HTTP callback scheme?

Mr. FoRK fork_list@hotmail.com
Sat, 22 Dec 2001 23:39:05 -0800


I might be dense, but why a new protocol identifier?
If you include the callback header, wouldn't you already be expecting the
response on another 'channel'.
Also, wouldn't you need a message-id on the initial request in order to
correlate to the future message/http-response that may or may not arrive?
This message-id probably could be generated by the proxy if the client
doesn't mind getting the response before getting the correlation id.



----- Original Message -----
From: "Gordon Mohr" <gojomo@usa.net>
To: <fork@xent.com>
Sent: Saturday, December 22, 2001 11:26 PM
Subject: HTTP callback scheme?


> Aren't we overdue for an URI-scheme "httpc" that works
> like this...
>
> (1) You receive a URL using the scheme, say
>
>     httpc://proxy.org/foo/tenGigsOfWhiteNoise
>
> (2) You do an HTTP request against that location,
>     but include a callback address on a header,
>     for example a real HTTP URL like:
>
>     http://dialup999.isp.com/req9090
>
> (3) The 'proxy.org' machine actually forwards your
>     request to some other machine, most likely one
>     that lacks a public IP address but has kept
>     an outbound connection open to 'proxy.org'.
>
> (4) That hidden machine considers the request, and
>     if all goes well does a PUT of content, type
>     "message/http-response", to your callback
>     address.
>
> (5) 'proxy.org' returns a trivial OK response code
>     to indicate the real response is in progress.
>
> Potential wrinkles:
>
>   - the callback address is just a IP:port pair;
>     the hidden machine opens the connection but
>     then immediately pretends the connection was
>     initiated by the other side -- allowing you
>     to issue any HTTP request over the connection
>
>   - to prevent third parties from pretending to
>     be the hidden machine, some hash-based
>     authentication token is passed back through
>     the request-proxy to the original requestor,
>     either:
>       - the hash of what the full response
>         will be, or
>       - the hash of some random token, which
>         the hidden machine will reveal on its
>         outbound connection
>
> A lot of systems do things a lot like this to get
> around firewall/NAT problems -- for example Gnutella's
> PUSH request -- but I'm wondering if the approach
> has ever been captured in a standardized URI-scheme.
>
> So is this an AlreadyExists or a NeedsToExist?
>
> - Gordon
>
>
>
>
>
> http://xent.com/mailman/listinfo/fork
>