- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Thu, 08 Jan 98 11:30:39 PST
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Paul Leach writes:
> From: Roy T. Fielding[SMTP:fielding@kiwi.ics.uci.edu]
>
> [...] It turns out that Content-MD5 is not useful
> at all for HTTP/1.1, since the combination of the error-free transport
> layer and length-delimited content is sufficient.
>
"Error free" and "ones-complement checksum" are not 100%
commensurate. Plus, the existence of proxies menas that the TCP
"guarantee", such as it is, isn't in fact guaranteed anyway.
For some quantitative results on the problems with the TCP checksum,
see
Craig Partridge, Jim Hughes, Jonathan Stone,
"Performance of Checksums and CRCs over Real Data",
Proc. SIGCOMM '95
http://www1.acm.org:81/sigcomm/sigcomm95/papers/partridge.html
The abstract mentions the "spectacular failure rate" of the TCP
checksum "when trying to detect certain types of packet splices."
Packet splices are a potential problem when using ATM networks
that drop individual cells. In practice, of course, we haven't
been hit by a blizzard of TCP checksum failures ... yet.
The MD5 checksum is end-to-end, and much stronger than the
transport checksum.
Yes, but. Unfortunately, the MD5 checksum covers just the
message body, and so if one is reassembling a document from
several messages (e.g., using Range retrievals) one can still
have undetected errors. This is why I speculated that Content-MD5
is "not even particularly useful" ... it's end-to-end as far
as the HTTP messages go, but it's not end-to-end as far as the
actual documents (or whatever) are concerned.
More grist for Digest-NG, perhaps.
-Jeff
Received on Thursday, 8 January 1998 11:34:48 UTC