W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: [Content-MD5 and Message Digest Authentication.], MD5 broken.

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Fri, 26 Apr 1996 17:53:27 -0700
To: hallam@w3.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9604261753.aa15115@paris.ics.uci.edu>
>>The obvious way to handle a new digest algorithm like SHA is
>>
>>   Content-SHA: 2A1238912371239587
>>
>>which is exactly how the HTTP protocol is designed.  Leave it be.
> 
> This means that each time the digest algorithm has to be changed 
> we should issue an RFC for a new version of HTTP. It would be nicer
> to be able to simply add an entry in the IANA registry.

How many times do I have to say this?  YOU DON'T NEED AN RFC TO ADD
AN ENTITY-HEADER FIELD.  There is absolutely, unequivocally, no difference
whatsoever between adding a new parameter and adding a new Entity-Header
field.  That is how I designed the HTTP specification, because it is
always the most efficient way to handle entity metainformation, and the
best way to handle extensibility of the payload.  You don't even have
to register it with IANA (though you may want to).

Crikey. There's about 40 pages of gunk in the new spec which has never
been reviewed by anyone outside the editorial group (and not enough by
them), and we are spending all our time arguing about TRIVIALITIES that
were settled over a year ago!  Hell, I already have 60 marked-up changes
that need to be made, and that's only in the first 40 pages.  We have
more than enough obvious problems to deal with already.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/
Received on Friday, 26 April 1996 18:01:51 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:51 EDT