Re: Content-MD5 and partial responses from Mark Nottingham on 2009-07-24 (ietf-http-wg@w3.org from July to September 2009)

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 24 Jul 2009 20:26:27 +1000
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: Yves Lafon <ylafon@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, Larry Masinter <LMM@acm.org>
Message-Id: <EDF7AA00-BC3D-4F76-8E36-BED004265737@mnot.net>

Just another point of data which has come up before:

> HTTP/1.1 defines a Content-MD5 header that allows a server to  
> include a digest of the response body. However, this is specifically  
> defined to cover the body of the actual message, not the contents of  
> the full file (which might be quite different, if the response is a  
> Content- Range, or uses a delta encoding).

That's the beginning of RFC3230, which is on the standards track.


On 24/07/2009, at 8:23 PM, Henrik Nordstrom wrote:

> fre 2009-07-24 klockan 04:18 -0400 skrev Yves Lafon:
>
>> Well, Content-Length is also an entity header, however it applies  
>> to the
>> transferred bytes in case of 206.
>
> And is specified separately for 206 responses, referring to message- 
> body
> and not entity, ruling out any doubt.
>
>> What would be the use of C-MD5 if it applies to the whole bag of  
>> bytes
>> when you only get a part of it?
>
> Well, Content-MD5 is often not even allowed in a 206 response
> (SHOULD/MUST not include if a If-Range validator was used) which  
> kind of
> defeats the per-message idea on partial responses.
>
> And if a validator was not used then the definition of 206 says "MUST
> include all of the entity-headers that would have been returned with a
> 200 (OK) response to the same request." which to me says it should be
> the same value as in 200 OK enabling clients to compare with other
> responses to verify they all refer to the same "200 response". Yes,  
> this
> conflicts somewhat for Content-Length, but as already said the rules  
> for
> Content-Length in 206 is explicitly stated some paragraphs up in the
> same section.
>
> But it's easy to (imho wrongly) assume the per-message semantics on a
> quick reading of just the definition of Content-MD5. But I can not  
> make
> the per-message semantics fit well at all when taking 206 responses  
> into
> account.
>
> One more point on this:
>
>      * "Only origin servers or clients MAY generate the Content-MD5
>        header field; proxies and gateways MUST NOT generate it"
>      * Caching proxies MAY support Range requests, turning a 200
>        response into 206 partial response.
>      * There is no explicit rule specifying that Content-MD5 is to be
>        recalculated when making a 206 partial response from a 200
>        response, other than the "copy" rule quoted above.
>
> Similar not-per-message hints is also seen in indirectly in definition
> of 304 where a careful distinction is made between message-body and
> entity-body.
>
> Regards
> Henrik
>


--
Mark Nottingham     http://www.mnot.net/

Received on Friday, 24 July 2009 10:27:10 UTC