- From: Erik Aronesty <earonesty@montgomery.com>
- Date: Wed, 7 Aug 1996 14:26:39 -0700
- To: "'http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com'" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
>I suggest using "Content-ID" for a globally unique originator-supplied >identifier. this cannot be used in a secure and verifiable fashion....which is probably why nobody who cares about the integrity of their data uses it. >yes yes what? an attempt at sarcasm? the lack of any verifiable content identification in HTTP is marked. > >> *2. the method of identification (secure MD5 hash, >> registration authority, etc.) > >unnecessary how would you propose to validate the identity of a document without knowing the method of identification? i would reference the rfc on http-digests where the hash-method is...of course...critical to the process of password-authentication. this information is also required for document authentication > >> 3. the scope of the content-identifier (eg: *.com) > >always global >in the rfc "draft-ietf-http-digest-aa-04" this "useless" feature of >scoping is addressed in reference to authentication digests. the point >was to define a scope for password caching. this also applies to document-level caching and for the same reasons detailed therein in order to perform accurate object identification, a usable >"Content-ID" header should be specified >
Received on Wednesday, 7 August 1996 14:29:52 UTC