Re: Content-MD5

"Roy T. Fielding" <fielding@avron.ICS.UCI.EDU> wrote:
  > Aside from the issues of duplication and the history of Content-MD5,
  > nobody has presented a valid design reason for defining a generic
  > header field.

I doubt this is an adequate reason, but let me identify an issue.  (BTW,
I take no position regarding Content-Digest vs. Content-XYZ for XYZ in
{MD5, SHA, ...}.)

If there's more than one digest header, we have to define what it means
if a message contains more than one, and they disagree about the
integrity of the message.  Example:

I have headers
	Content-MD5: xyz
	Content-SHA: qrs

The recipient computes the digests of the message and finds that the MD5
digest matches xyz, but the SHA digest does not match qrs.  Now what?
I imagine we assume the integrity to be compromised.

With a single Content-Digest header, there's no ambiguity.

Dave Kristol

Received on Monday, 6 November 1995 07:36:33 UTC