RE: HTTP 'HASH' Method

See section 14.15 of http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html.

A properly behaving HTTP proxy and server will set explicit caching headers or ETAGs, which significantly reduces the need for a Content-MD5 header.  In practice, I've never seen it used.

Headers are not protected in HTTP; hence there's no real security value in this approach.
Eric Lawrence
Program Manager
Internet Explorer
Want to view and tamper with HTTP(S) traffic?
Try http://www.fiddler2.com<http://www.fiddler2.com/>

From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of chown
Sent: Thursday, May 24, 2007 9:37 PM
To: ietf-http-wg@w3.org
Subject: HTTP 'HASH' Method

I think a 'HASH' method should be implemented into HTTP, whereby the server responds with a hash (md5/sha) of the requested resource. This would be a godsend for large networks which tend to use caching extensively, because caching-proxy servers could verify the source hasn't changed while creating a minimal amount of traffic, thereby allow the amount of time the proxy stores cache to be be greatly increased only at the cost of hard drive space.
Not only would this benefit caching applications, but as I'm sure you could imagine, it could be used in may other fields, especially security.

Received on Friday, 25 May 2007 04:54:28 UTC