- From: Anthony Bryan <anthonybryan@gmail.com>
- Date: Thu, 15 Oct 2009 10:53:27 -0400
- To: Lisa Dusseault <lisa.dusseault@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
New version incorporates comments from Pasi Eronen. -02 : October 15, 2009. o New title. o "Note: This is unrelated to HTTP Digest Authentication." o Remove SHA-224 and SHA-384. o "Changes compared to RFC3230" section added. A new version of I-D, draft-bryan-http-digest-algorithm-values-update-02.txt has been successfuly submitted by Anthony Bryan and posted to the IETF repository. Filename: draft-bryan-http-digest-algorithm-values-update Revision: 02 Title: Additional Hash Algorithms for HTTP Instance Digests Creation_date: 2009-10-15 WG ID: Independent Submission Number_of_pages: 5 Abstract: [RFC3230] created the IANA registry named "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values" which defines values for digest algorithms used in HTTP. This draft adds new values to the registry and updates previous values. On Tue, Oct 6, 2009 at 3:09 PM, Lisa Dusseault <lisa.dusseault@gmail.com> wrote: > These responses do convince me why we need to add at least a couple more > digest types to the registry. Since changes to this registry require a > specification, I can offer to shepherd that specification (it can be an > individual submission to Informational status, I'm pretty sure). > > Thanks, > Lisa > > On Tue, Oct 6, 2009 at 9:30 AM, Nicolas Alvarez <nicolas.alvarez@gmail.com> > wrote: >> >> Anthony Bryan wrote: >> > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote: >> >> Isn't more digest values worse for interoperability? Is there an >> >> overriding security concern that would justify worse interoperability? >> > >> > Because there are no recent values in the registry, I see download >> > clients do this (3x variants of SHA1, 2x of other hashes): >> > >> > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8, >> > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9, >> > SHA512;q=1, SHA-512;q=1 >> >> Clearly, if we don't add SHA-1 to the registry, people will use it anyway, >> but won't decide on a single name for it. *That's* worse for >> interoperability. >> >> >> > > -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads
Received on Thursday, 15 October 2009 14:54:01 UTC