- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Sun, 04 Oct 2009 15:14:23 +0200
- To: Lisa Dusseault <lisa.dusseault@gmail.com>
- Cc: Anthony Bryan <anthonybryan@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
tor 2009-10-01 klockan 16:22 -0700 skrev Lisa Dusseault: > Isn't more digest values worse for interoperability? Is there an > overriding security concern that would justify worse interoperability? Additional digest values do not make interop much worse than it already is, but there should be a minimum required set on both clients and servers. Related to this the negotiation aspect of RFC3230 should generally not be used on cachable responses as doing so would create yet another set of instances varying on the set of client indicated supported hashes. On such responses the server should just spew out the set of hashes it prefers to support with both interop and security in mind (i.e. usually one or two hashes today, maybe three). Regards Henrik
Received on Sunday, 4 October 2009 13:14:56 UTC