Re: Fwd: Expiration impending: <draft-nottingham-http-patch-status-00.txt>

On Thu, 11 Sep 2014 19:30:57 +0200, Martin Thomson  
<martin.thomson@gmail.com> wrote:

> On 11 September 2014 07:16, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>> At the very least, if we do this, some kind of integrity check (ie:
>> a MD5 checksum or similar) should be included in the scheme, so
>> that the client can check that the patch operation gave the right
>> result.
>
> Yes.  ETag doesn't cut it for this.
>

Is that something we can fix? I've wanted to make a content based ETag  
using RFC 6920 named information URL segment, with some extra processing  
rules for the user agent, for a while. The reason I looked at this to  
begin with was to address ETag based tracking cookies and as a low  
friction protection against active attacks like packet injection to tack  
data at the end of payload. It doesn't quite solve that, but it provides  
better integrity checks on delivered content than the CRC of deflated data.

/Martin Nilsson

-- 
Using Opera's revolutionary email client: http://www.opera.com/mail/

Received on Friday, 12 September 2014 05:33:27 UTC