These responses do convince me why we need to add at least a couple more digest types to the registry. Since changes to this registry require a specification, I can offer to shepherd that specification (it can be an individual submission to Informational status, I'm pretty sure). Thanks, Lisa On Tue, Oct 6, 2009 at 9:30 AM, Nicolas Alvarez <nicolas.alvarez@gmail.com>wrote: > Anthony Bryan wrote: > > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote: > >> Isn't more digest values worse for interoperability? Is there an > >> overriding security concern that would justify worse interoperability? > > > > Because there are no recent values in the registry, I see download > > clients do this (3x variants of SHA1, 2x of other hashes): > > > > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8, > > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9, > > SHA512;q=1, SHA-512;q=1 > > Clearly, if we don't add SHA-1 to the registry, people will use it anyway, > but won't decide on a single name for it. *That's* worse for > interoperability. > > > >Received on Tuesday, 6 October 2009 19:09:37 UTC
This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:03:27 UTC