- From: Nicolas Alvarez <nicolas.alvarez@gmail.com>
- Date: Tue, 06 Oct 2009 13:30:34 -0300
- To: ietf-http-wg@w3.org
Anthony Bryan wrote: > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote: >> Isn't more digest values worse for interoperability? Is there an >> overriding security concern that would justify worse interoperability? > > Because there are no recent values in the registry, I see download > clients do this (3x variants of SHA1, 2x of other hashes): > > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8, > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9, > SHA512;q=1, SHA-512;q=1 Clearly, if we don't add SHA-1 to the registry, people will use it anyway, but won't decide on a single name for it. *That's* worse for interoperability.
Received on Tuesday, 6 October 2009 16:39:54 UTC