W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

RE: [Content-MD5 and Message Digest Authentication.], MD5 broken.

From: Paul Leach <paulle@microsoft.com>
Date: Fri, 26 Apr 1996 16:31:11 -0700
Message-Id: <c=US%a=_%p=msft%l=RED-77-MSG-960426233111Z-14523@tide21.microsoft.com>
To: "'hallam@w3.org'" <hallam@w3.org>, "'Roy T. Fielding'" <fielding@avron.ICS.UCI.EDU>
Cc: "'http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com'" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/357
Digest Auth already has the algorithm as a parameter. The name
"Content-MD5" can't be changed for historical reasons.

>From: 	Roy T. Fielding[SMTP:fielding@avron.ICS.UCI.EDU]
>Sent: 	Friday, April 26, 1996 4:08 PM
>To: 	hallam@w3.org
>Cc: 	http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>Subject: 	Re: [Content-MD5 and Message Digest Authentication.], MD5
>> Content-MD5: 2A1238912371239587; alg=SHA
>> This construction is likely to break for obvious reasons.
>Phill, this has already been discussed to death.  There is no advantage
>to using a generic parameter name for an Entity-Header -- they can be
>or removed at any time.  The only thing you accomplish in such a
>is for programs to have to parse the contents of the header field in
>order to know whether or not it is applicable to them, which is a
>bad design.
>The obvious way to handle a new digest algorithm like SHA is
>   Content-SHA: 2A1238912371239587
>which is exactly how the HTTP protocol is designed.  Leave it be.
> ...Roy T. Fielding
>    Department of Information & Computer Science   
>    University of California, Irvine, CA 92717-3425   
>    http://www.ics.uci.edu/~fielding/
Received on Friday, 26 April 1996 16:34:45 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:16 UTC