Re: Content-Integrity header

On Wed, Jul 11, 2012 at 5:35 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> A message digest should be more than sufficient for detecting
> non-malicious modification. But it turns out that we already have a
> header for that.
>
> Still, it makes good sense to look at both together as I don't think
> the Integrity header has had as much play as it deserves and adding in
> a MAC capability (separate or same header) will stir up much of the
> same muck.

+1

(If all we want is detection of non-malicious modification then the
old MD5 digest header will do, really :)  Except that that only covers
the content, not any of the headers -- is that OK?)

Received on Wednesday, 11 July 2012 23:02:05 UTC