Re: Instance Digests in HTTP (RFC3230)

Revision 03 has tiny changes (RFC3230 -> RFC 3230), and earlier
incorporated suggestions from secdir list.


---------- Forwarded message ----------
From: IETF I-D Submission Tool <idsubmission@ietf.org>
Date: Wed, Oct 21, 2009 at 6:42 PM
Subject: New Version Notification for
draft-bryan-http-digest-algorithm-values-update-03
To: anthonybryan@gmail.com



A new version of I-D,
draft-bryan-http-digest-algorithm-values-update-03.txt has been
successfuly submitted by Anthony Bryan and posted to the IETF
repository.

Filename:        draft-bryan-http-digest-algorithm-values-update
Revision:        03
Title:           Additional Hash Algorithms for HTTP Instance Digests
Creation_date:   2009-10-21
WG ID:           Independent Submission
Number_of_pages: 5

Abstract:
[RFC3230] created the IANA registry named "Hypertext Transfer
Protocol (HTTP) Digest Algorithm Values" which defines values for
digest algorithms used in HTTP.  This draft adds new values to the
registry and updates previous values.



The IETF Secretariat.




On Thu, Oct 15, 2009 at 10:53 AM, Anthony Bryan <anthonybryan@gmail.com> wrote:
> New version incorporates comments from Pasi Eronen.
>
> -02 : October 15, 2009.
>   o  New title.
>   o  "Note: This is unrelated to HTTP Digest Authentication."
>   o  Remove SHA-224 and SHA-384.
>   o  "Changes compared to RFC3230" section added.
>
>
> A new version of I-D,
> draft-bryan-http-digest-algorithm-values-update-02.txt has been
> successfuly submitted by Anthony Bryan and posted to the IETF
> repository.
>
> Filename:        draft-bryan-http-digest-algorithm-values-update
> Revision:        02
> Title:           Additional Hash Algorithms for HTTP Instance Digests
> Creation_date:   2009-10-15
> WG ID:           Independent Submission
> Number_of_pages: 5
>
> Abstract:
> [RFC3230] created the IANA registry named "Hypertext Transfer
> Protocol (HTTP) Digest Algorithm Values" which defines values for
> digest algorithms used in HTTP.  This draft adds new values to the
> registry and updates previous values.
>
> On Tue, Oct 6, 2009 at 3:09 PM, Lisa Dusseault <lisa.dusseault@gmail.com> wrote:
>> These responses do convince me why we need to add at least a couple more
>> digest types to the registry.  Since changes to this registry require a
>> specification, I can offer to shepherd that specification (it can be an
>> individual submission to Informational status, I'm pretty sure).
>>
>> Thanks,
>> Lisa
>>
>> On Tue, Oct 6, 2009 at 9:30 AM, Nicolas Alvarez <nicolas.alvarez@gmail.com>
>> wrote:
>>>
>>> Anthony Bryan wrote:
>>> > On Thu, Oct 1, 2009 at 7:22 PM, Lisa Dusseault wrote:
>>> >> Isn't more digest values worse for interoperability?  Is there an
>>> >> overriding security concern that would justify worse interoperability?
>>> >
>>> > Because there are no recent values in the registry, I see download
>>> > clients do this (3x variants of SHA1, 2x of other hashes):
>>> >
>>> > Want-Digest: MD5;q=0.3, MD-5;q=0.3, SHA1;q=0.8, SHA;q=0.8,
>>> > SHA-1;q=0.8, SHA256;q=0.9, SHA-256;q=0.9, SHA384;q=0.9, SHA-384;q=0.9,
>>> > SHA512;q=1, SHA-512;q=1
>>>
>>> Clearly, if we don't add SHA-1 to the registry, people will use it anyway,
>>> but won't decide on a single name for it. *That's* worse for
>>> interoperability.

-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads

Received on Tuesday, 27 October 2009 23:09:06 UTC