- From: Martin Nilsson <nilsson@opera.com>
- Date: Fri, 12 Sep 2014 07:32:48 +0200
- To: ietf-http-wg@w3.org
On Thu, 11 Sep 2014 19:30:57 +0200, Martin Thomson <martin.thomson@gmail.com> wrote: > On 11 September 2014 07:16, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> At the very least, if we do this, some kind of integrity check (ie: >> a MD5 checksum or similar) should be included in the scheme, so >> that the client can check that the patch operation gave the right >> result. > > Yes. ETag doesn't cut it for this. > Is that something we can fix? I've wanted to make a content based ETag using RFC 6920 named information URL segment, with some extra processing rules for the user agent, for a while. The reason I looked at this to begin with was to address ETag based tracking cookies and as a low friction protection against active attacks like packet injection to tack data at the end of payload. It doesn't quite solve that, but it provides better integrity checks on delivered content than the CRC of deflated data. /Martin Nilsson -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Received on Friday, 12 September 2014 05:33:27 UTC