W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: [Content-MD5 and Message Digest Authentication.], MD5 broken.

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Fri, 26 Apr 1996 16:08:46 -0700
To: hallam@w3.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9604261608.aa08287@paris.ics.uci.edu>
> Content-MD5: 2A1238912371239587; alg=SHA
> 
> This construction is likely to break for obvious reasons.

Phill, this has already been discussed to death.  There is no advantage
to using a generic parameter name for an Entity-Header -- they can be added
or removed at any time.  The only thing you accomplish in such a situation
is for programs to have to parse the contents of the header field in
order to know whether or not it is applicable to them, which is a
bad design.

The obvious way to handle a new digest algorithm like SHA is

   Content-SHA: 2A1238912371239587

which is exactly how the HTTP protocol is designed.  Leave it be.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/
Received on Friday, 26 April 1996 16:30:20 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:51 EDT