Re: Draft v1 Update for Resumable Uploads

Glenn Strauss <> Mon, 20 June 2022 03:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 216B6C14F74D for <>; Sun, 19 Jun 2022 20:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.662
X-Spam-Status: No, score=-2.662 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wpQ5RHV74eVP for <>; Sun, 19 Jun 2022 20:19:07 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 52FFBC14F732 for <>; Sun, 19 Jun 2022 20:19:07 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1o37tb-0007E8-IX for; Mon, 20 Jun 2022 03:16:11 +0000
Resent-Date: Mon, 20 Jun 2022 03:16:11 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1o37tZ-0007D7-NE for; Mon, 20 Jun 2022 03:16:09 +0000
Received: from ([]) by with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (Exim 4.94.2) (envelope-from <>) id 1o37tV-000z75-TE for; Mon, 20 Jun 2022 03:16:09 +0000
X-Spam-Language: en
X-Spam-DCC: B=; 1102; Body=1 Fuz1=1 Fuz2=1
X-Spam-PYZOR: Reported 0 times.
Date: Sun, 19 Jun 2022 23:15:44 -0400
From: Glenn Strauss <>
To: Guoye Zhang <>
Message-ID: <Yq/mYB6FMLWn/7Oj@xps13>
References: <> <Yq67WGkb0LtJIAP9@xps13> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1o37tV-000z75-TE 592e5c64148ddba6e5a52a148fd3402a
Subject: Re: Draft v1 Update for Resumable Uploads
Archived-At: <>
X-Mailing-List: <> archive/latest/40175
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On Sun, Jun 19, 2022 at 01:04:35AM -0700, Guoye Zhang wrote:
> > On Jun 18, 2022, at 22:59, wrote:
> > 
> > On Thu, Jun 16, 2022 at 02:30:59PM -0700, Guoye Zhang wrote:
> >> Our previous resumable upload draft generated a lot of discussions.
> > 
> > At least in my case, I attempted to be polite after you submitted a
> > draft without first doing a survey of existing RFCs.  You admitted no
> > knowledge of WebDAV RFCs, which I deemed a large oversight considering
> > the nature of the tus-v2 protocol.
> We have looked into WebDAV protocol, but we do not think it’s the direction we want to go. tus-v2 is designed to be a lightweight single-purpose protocol that’s easily implementable by clients and servers. We do not want to design a discovery method for WebDAV and force servers to implement the full WebDAV just for this one feature.

Let me attempt to simplify things for you, even though I previously
provided an explicit example.

I think that the PUT method is sufficient and PUT is part of HTTP/1.1,
from 1999.

Servers supporting generic partial-PUT are implemented in production
today and are generically reusable to append to a file.

Partial-PUT implementations exist in lighttpd mod_webdav and SabreDAV.
SabreDAV is used underneath owncloud, nextcloud, and others.
I am sure there are other examples, but these are two.

For the sake of simplicity, try to substitute any of my prior uses of
WebDAV with partial-PUT.  I used WebDAV since my knowledge of production
implementations with *generic* support for partial-PUT were part of
full-featured WebDAV servers.

Besides generic partial-PUT support, Writing application-specific
support for partial-PUT is not excessively difficult.

On the other hand, how widely is PATCH implemented?
(RFC 5789 does not define any required media-type, so any PATCH
 implementations in production today are application-specific.)

> Apple has a Feedback Assistant app which allows customers to file bug reports and upload device diagnostics. These diagnostics are usually hundreds of megabytes in size, and if interrupted, we have to upload them again from the beginning. This has been one of the most common complains we receive.

Sounds like an application-specific problem that can be solved with an
application-specific script which supports partial-PUT.

> > Now, it is true that non-idempotent requests such as POST and PUT
> > are not generically safe to automatically retry upon failure.
> > 
> > If you are trying to come up with a generic solution to recover a
> > non-idempotent request, that should be more explicit and better scoped
> > in the draft than potentially extending multiple existing HTTP request
> > methods.  Such a goal would require specifying that a server not start
> > processing the upload in any non-idempotent way until the upload was
> > complete.  Other requirements might also be necessary.
> > 
> This is not true. The resumable upload protocol is designed so the server can start processing data immediately, since clients are required to resume from the exact interruption point. The protocol can be implemented by a CDN so the origin server just receives a regular upload.

