- From: Scheppe, Kai-Dietrich <k.scheppe@telekom.de>
- Date: Mon, 25 Jan 2010 14:58:22 +0100
- To: "Jo Rabin" <jo@linguafranca.org>, "Rotan Hanrahan" <rotan.hanrahan@mobileaware.com>
- Cc: "Tom Hume" <tom.hume@futureplatforms.com>, "JOSE MANUEL CANTERA FONSECA" <jmcf@tid.es>, "Mobile Web Best Practices Working Group WG" <public-bpwg@w3.org>
Isn't the Etag some form of hash already? Kai > -----Original Message----- > From: Jo Rabin [mailto:jo@linguafranca.org] > Sent: Monday, January 25, 2010 2:53 PM > To: Rotan Hanrahan > Cc: Tom Hume; JOSE MANUEL CANTERA FONSECA; Mobile Web Best > Practices Working Group WG > Subject: Re: How to implement the best practice "cache resources" > > I thought you'd do this same way as you would an ETag. But > the BP does specify a hash of the resource content, rather > than something made from the last modified date, or > something. So perhaps the BP is overly prescriptive about this. > > Jo > > On 24/01/2010 22:08, Rotan Hanrahan wrote: > > That's an interesting question. On seeing that BP for the > first time I assumed the fingerprint would be derived from > the metadata (mainly the HTTP headers). Certainly one could > hash these to facilitate an associative lookup. The question, > as posed, raises another possibility, and that is a digital > signature of the entire response. Headers and payload. So now > I too would like to get some clarity from the proposers. > > > > As for MD5, whether used to hash only (a subset of) the > headers or the entire response, there is always the > possibility of "hash clash". Despite this, MD5 is still > useful as a checksum, though I have my doubts about using it > as the sole means of key generation for a resource cache. > > > > If you want to consider an alternative, SHA-2 is worth a > look. I get the impression that this is going to take over > from MD5 in the near future. > > > > Assuming the security of the hashing is not significant, > the focus might turn to the processing efficiency. Maybe some > cryptographers reading this might care to comment. > > > > Finally, if you are interested in some open source crypto > resources, I recommend you take a look at Bouncy Castle. ( > www.bouncycastle.org ) > > > > ---Rotan. > > > > ________________________________ > > > > From: public-bpwg-request@w3.org on behalf of Tom Hume > > Sent: Sun 24/01/2010 13:35 > > To: JOSE MANUEL CANTERA FONSECA > > Cc: Mobile Web Best Practices Working Group WG > > Subject: Re: How to implement the best practice "cache resources" > > > > > > > > Would MD5 be a good means of doing this? > > > > 2010/1/21 JOSE MANUEL CANTERA FONSECA <jmcf@tid.es>: > >> Hi all, > >> > >> > >> > >> I was trying to find a recommended open source library to > calculate a hash > >> of a resource in accordance with the "cache resources by > fingerprinting" bes > >> practice. any advice, specially from the people who > proposed this BP would > >> be welcome > >> > >> > >> > >> thank you > >> > >> > >> > >> best r. > > > > > > > > -- > > Future Platforms: hungry and foolish since 2000 > > work: Tom.Hume@futureplatforms.com play: tomhume.org > > > > > > > > > >
Received on Monday, 25 January 2010 13:59:00 UTC