W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Instance Digests in HTTP (RFC3230)

From: Anthony Bryan <anthonybryan@gmail.com>
Date: Tue, 6 Oct 2009 17:03:10 -0400
Message-ID: <bb9e09ee0910061403o5b3384acv835bd488b3e83ba4@mail.gmail.com>
To: Lisa Dusseault <lisa.dusseault@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
I take it you want these split out of metalinkhttp ID? They're not
specifically tied to metalinkhttp, so I've just submitted it
separately as an individual submission with Informational status.

Other questions:
Current registry: MD5 lists both RFC1521 and RFC20456 for base64
encoding. Should this draft update it to refer to just one?

Current registry: SHA link ( http://csrc.nist.gov/fips/fip180-1.txt )
is no longer valid. Should this draft update it?

If we update SHA in the registry, should this draft refer to SHS or RFC3174?

A new version of I-D,
draft-bryan-http-digest-algorithm-values-update-00.txt has been
successfuly submitted by Anthony Bryan and posted to the IETF

Filename:        draft-bryan-http-digest-algorithm-values-update
Revision:        00
Title:           Hypertext Transfer Protocol (HTTP) Digest Algorithm
Values Registry Update
Creation_date:   2009-10-06
WG ID:           Independent Submission
Number_of_pages: 5

[RFC3230] created the IANA registry named "Hypertext Transfer
Protocol (HTTP) Digest Algorithm Values" which defines values for
digest algorithms used in HTTP.  This draft adds new values to the

On Tue, Oct 6, 2009 at 3:09 PM, Lisa Dusseault <lisa.dusseault@gmail.com> wrote:
> These responses do convince me why we need to add at least a couple more
> digest types to the registry.  Since changes to this registry require a
> specification, I can offer to shepherd that specification (it can be an
> individual submission to Informational status, I'm pretty sure).
> Thanks,
> Lisa
> On Tue, Oct 6, 2009 at 9:30 AM, Nicolas Alvarez <nicolas.alvarez@gmail.com>
> wrote:
>> Anthony Bryan wrote:
>> > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote:
>> >> Isn't more digest values worse for interoperability?  Is there an
>> >> overriding security concern that would justify worse interoperability?
>> >
>> > Because there are no recent values in the registry, I see download
>> > clients do this (3x variants of SHA1, 2x of other hashes):
>> >
>> > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8,
>> > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9,
>> > SHA512;q=1, SHA-512;q=1
>> Clearly, if we don't add SHA-1 to the registry, people will use it anyway,
>> but won't decide on a single name for it. *That's* worse for
>> interoperability.

(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads
Received on Tuesday, 6 October 2009 21:03:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:51 UTC