- From: Dave Kristol <dmk@allegra.att.com>
- Date: Mon, 6 Nov 95 09:47:39 EST
- To: fielding@avron.ICS.UCI.EDU
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
"Roy T. Fielding" <fielding@avron.ICS.UCI.EDU> wrote:
> Aside from the issues of duplication and the history of Content-MD5,
> nobody has presented a valid design reason for defining a generic
> header field.
[...]
I doubt this is an adequate reason, but let me identify an issue. (BTW,
I take no position regarding Content-Digest vs. Content-XYZ for XYZ in
{MD5, SHA, ...}.)
If there's more than one digest header, we have to define what it means
if a message contains more than one, and they disagree about the
integrity of the message. Example:
I have headers
Content-MD5: xyz
Content-SHA: qrs
The recipient computes the digests of the message and finds that the MD5
digest matches xyz, but the SHA digest does not match qrs. Now what?
I imagine we assume the integrity to be compromised.
With a single Content-Digest header, there's no ambiguity.
Dave Kristol
Received on Monday, 6 November 1995 07:36:33 UTC