Skip to content

Instantly share code, notes, and snippets.

@hUwUtao

hUwUtao/README.md

Created September 4, 2023 15:59
Show Gist options
  • Save hUwUtao/eed1df218fe991b5208d4f4a7dae769f to your computer and use it in GitHub Desktop.
Save hUwUtao/eed1df218fe991b5208d4f4a7dae769f to your computer and use it in GitHub Desktop.
Download ZIP
UTTP Proposal 01
Raw
README.md

UTTP

Which stand for Universal Text Transportation Protocol, is an alternative for HTTP, which was designed to empower routers. The proposal is compose of 3 noticible modification from HTTP, which is: Inlined request header, Path payloads and Path encoding.

But first

Why HTTP is bad for performance? It is very extendable though, but the fact that HTTP headers define line by line make the important being less important. Take example, this is a basic HTTP request (well most of the time, with forced header to make routers work)

GET /public/img.jpg HTTP/1.1
Host: cdn-sea.example.com
Authorization: Bearer token-here

Well, in this example, Host and Authorization are the required to access this example. After the server know the path, it must wait for the Host header to at least know which bucket to use in this context, and then read the token to check if you have the permission to do with this file.

I won't write an example in C because im lazy ;) This means, the server must read over 3 lines to check if your resource is located and your request is valid.

Changes

As a part of acmelab's microhttpd, here is what the server should know where the file should be serve.

GET / .....

As this simple, but in the case where:

  • The server basically don't care about Host
  • The server just read what it could, won't check the availability per user.

The present demand it. Lets fit all the needed into just one line

GET [email protected]/private-0abeef/secret.txt?abc=def HTTP/4.0

So basically:

  • Credential/Host into path.
  • Remain the same structure while every need in just 1 line.

Every need is here, only a few sscanf to do the thing. With the following read order:

  • Credential (before @ if it exist)
  • Query (all the content behind the last ?)
  • Host (the 0th of / split, port included after the :)
  • Path (1..n item in / split)

So, @/?:#\ are the forbidden characters in name of your file you will ever serve or being requested encodelessly. (# is basic thing I don't even remember the name, and \ will be use for another trick later)

If you ever want to show your love with Basic (will your server ever clarify it?) admin:[email protected]/

Anyway, will we ever need Shamir256 for Basic's password, or ever name it "Advanced"? ;). The first day I learned about authentication with PHP, well it is very stupid to make it work without HTTPS or JS prehash.

end of the pen, the next chapter will be the escapeish of hex

what a stupid but hella efficient for the modern design of api dear ietf.

real high atm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment