W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 1995

Re: Content-MD5

From: Dave Kristol <dmk@allegra.att.com>
Date: Mon, 6 Nov 95 09:47:39 EST
Message-Id: <199511061533.AA017841994@hplb.hpl.hp.com>
To: fielding@avron.ICS.UCI.EDU
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
"Roy T. Fielding" <fielding@avron.ICS.UCI.EDU> wrote:
  > Aside from the issues of duplication and the history of Content-MD5,
  > nobody has presented a valid design reason for defining a generic
  > header field.

I doubt this is an adequate reason, but let me identify an issue.  (BTW,
I take no position regarding Content-Digest vs. Content-XYZ for XYZ in
{MD5, SHA, ...}.)

If there's more than one digest header, we have to define what it means
if a message contains more than one, and they disagree about the
integrity of the message.  Example:

I have headers
	Content-MD5: xyz
	Content-SHA: qrs

The recipient computes the digests of the message and finds that the MD5
digest matches xyz, but the SHA digest does not match qrs.  Now what?
I imagine we assume the integrity to be compromised.

With a single Content-Digest header, there's no ambiguity.

Dave Kristol
Received on Monday, 6 November 1995 07:36:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:56 UTC