- From: Balint Nagy Endre <bne@bne.ind.eunet.hu>
- Date: Tue, 7 Nov 1995 08:15:01 +0100 (MET)
- To: "M. Hedlund" <hedlund@best.com>
- Cc: dl@hplyot.obspm.fr, dmk@allegra.att.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
M. Hedlund writes: > At 9:21 AM 11/6/95, Laurent Demailly wrote (quoting Dave Kristol): [Dave Kristol] > > > I have headers > > > Content-MD5: xyz > > > Content-SHA: qrs > > > The recipient computes the digests of the message and finds that the MD5 > > > digest matches xyz, but the SHA digest does not match qrs. Now what? > > > I imagine we assume the integrity to be compromised. > > > With a single Content-Digest header, there's no ambiguity. [Laurent Demailly] > >Ahem, the mecanism I suggested does not state you have only one > >algorithm key pair, you can have one or more (maybe that's not a good > >thing, and can be changed,... but..) [M. Hedlund] > No, you want to be able to have more than one digest. From RFC 1810, > "Report on MD5 Performance," (last para. of "Security Considerations"): [Endre Balint Nagy] Until we not specify some digest-negotiation scheme, servers will compute and send all digests they can compute in hope that the client undertands at least one of them. BTW. Using SHA is legal outside US? Andrew. (Endre Balint Nagy) <bne@bne.ind.eunet.hu>
Received on Monday, 6 November 1995 23:25:10 UTC