W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Instance Digests in HTTP (RFC3230)

From: Nicolas Alvarez <nicolas.alvarez@gmail.com>
Date: Tue, 06 Oct 2009 13:30:34 -0300
To: ietf-http-wg@w3.org
Message-ID: <hafrba$2mq$1@ger.gmane.org>
Anthony Bryan wrote:
> On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote:
>> Isn't more digest values worse for interoperability?  Is there an
>> overriding security concern that would justify worse interoperability?
>
> Because there are no recent values in the registry, I see download
> clients do this (3x variants of SHA1, 2x of other hashes):
> 
> Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8,
> SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9,
> SHA512;q=1, SHA-512;q=1

Clearly, if we don't add SHA-1 to the registry, people will use it anyway,
but won't decide on a single name for it. *That's* worse for
interoperability.
Received on Tuesday, 6 October 2009 16:39:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:12 GMT