W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2022

Standard URL safe digest form and hash algorithm list

From: Roman Volosatovs <roman@profian.com>
Date: Tue, 29 Mar 2022 08:38:21 +0000
Cc: nathaniel@profian.com
Message-Id: <e878f0c7-26d0-163b-def4-7b51c3e031c0@profian.com>
To: ietf-http-wg@w3.org
Hello HTTP Working Group,

Regarding the "Digest Fields" draft-ietf-httpbis-digest-headers-08:

1. The digest values, being binary data, are encoded as colon-delimited Base64 values as defined in RFC 8941. The digest values, therefore, are not safe for use in URL paths and require an additional encoding step for that particular use case, for example percent-encoding or base64url encoding.

This presents an issue in particular in context of content-addressable stores and usability of thereof. A content-addressable store exposing a REST API, for example, would require usage of two different encodings of the same digest - the `sf-binary` form specified in the headers and some alternative form safe to use in the URL path.

It does not seem feasible to remove the need for two different encodings of the digest due to the explicit usage of "base64" in RFC 8941, however it would greatly improve the situation if a canonical URL safe encoding of the digest values could be explicitly defined in the document.

2. Some of our customer use cases require usage of sha-384 and sha-224 algorithms, both of which are described in RFC 6234, however omitted in https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml and not explicitly mentioned in Section 5, Table 1 of the draft.

Would it be possible to add these two algorithms to the table to mark them as explicitly allowed and supported for use in the header?


Received on Tuesday, 26 April 2022 09:28:43 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:07 UTC