trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter <>
Subject ATS plugin to sign HTTP header and content
Date Tue, 28 Apr 2020 10:36:16 GMT
Hello, we are developing a software that lets users share HTTP resources in a way akin to BitTorrent.
For this purpose, we have built a proxy which acts as a signatory of these resources, so that
when it is shared among peers, its integrity can be verified.

All the signatory does ATM is, whenever it receives a response from the origin, it signs
the HTTP header fields, it forces HTTP chunk encoding and signs each chunk in a chunk

We've been using ATS for about 9 years now in another project ( and are
now thinking whether it would be possible to write an ATS plugin to sign the content from
there. The hope is that this would allow us to cache already signed resources to avoid
re-signing the content each it it's requested. Another benefit would be that we could 
reuse our existing deflect infrastructure.

That is, whenever ATS receives a response from the origin, we need to:

1. Add HTTP header fields containing signature of the original fields
2. Force chunked encoding (we also need to return chunks of particular sizes)
3. Add chunk extensions containing chunk signatures
4. Add HTTP trailer
5. Ideally, also have ATS store the response together with all the signatures (from header,
   chunk extensions and the trailer) so that ATS can serve those on the next request.

I have last looked into writing ATS plugins more than a year ago, but IIRC #1 is not a problem.
However we've so far failed to find an ATS plugin API to do #2,3 and 4 and thus would greatly
appreciate any pointers.

We have also found [1], which seems to suggest that chunk headers and extensions are not
stored in the cache. But maybe there is a workaround? Or the situation has changes since 2016?



View raw message