Hello, The HTTP upload mechanism hinges on the secrecy of the upload URL. Any client who receives it and accidentally publishes it can convey the document.
I would like to point you to an alternative, namely MSRP. It is a straightforward protocol, similar in nature to HTTP but with a few desirable facilities extra: - mention both source and destination address, which may be of [email protected] form - block-by-block uploads enable multiplexing streams - checksums on each block - the protocol is symmetric; either side can initiate a transfer - TLS may be used for encryption and server authentication and, possibly, client authentication Although I agree that HTTP is useful for resource sharing, it lacks the security facilities to separate independent downloaders which weakens the security model of this proposal in ways that MSRP does not. MSRP, as you may know, is the SIP answer to file sharing. I am willing to look for the time to write this up in a new XEP-xxxx -- but only if this is considered sufficiently interesting as an alternative to this list. -Rick
