RE: How to implement the best practice "cache resources"

That's an interesting question. On seeing that BP for the first time I assumed the fingerprint would be derived from the metadata (mainly the HTTP headers). Certainly one could hash these to facilitate an associative lookup. The question, as posed, raises another possibility, and that is a digital signature of the entire response. Headers and payload. So now I too would like to get some clarity from the proposers.
 
As for MD5, whether used to hash only (a subset of) the headers or the entire response, there is always the possibility of "hash clash". Despite this, MD5 is still useful as a checksum, though I have my doubts about using it as the sole means of key generation for a resource cache.
 
If you want to consider an alternative, SHA-2 is worth a look. I get the impression that this is going to take over from MD5 in the near future.
 
Assuming the security of the hashing is not significant, the focus might turn to the processing efficiency. Maybe some cryptographers reading this might care to comment.
 
Finally, if you are interested in some open source crypto resources, I recommend you take a look at Bouncy Castle. ( www.bouncycastle.org )
 
---Rotan.

________________________________

From: public-bpwg-request@w3.org on behalf of Tom Hume
Sent: Sun 24/01/2010 13:35
To: JOSE MANUEL CANTERA FONSECA
Cc: Mobile Web Best Practices Working Group WG
Subject: Re: How to implement the best practice "cache resources"



Would MD5 be a good means of doing this?

2010/1/21 JOSE MANUEL CANTERA FONSECA <jmcf@tid.es>:
> Hi all,
>
>
>
> I was trying to find a recommended open source library to calculate a hash
> of a resource in accordance with the "cache resources by fingerprinting" bes
> practice. any advice, specially from the people who proposed this BP would
> be welcome
>
>
>
> thank you
>
>
>
> best r.



--
Future Platforms: hungry and foolish since 2000
work: Tom.Hume@futureplatforms.com play: tomhume.org

Received on Sunday, 24 January 2010 22:10:37 UTC