IETF Logo Mail Archive

Re: Digest: use in requests

Roberto Polli <robipolli@gmail.com> Tue, 29 December 2020 10:00 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 456353A1323 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 29 Dec 2020 02:00:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Level:
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwGScRwcog-1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 29 Dec 2020 02:00:25 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B797F3A10EC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 29 Dec 2020 02:00:24 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kuBkm-0005f7-85 for ietf-http-wg-dist@listhub.w3.org; Tue, 29 Dec 2020 09:57:20 +0000
Resent-Date: Tue, 29 Dec 2020 09:57:20 +0000
Resent-Message-Id: <E1kuBkm-0005f7-85@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <robipolli@gmail.com>) id 1kuBkk-0005eO-C7 for ietf-http-wg@listhub.w3.org; Tue, 29 Dec 2020 09:57:18 +0000
Received: from mail-io1-xd2c.google.com ([2607:f8b0:4864:20::d2c]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <robipolli@gmail.com>) id 1kuBki-00063W-Mf for ietf-http-wg@w3.org; Tue, 29 Dec 2020 09:57:18 +0000
Received: by mail-io1-xd2c.google.com with SMTP id y5so11659868iow.5 for <ietf-http-wg@w3.org>; Tue, 29 Dec 2020 01:57:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5uyZDx2dcP/DXSks0k5y1qP2mBJuu/+d8Lq2zNLYvYg=; b=UEWmU91pfXVgkUWf4x3uUZ3PQjbH7FsSsYGVQATruQeuooFe1jfFFYNslXf6e7R9Tt p6Je1RN1J7dfNosm9ZB/SfXzPVsPxtHhXFvceaC2N+FFDdozesTGe1IF/Bzbp6Ah4R5V GUtOgvaMI9sHcYsvN0OGXiYHx9q8jAZfqeGBWoYsBFOTNFYTiqFGb4+uYH48p2jjcU04 HpM9ioSmwmW3ePsB0+oj5XLE1YIB8TeeuEE4MyUTponPVcUi2sVNo7RqYwalaBTWPkyw KqaAzoxSULp15VxkQC9IlAp6bae86IcgRJ2xyFPNMzoa1YgVFJ1MCdmk3jQkjwGeQ60d lA2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5uyZDx2dcP/DXSks0k5y1qP2mBJuu/+d8Lq2zNLYvYg=; b=R0iP9OBYTpo2/yoRz09ySy0qpLA20yNKPEFJOoYL/sUK/lyocR8TikFsiyYfyIqU/D qaHnHxz9kI119aaVq0RnY1VbMfvp9ZHtyY+rytR4yLyRPHeP5v9o7apWmFWdrUXqbqC+ UDHxXOXTTiwzKFMoiiojdlDF4EOSHeSnw+/6v7FSiq3mUt+gaReMymv1ONTdJw0jbZNV 78olFyE3zF7qG9YapRyTgT9z0U746bHDSmoUIVFEsddpP+SrUPIg0Mp/E+5P4NFBxZNJ Sbg6GlqL05R2bIUBrkOm+nqC/++TtmGjlnbF8MN9J37wMy8gVd6LIdl+Ca/wc7Y9vDVp RTNQ==
X-Gm-Message-State: AOAM531oBKjmmZTWN+uFmiREJP4xGSu+kGzYEnRMruE9FFtOeLTLz9/9 kjcr4wBAWnE1UIMGU7Z4p0wspLah9XYSS7uUzH0=
X-Google-Smtp-Source: ABdhPJzWRL+UB+wruo3RbDJTuZ2a5xh+K9kTqjTI7XFewqFeHbOmVW34Zukqrxk94f3Yqs99StlJHYncmEktFz7IBXY=
X-Received: by 2002:a02:6557:: with SMTP id u84mr41373500jab.82.1609235825619; Tue, 29 Dec 2020 01:57:05 -0800 (PST)
MIME-Version: 1.0
References: <CAP9qbHVwt35L_h_F=8BsK3zSjPpSWmnhCVDGKhe4kp9Z3umkLg@mail.gmail.com> <0d0e7e90-2a4d-a4b0-3782-7ec3da1c892f@gmx.de>
In-Reply-To: <0d0e7e90-2a4d-a4b0-3782-7ec3da1c892f@gmx.de>
From: Roberto Polli <robipolli@gmail.com>
Date: Tue, 29 Dec 2020 10:56:54 +0100
Message-ID: <CAP9qbHWMRsok2C=6JAEVUULTt2BXJ3kHGGDJ9TmNRrA_1J9mKg@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2c; envelope-from=robipolli@gmail.com; helo=mail-io1-xd2c.google.com
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kuBki-00063W-Mf 73fbdb438d0d2d9c2494737df09151fd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Digest: use in requests
Archived-At: <https://www.w3.org/mid/CAP9qbHWMRsok2C=6JAEVUULTt2BXJ3kHGGDJ9TmNRrA_1J9mKg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38352
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi @Julian Reschke,

replies in-line.

TL;DR: if http forbids partial representations in requests, this discussion
will be solved without changing the spec.

Il lun 28 dic 2020, 19:33 Julian Reschke <julian.reschke@gmx.de> ha scritto:
>
> Am 28.12.2020 um 18:57 schrieb Roberto Polli:
>
> > The point is related to whether Digest on requests containing
> > partial representations should be computed on the payload-data
> > or on the representation data. The actual Digest formulation derives
>  > ...
>
> And this is where the problem starts.
>
> Could you please *define* what a request "containing a partial
> representation" is,

This is the first question: can a request payload-data convey a
partial representation?
My understanding of semantic-latest ยง6.4 is: yes, but if we think it
is not appropriate
we could clarify that. See:

- https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#rfc.section.6.4.p.1
- https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#rfc.section.6.4.2.p.1

> and how a component can detect that case?

As Digest is an end-to-end integrity mechanism, the intended components
are not supposed to be agnostic intermediaries. Instead, they are expected
to have some knowledge about the purpose of the payload (eg. in case
of id-* algorithms they
need to content-decode the payload to validate it, or in case of Range
Requests).

Reading https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#rfc.section.6.4.1.p.1
```The purpose of a payload in a request is defined by the method semantics```
iiuc the receiver, aware of the request semantic, knows its purpose
and how to process it, including whether it conveys a partial
representation or not.

> Furthermore, a real-world example would be useful.

I cannot mention existing standards conveying partial representations
in requests,
but I think this is not a reason for changing the representation-data-digest
mechanism defined in continuity with RFC3230 and specifying here a behavior
(no partial representations in request) that is in the domain of
httpbis-semantics.

Besides coherence with RFC3230, imho if a future method/header allows
to convey a partial representation
in a request, it should be possible to use Digest to convey the
checksum of the complete representation.

Thanks to everybody for your feedback,
R.

v2.23.0 | Report a Bug | By Email