HTTP callback scheme?

Gordon Mohr gojomo@usa.net
Sat, 22 Dec 2001 23:26:31 -0800


Aren't we overdue for an URI-scheme "httpc" that works 
like this...

(1) You receive a URL using the scheme, say 

    httpc://proxy.org/foo/tenGigsOfWhiteNoise

(2) You do an HTTP request against that location, 
    but include a callback address on a header,
    for example a real HTTP URL like:

    http://dialup999.isp.com/req9090

(3) The 'proxy.org' machine actually forwards your 
    request to some other machine, most likely one
    that lacks a public IP address but has kept
    an outbound connection open to 'proxy.org'.

(4) That hidden machine considers the request, and 
    if all goes well does a PUT of content, type
    "message/http-response", to your callback 
    address.

(5) 'proxy.org' returns a trivial OK response code
    to indicate the real response is in progress.

Potential wrinkles:

  - the callback address is just a IP:port pair;
    the hidden machine opens the connection but
    then immediately pretends the connection was
    initiated by the other side -- allowing you
    to issue any HTTP request over the connection

  - to prevent third parties from pretending to
    be the hidden machine, some hash-based 
    authentication token is passed back through
    the request-proxy to the original requestor, 
    either:
      - the hash of what the full response
        will be, or
      - the hash of some random token, which
        the hidden machine will reveal on its
        outbound connection

A lot of systems do things a lot like this to get
around firewall/NAT problems -- for example Gnutella's
PUSH request -- but I'm wondering if the approach
has ever been captured in a standardized URI-scheme.

So is this an AlreadyExists or a NeedsToExist?

- Gordon