- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 08 Jun 2010 00:17:45 +1200
- To: Yves Lafon <ylafon@w3.org>
- CC: Henrik Nordström <henrik@henriknordstrom.net>, ietf-http-wg@w3.org
On 4/06/2010 5:08 a.m., Yves Lafon wrote: > On Mon, 17 May 2010, Henrik Nordström wrote: > >> I ask this because I see an alternative resolution to this problem by >> defining Content-MD5 as MD5(full entity-body), and instead of ignoring >> Content-MD5 in partial responses requiring clients to NOT merge 206 >> responses with conflicting Content-MD5, and instead if needed retry the >> request without the Range specifier. > > I agree that those are the two major options, forbid the use of C-MD5 > in 206, or explicitely say that it is only about the full content, but > will defeat the purpose of acting as a message integrity check... I don't see any point in having an integrity check for a message containing only a partial range. Surely you want to accumulate the entire entity by piecing together all the parts, and then you use the MD5 to check the total. On that note I don't see any point in range extensions either, other than to make the job of intermediaries impossible. Making the MD5 based on the entire entity gives a very simple test for a receiver. If it gets any 206 response with a different C-MD5, it knows it's not a part of the same entity. Similar to an ETag but with the benefit of being able to be used to verify integrity of the entire entity. So I can see a clear value in making it based on entire content, and I can't see any value in making it the MD5 of the part. Therefore it seems unnecessary to forbid it as an alternative to simply clarifying it. Regards Adrien -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Monday, 7 June 2010 12:19:08 UTC