Re: http+aes

On Mar 7, 2012, at 01:23, Ian Hickson wrote:

> On Tue, 6 Mar 2012, Carsten Bormann wrote:
>> 
>> The more interesting observation for me is that there is an HTTP URI 
>> stuck in there trying to get out.
>> 
>> I.e., instead of
>> 
>> http+aes://uEdF00VkBLCfriveitl6cv4H@cdn.com/tehmovie.mov
>> 
>> one would really like to see
>> 
>> frob:hixie-3:uEdF00VkBLCfriveitl6cv4H:http://cdn.com/tehmovie.mov
> 
> That's not a bad idea, but it seems unfortunate to introduce yet more 
> variation in URL scheme syntaxes, which is why I didn't go in that 
> direction with the proposal and instead used Kornel's http+aes:// idea.

"Cleverly" misusing existing elements of existing (deprecated in certain contexts) syntax is not necessarily better than introducing new syntax.  (And what I proposed isn't that new either, but the specific syntax wasn't the point anyway.  The clean nesting was.)

The "500" problem can easily be solved by specifying the post-frobnicating such that it only applies to the body of 200 (and 206!) responses.  (For 206, the post-frob spec will of course have to explain how that works, but that's obvious for CTR and byte-ranges.  And, also obviously, partials plus thatcherizing give you great watermarking as well.)

I'm still not convinced that I like this approach a lot for the problem it is trying to solve, but I'm a bit taken back by the many responses that it does not solve other problems it is not trying to solve.  Clearly, the applicability must be well-documented (together with the actual details of the algorithm), which is good reason to put the actual post-frob spec into a different place than the HTML spec.

Grüße, Carsten

Received on Thursday, 8 March 2012 07:01:32 UTC