Re: Instance Digests in HTTP (RFC3230)

These responses do convince me why we need to add at least a couple more
digest types to the registry.  Since changes to this registry require a
specification, I can offer to shepherd that specification (it can be an
individual submission to Informational status, I'm pretty sure).

Thanks,
Lisa

On Tue, Oct 6, 2009 at 9:30 AM, Nicolas Alvarez
<nicolas.alvarez@gmail.com>wrote:

> Anthony Bryan wrote:
> > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote:
> >> Isn't more digest values worse for interoperability?  Is there an
> >> overriding security concern that would justify worse interoperability?
> >
> > Because there are no recent values in the registry, I see download
> > clients do this (3x variants of SHA1, 2x of other hashes):
> >
> > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8,
> > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9,
> > SHA512;q=1, SHA-512;q=1
>
> Clearly, if we don't add SHA-1 to the registry, people will use it anyway,
> but won't decide on a single name for it. *That's* worse for
> interoperability.
>
>
>
>

Received on Tuesday, 6 October 2009 19:09:37 UTC