Re: Content-MD5

At the time Content-MD5 was described, we needed something to protect
us against accidental mangling of E-mail.

The chances of something being mangled by accident in such a way that the
Content-MD5 checksum remains valid is not well described by the word
"microscopic"; it is too small. A new "MD6" algorithm won't change that.

Content-MD5 is *NOT* a security feature; it is trivially easy to modify
the text of a message, recompute the MD5 checksum and insert that into
the headers.

One reason to choose Content-MD5 for the header name rather than a
syntax like "content-checksum: alg=md5; zxclkjsakjfwe" was exactly to
PREVENT the adoption of MD2 or MD6 or SHA or the System V "sum".
In this case, one algorithm is (IMHO) better than two.

               Harald A

Received on Monday, 6 November 1995 00:05:08 UTC