W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Content-Integrity header

From: Nico Williams <nico@cryptonector.com>
Date: Wed, 11 Jul 2012 18:01:42 -0500
Message-ID: <CAK3OfOgSZDDQJVJt9SFu-0ogDGQUFSBxtwNKmEe2fU-5-onJHw@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "Ludin, Stephen" <sludin@akamai.com>, Yutaka OIWA <y.oiwa@aist.go.jp>, Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, Jul 11, 2012 at 5:35 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> A message digest should be more than sufficient for detecting
> non-malicious modification. But it turns out that we already have a
> header for that.
>
> Still, it makes good sense to look at both together as I don't think
> the Integrity header has had as much play as it deserves and adding in
> a MAC capability (separate or same header) will stir up much of the
> same muck.

+1

(If all we want is detection of non-malicious modification then the
old MD5 digest header will do, really :)  Except that that only covers
the content, not any of the headers -- is that OK?)
Received on Wednesday, 11 July 2012 23:02:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 11 July 2012 23:02:11 GMT