- From: Adrien de Croy <adrien@qbik.com>
- Date: Fri, 25 May 2007 17:40:10 +1200
- To: chown <elfius@gmail.com>
- CC: ietf-http-wg@w3.org
the cost of calculating MD5 over a large resource could be a lot. Also, it's impossible for servers to calculate the MD5 in advance with dynamically generated content. the E-tag field is intended to identify a unique instance of a file, and should provide what you're looking for in terms of cache efficiency. Combine with If-Match etc headers, it allows an efficient means for a caching proxy to save upstream bandwidth using conditional GETs. It also can be a lot cheaper to generate and validate. MD5 won't provide security by itself, since any intermediary can change the content and recalculate the MD5 hash. You'd need to salt it, or add some shared secret known only by the client and server, or use a method like DKIM for SMTP to sign the content. Adrien chown wrote: > I think a 'HASH' method should be implemented into HTTP, whereby the > server responds with a hash (md5/sha) of the requested resource. This > would be a godsend for large networks which tend to use caching > extensively, because caching-proxy servers could verify the source > hasn't changed while creating a minimal amount of traffic, thereby > allow the amount of time the proxy stores cache to be be greatly > increased only at the cost of hard drive space. > Not only would this benefit caching applications, but as I'm sure you > could imagine, it could be used in may other fields, especially security. >
Received on Friday, 25 May 2007 05:40:07 UTC