[hallam@w3.org: Footers and Chunked ]
Larry Masinter (masinter@parc.xerox.com)
Sat, 9 Mar 1996 00:55:38 PST
To: Larry Masinter <masinter@parc.xerox.com>
Cc: hallam@w3.org
Subject: Footers and Chunked
Date: Fri, 8 Mar 1996 11:30:00 -0800
From: hallam@w3.org
X-Mts: smtp
content-length: 3311
Larry,
I've been asked about whether footers should be in the HTTP/1.1 chunked
encoding or not. I have code written which has a vital and essential need for
footers, specifically to add signatures to the end of documents.
Since footers have been in the 1.1 spec for some time and since nobody
has made a case on the list for removing them I would be extreemly and deeply
unhappy if the footers were removed. I would not be unhappy if chunked was
removed from 1.1 entirely and defferred to 1.2 however.
The need to be able to put footers at the end of the documents is a
serious one, one which both Jeff Schiller and myself are very firm on - if not
to say wedged. The biggest mistake made in PGP was a decision to put a length
encoding at the front of the document which prevents it from being used as a
filter to encrypt a backup tape to a disk. The parallels with the Web are
obvious.
Ideally I would like to have footers plus a requirement that
implementations be tolerant of additional material following the length code of
a chunk and the CRLF. This will permit the chunked encoding to be progressed to
one which supports multiple streams or segment by segment message digests at a
future date. Ie my existing code (almost) produces:
HTTP/1.1 201 O.K. Here is some data
Server: condom/1.0 Prevent virii! always take net.precautions!
Content-Encoding: chunked
Signature-RSA: key-id=KEY:RSA:server; place=footer; digest=RSA-MD5
20
<BODY><H1>This is a test
63
Message</h1><p>Hello</p><HR><address>PHB</ADDRESS></body>
0
Signature-RSA: key-id=KEY:RSA:server;
signature=fLQk4ZyOdUbuoldrNTPX3P/Yb6PXXhS9xCnTe9xMihEdvDt66rXDpf34NAzfjayyWWfekM
2qArK+xqcUNbxOZw==
I would like to be able to produce
HTTP/1.1 201 O.K. Here is some data
Server: condom/1.0 Prevent virii! always take net.precautions!
Content-Encoding: chunked
Signature-RSA: key-id=KEY:RSA:server; place=footer; digest=RSA-MD5
Authentication: key-id=KEY:SYMETRIC:fred; algorithm=RSA-KD5;
mask=1A237E28F28123B021
20 auth=2qArK+xqcUNbxOZw==
<BODY><H1>This is a test
63 auth=63P/Yb6PXXhS9xCn==
Message</h1><p>Hello</p><HR><address>PHB</ADDRESS></body>
0 auth=o7ldrNTPX3P/Yb6P==
Signature-RSA: key-id=KEY:RSA:server;
signature=fLQk4ZyOdUbuoldrNTPX3P/Yb6PXXhS9xCnTe9xMihEdvDt66rXDpf34NAzfjayyWWfekM
2qArK+xqcUNbxOZw==
Clearly I would be happier if this would not break proxies which are based on
the 1.1 spec. I see no possibility whatsoever of providing the same
functionality if signatures are required to go at the beginning. The content
produced is likely to be generated by an automaton such as a gateway interface.
I have recently been expreimenting with a number of highly interactive systems
where there is a clear need for continuous authentication at the segment level.
Unless someone can come up with a clear reason why footers are bad I think that
we should continue with the status quo rather than make a change at this stage
which would inevitably lead to delay in reaching consensus.
I would like us to be able to finish 1.1 as soon as possible in order that we
can start on some new topics. In addition to the demographics issues I raised
there is a long standing problem of notification which I beleive can be solved
with a few minor but significant additions to the spec..
Phill