Re: Resumable Upload draft updates from Lucas Pardue on 2024-07-25 (ietf-http-wg@w3.org from July to September 2024)

From: Lucas Pardue <lucas@lucaspardue.com>
Date: Thu, 25 Jul 2024 12:58:23 -0700
To: "Rob Sayre" <sayrer@gmail.com>, "Marius Kleidl" <marius@transloadit.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <08d10095-ba78-435a-852c-d5dd13a86f08@app.fastmail.com>

On Thu, Jul 25, 2024, at 12:40, Rob Sayre wrote:
> On Thu, Jul 25, 2024 at 4:34 AM Marius Kleidl <marius@transloadit.com> wrote:
>> 
>> I wonder if it's helpful to include such a comparison in the draft.
> 
> I don't think a comparison in the draft would be helpful. I was wondering whether the draft differed from S3 et al in substantial ways, and if so, for what reason. The size limits on S3 aren't of interest to me (but fine for them).
> 
> If you're doing a mobile app, people have many bespoke implementations that are similar to this draft, just in smaller chunks, but the designs are all close. It sounds like your company does some of this stuff, so no pedantry intended. I did wonder why it is so different from S3 on the surface. Most designs I've seen also have checksums for each chunk as well as the whole. This is not for security reasons, it's just that the recombination happens after TLS termination, so people use that to ensure message integrity.
Integrity using standardized  HTTP digests is described in https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-resumable-upload-04#name-integrity-digests. Integrity for parts, or whole is covered by the Content-Digest or Repr-Digest.

During the standardisation of RFC 9530, we did a survey and found many of these upload services tend to use the Content-MD5 field to some extent, which is sad because it was obsoleted by RFC 7231 due to implementation inconsistencies.

Cheers
Lucas
> 
> thanks,
> Rob
>

Received on Thursday, 25 July 2024 19:58:47 UTC