Digests: deprecating parameters? from Lucas Pardue on 2020-08-18 (ietf-http-wg@w3.org from July to September 2020)

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Tue, 18 Aug 2020 10:49:05 +0100
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Roberto Polli <robipolli@gmail.com>
Message-ID: <CALGR9oYCU2b3wiTFV8uNO37opK0XMgq_=D0sTyZVw8kVuKG+4g@mail.gmail.com>

Hello folks,

We're wondering what the group might think about deprecating the Digest
parameters. Please respond for or against the idea, either here or on the
GitHub issue https://github.com/httpwg/http-extensions/issues/850

*Background*
While updating the Digests spec we've found somewhat of a gap when it comes
to "parameters". These are mentioned in RFC 3230:

   For some algorithms, one or more parameters may be
   supplied.

      digest-algorithm = token

   The BNF for "parameter" is as is used in RFC 2616 [4].  All digest-
   algorithm values are case-insensitive.

It seems wrong to define parameters as part of the algorithm, so we started
on a PR to fix things up. But the discussion moved on to examples and
real-world usage; as far as we can tell there are no canonical examples
either in the specification or on the wild Internet.

Keeping this spec gap seems wrong, so one option we could consider is to
simply deprecate "parameters". For use cases that might have a future need
of such a thing, they could easily define a new algorithm that encodes
their parameters in the digest-value (the encoded checksum) itself.

Please let us know what you think.

Lucas and Roberto
Digest Editors

Received on Tuesday, 18 August 2020 09:49:30 UTC