Please note my use of the word "non-idempotent": "... specifying that a 
server not start processing the upload in any non-idempotent way ..."

If you are writing an RFC extending HTTP for the internet, then you
really need to stop thinking so narrowly about your application-specific
intended use case.

> Partial PUT isn’t a clear defined standard, and we cannot use “Content-Range” as explained above since the ability to upload with unknown length is required.

You have contradicted yourself.  The example I gave using partial-PUT
fully implements your stated requirement of append-only, as you append
what you have when you generate it, sequentially extending the file.

> We are happy to revise the method and header names used by Upload Appending Procedure and all other procedures as long as we maintain the capabilities of tus protocol. If the consensus is that PUT is better than PATCH, we will modify our draft to adopt it.

I did not say that.  I have stated that partial-PUT is one potential
solution that is available today and has production implementations
in service.  I have also suggested that any new RFC should include a
section why partial-PUT is suboptimal and the new RFC provides a
(substantially) better solution.

PATCH with media-type application/tus-v2 may be a better solution
as you can define the body any way that you like, which may include a
custom (header) section in the body containing metadata such as the
information you can not currently describe in Content-Range.

> >> 2. Media types
> >> 
> >> PATCH currently doesn’t define a media type. We went through the list of media types but couldn’t find the appropriate category for the Upload Appending Procedure. It is a generic byte-appending operation that can modify any types of media, so we don’t think it fits into an application media type.
> > 
> > If tus-v2 is going to use PATCH:
> > Why is tus-v2 not handled as PATCH with media-type application/tus-v2?
> > tus-v2 is an application protocol.  Content-Type: application/tus-v2
> > along with tus-v2 request headers would indicate how the request body is
> > treated by PATCH implementations, if they support application/tus-v2.
> From my reading of the PATCH standard, media type should be the type of the content that we are trying to modify.

The media-type in an HTTP request describes the request body
(along with Content-Encoding).  Content-Type could be application/json
if the request body contained a json-encoded structure which identified
the target file and described commands, context, and instructions how to
patch the target file.  (I do not recommend this, and merely wanted to
provide a more concrete example of media-type for request body.)

> Feature detection is an optional part of the protocol. If an application controls both the client and the server (which is the case today with tus-v1), they can implement the protocol without using 1xx status code. We only require feature detection when a generic HTTP client tries to upgrade a regular upload to a resumable upload.

I think you should stick to your application-specific protocol to solve
your application-specific problem in your application-specific domain
where you control both client and server.

> We’ve not seen consistent support of “Expect: 100-continue”. Some middleboxes reply with 100 immediately, and some middleboxes drop the 100 response. Therefore, we think a different 1xx status code would work better. We will explore different status code such as 102, but defining a new status code for a new purpose seems like the most straightforward option, as it will be least likely to break existing software.

Sounds to me like a practical solution is to CONNECT through proxies to
your application servers, where you can support the application/tus-v2
protocol.  That would not be a 100% solution, but would work for many.

> Maybe our goal isn’t very clear from the draft. We don’t just want this to be an application protocol. Yes, it can be implemented by an application on top of existing HTTP libraries, but the reason we are bringing this to the HTTP workgroup is that we hope to build support for this in the HTTP library itself. The goal is to move toward a future where every upload is resumable.

I think you should prove it out as an application protocol and share it.
If it is widely adopted and becomes a convention, then maybe it can be
considered to extend HTTP.

If your goal is to build support into HTTP libraries itself, then I do
believe that you have a responsibility to justify why that should be so.

I think an intern at Apple could quickly write a Python script to assign
upload transaction ids to uploads, and (after disconnection) to be able
to match existing transaction id to append to uploads.  Once the upload
is complete, the script can process the upload.  I do not see why such
an application-specific protocol -- with application-specific file
sizes, timeouts, and resource management requirements -- should be
anything other than an application, perhaps with an open source python
module that can be reused by others.

Cheers, Glenn