- From: Paul Leach <paulle@microsoft.com>
- Date: Fri, 26 Apr 1996 16:31:11 -0700
- To: "'hallam@w3.org'" <hallam@w3.org>, "'Roy T. Fielding'" <fielding@avron.ICS.UCI.EDU>
- Cc: "'http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com'" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Digest Auth already has the algorithm as a parameter. The name "Content-MD5" can't be changed for historical reasons. >---------- >From: Roy T. Fielding[SMTP:fielding@avron.ICS.UCI.EDU] >Sent: Friday, April 26, 1996 4:08 PM >To: hallam@w3.org >Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com >Subject: Re: [Content-MD5 and Message Digest Authentication.], MD5 >broken. > >> Content-MD5: 2A1238912371239587; alg=SHA >> >> This construction is likely to break for obvious reasons. > >Phill, this has already been discussed to death. There is no advantage >to using a generic parameter name for an Entity-Header -- they can be >added >or removed at any time. The only thing you accomplish in such a >situation >is for programs to have to parse the contents of the header field in >order to know whether or not it is applicable to them, which is a >bad design. > >The obvious way to handle a new digest algorithm like SHA is > > Content-SHA: 2A1238912371239587 > >which is exactly how the HTTP protocol is designed. Leave it be. > > > ...Roy T. Fielding > Department of Information & Computer Science >(fielding@ics.uci.edu) > University of California, Irvine, CA 92717-3425 >fax:+1(714)824-4056 > http://www.ics.uci.edu/~fielding/ > >
Received on Friday, 26 April 1996 16:34:45 UTC