W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: [Content-MD5 and Message Digest Authentication.], MD5 broken.

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Fri, 26 Apr 1996 16:08:46 -0700
To: hallam@w3.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9604261608.aa08287@paris.ics.uci.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/356
> Content-MD5: 2A1238912371239587; alg=SHA
> This construction is likely to break for obvious reasons.

Phill, this has already been discussed to death.  There is no advantage
to using a generic parameter name for an Entity-Header -- they can be added
or removed at any time.  The only thing you accomplish in such a situation
is for programs to have to parse the contents of the header field in
order to know whether or not it is applicable to them, which is a
bad design.

The obvious way to handle a new digest algorithm like SHA is

   Content-SHA: 2A1238912371239587

which is exactly how the HTTP protocol is designed.  Leave it be.

 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
Received on Friday, 26 April 1996 16:30:20 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:16 UTC