W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: HTTP 'HASH' Method

From: Adrien de Croy <adrien@qbik.com>
Date: Fri, 25 May 2007 17:40:10 +1200
Message-ID: <465676BA.3040008@qbik.com>
To: chown <elfius@gmail.com>
CC: ietf-http-wg@w3.org


the cost of calculating MD5 over a large resource could be a lot.

Also, it's impossible for servers to calculate the MD5 in advance with 
dynamically generated content.

the E-tag field is intended to identify a unique instance of a file, and 
should provide what you're looking for in terms of cache efficiency.  
Combine with If-Match etc headers, it allows an efficient means for a 
caching proxy to save upstream bandwidth using conditional GETs.  It 
also can be a lot cheaper to generate and validate.

MD5 won't provide security by itself, since any intermediary can change 
the content and recalculate the MD5 hash.  You'd need to salt it, or add 
some shared secret known only by the client and server, or use a method 
like DKIM for SMTP to sign the content.

Adrien

chown wrote:
> I think a 'HASH' method should be implemented into HTTP, whereby the 
> server responds with a hash (md5/sha) of the requested resource. This 
> would be a godsend for large networks which tend to use caching 
> extensively, because caching-proxy servers could verify the source 
> hasn't changed while creating a minimal amount of traffic, thereby 
> allow the amount of time the proxy stores cache to be be greatly 
> increased only at the cost of hard drive space.
> Not only would this benefit caching applications, but as I'm sure you 
> could imagine, it could be used in may other fields, especially security.
>
Received on Friday, 25 May 2007 05:40:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:09 GMT