W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Instance Digests in HTTP (RFC3230)

From: Lisa Dusseault <lisa.dusseault@gmail.com>
Date: Thu, 1 Oct 2009 16:22:34 -0700
Message-ID: <ca722a9e0910011622jbe909fcu88bc32a9906bb0b4@mail.gmail.com>
To: Anthony Bryan <anthonybryan@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Isn't more digest values worse for interoperability?  Is there an overriding
security concern that would justify worse interoperability?

Lisa

On Mon, Sep 28, 2009 at 11:27 PM, Anthony Bryan <anthonybryan@gmail.com>wrote:

> I'd like to update the Hypertext Transfer Protocol (HTTP) Digest
> Algorithm Values registry [1] created by RFC3230.
>
> Current values are MD5, SHA, UNIXsum, UNIXcksum.
>
> I'd like to add SHA-224, SHA-256, SHA-384, and SHA-512.
> My metalinkhttp ID [2] lists these in the IANA considerations section.
>
> I'd also like to find out about current support of Instance Digests on
> the client & server side.
>
> Should I keep these registrations in the metalinkhttp ID, or separate
> them [attached]? They're not specifically tied to metalinkhttp.
>
> Other questions...
> Current registry: MD5 lists both RFC1521 and RFC20456 for base64
> encoding. Should this draft update it to refer to just one?
>
> Current registry: SHA link ( http://csrc.nist.gov/fips/fip180-1.txt )
> is no longer valid. Should this draft update it?
>
> If we update SHA in the registry, should this draft refer to SHS or
> RFC3174?
>
> --
> (( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
>  )) Easier, More Reliable, Self Healing Downloads
>
> [1] http://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml
> [2] http://tools.ietf.org/html/draft-bryan-metalinkhttp
>
Received on Thursday, 1 October 2009 23:23:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:11 GMT