[Cryptography] [cryptography] Is it time for a revolution to replace TLS?
ianG
iang at iang.org
Mon May 19 13:13:05 EDT 2014
On 19/05/2014 16:48 pm, Philipp Gühring wrote:
> Hi,
>
>
>>> So, when a HTTP request goes from client to server, is it a datagram
>> or
>>> a stream?
>>>
>>> It's a datagram. Because we know precisely how long it is. What
>> comes
>>> back is also datagram, as it is a precise length, and indeed there is
>> an
>>> internal length header so as to make it easier.
>
> No. For static content (images, html pages, ...) where the size is known
> upfront, the length header is sent. For dynamic pages (php, ...), and for
> streams, the length header is not sent, and the client has to see when the
> transfer ends.
> Another variant is the chunked transfer, where the server can respond with
> several chunks, and it sends a size for every chunk. But it´ s not known
> upfront how many chunks there will be...
Right, these are all examples of edge cases where it can be done that
way, because ... it can be done that way.
Let's tackle dynamic pages. We don't know how long they are,
apparently. So we have to sit and wait?
Well, no. That's just how it does it now. PHP for example simply
exports the stream IO interface out to the program, so the programmer
can start writing out the page as and when it is calculated.
But this is not what well-written PHP programs do, IMHO, or at least
they do not need to do that. A well-written program can cache the
entire lot, and write it out in one block. For efficiency, for error
handling, and for security. So we can call this PHP practice for what
it is: bad! no surprise there.
Bring on other examples! I'll lay 10 to 1 that most dynamic page models
are really datagram models.
iang
More information about the cryptography
mailing list