Re: Instance Digests in HTTP (RFC3230)

tor 2009-10-01 klockan 16:22 -0700 skrev Lisa Dusseault:
> Isn't more digest values worse for interoperability?  Is there an
> overriding security concern that would justify worse interoperability?

Additional digest values do not make interop much worse than it already
is, but there should be a minimum required set on both clients and
servers.

Related to this the negotiation aspect of RFC3230 should generally not
be used on cachable responses as doing so would create yet another set
of instances varying on the set of client indicated supported hashes. On
such responses the server should just spew out the set of hashes it
prefers to support with both interop and security in mind (i.e. usually
one or two hashes today, maybe three).

Regards
Henrik

Received on Sunday, 4 October 2009 13:14:56 UTC