W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: [Content-MD5 and Message Digest Authentication.], MD5 broken.

From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Sun, 28 Apr 1996 13:54:42 +0200
Message-Id: <9604281154.AA27453@hplyot.obspm.fr>
To: hallam@w3.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
hallam@w3.org writes:
[...]
 > We can fix the problem by simply introducing an algorithm parameter. Ie:-
 > Content-Digest: 2A1238912371239587; alg=SHA
 > This change was strongly recommended by Ron Rivest, author of MD5.

I don't want to whine with "I said it... I said it..." but
FYI draft-demailly-cd-header-00.txt which suggested exactly that
almost 6 monthes ago expires in 15 days... just in time ;-)

( http://www.lyot.obspm.fr/~dl/draft-contentdigest.txt )

Regards
dl

ps: I know the issued has been settled very democraticaly
already... but as the big chief says "you don't need an rfc to add
an entity-header field", feel free to use Content-Digest in your
(incompatible :-() implementations... 
Received on Sunday, 28 April 1996 04:59:36 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:51 EDT