W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Instance Digests in HTTP (RFC3230)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sun, 04 Oct 2009 15:14:23 +0200
To: Lisa Dusseault <lisa.dusseault@gmail.com>
Cc: Anthony Bryan <anthonybryan@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1254662063.29731.6.camel@localhost.localdomain>
tor 2009-10-01 klockan 16:22 -0700 skrev Lisa Dusseault:
> Isn't more digest values worse for interoperability?  Is there an
> overriding security concern that would justify worse interoperability?

Additional digest values do not make interop much worse than it already
is, but there should be a minimum required set on both clients and
servers.

Related to this the negotiation aspect of RFC3230 should generally not
be used on cachable responses as doing so would create yet another set
of instances varying on the set of client indicated supported hashes. On
such responses the server should just spew out the set of hashes it
prefers to support with both interop and security in mind (i.e. usually
one or two hashes today, maybe three).

Regards
Henrik
Received on Sunday, 4 October 2009 13:14:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:11 GMT