At the time Content-MD5 was described, we needed something to protect us against accidental mangling of E-mail. The chances of something being mangled by accident in such a way that the Content-MD5 checksum remains valid is not well described by the word "microscopic"; it is too small. A new "MD6" algorithm won't change that. Content-MD5 is *NOT* a security feature; it is trivially easy to modify the text of a message, recompute the MD5 checksum and insert that into the headers. One reason to choose Content-MD5 for the header name rather than a syntax like "content-checksum: alg=md5; zxclkjsakjfwe" was exactly to PREVENT the adoption of MD2 or MD6 or SHA or the System V "sum". In this case, one algorithm is (IMHO) better than two. Harald AReceived on Monday, 6 November 1995 00:05:08 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:56 UTC