- From: Jo Rabin <jo@linguafranca.org>
- Date: Mon, 25 Jan 2010 14:01:24 +0000
- To: "Scheppe, Kai-Dietrich" <k.scheppe@telekom.de>
- CC: Rotan Hanrahan <rotan.hanrahan@mobileaware.com>, Tom Hume <tom.hume@futureplatforms.com>, JOSE MANUEL CANTERA FONSECA <jmcf@tid.es>, Mobile Web Best Practices Working Group WG <public-bpwg@w3.org>
Yes, but not necessarily of the content, which is what the BP specifies. Jo On 25/01/2010 13:58, Scheppe, Kai-Dietrich wrote: > Isn't the Etag some form of hash already? > > Kai > > > > >> -----Original Message----- >> From: Jo Rabin [mailto:jo@linguafranca.org] >> Sent: Monday, January 25, 2010 2:53 PM >> To: Rotan Hanrahan >> Cc: Tom Hume; JOSE MANUEL CANTERA FONSECA; Mobile Web Best >> Practices Working Group WG >> Subject: Re: How to implement the best practice "cache resources" >> >> I thought you'd do this same way as you would an ETag. But >> the BP does specify a hash of the resource content, rather >> than something made from the last modified date, or >> something. So perhaps the BP is overly prescriptive about this. >> >> Jo >> >> On 24/01/2010 22:08, Rotan Hanrahan wrote: >>> That's an interesting question. On seeing that BP for the >> first time I assumed the fingerprint would be derived from >> the metadata (mainly the HTTP headers). Certainly one could >> hash these to facilitate an associative lookup. The question, >> as posed, raises another possibility, and that is a digital >> signature of the entire response. Headers and payload. So now >> I too would like to get some clarity from the proposers. >>> >>> As for MD5, whether used to hash only (a subset of) the >> headers or the entire response, there is always the >> possibility of "hash clash". Despite this, MD5 is still >> useful as a checksum, though I have my doubts about using it >> as the sole means of key generation for a resource cache. >>> >>> If you want to consider an alternative, SHA-2 is worth a >> look. I get the impression that this is going to take over >> from MD5 in the near future. >>> >>> Assuming the security of the hashing is not significant, >> the focus might turn to the processing efficiency. Maybe some >> cryptographers reading this might care to comment. >>> >>> Finally, if you are interested in some open source crypto >> resources, I recommend you take a look at Bouncy Castle. ( >> www.bouncycastle.org ) >>> >>> ---Rotan. >>> >>> ________________________________ >>> >>> From: public-bpwg-request@w3.org on behalf of Tom Hume >>> Sent: Sun 24/01/2010 13:35 >>> To: JOSE MANUEL CANTERA FONSECA >>> Cc: Mobile Web Best Practices Working Group WG >>> Subject: Re: How to implement the best practice "cache resources" >>> >>> >>> >>> Would MD5 be a good means of doing this? >>> >>> 2010/1/21 JOSE MANUEL CANTERA FONSECA <jmcf@tid.es>: >>>> Hi all, >>>> >>>> >>>> >>>> I was trying to find a recommended open source library to >> calculate a hash >>>> of a resource in accordance with the "cache resources by >> fingerprinting" bes >>>> practice. any advice, specially from the people who >> proposed this BP would >>>> be welcome >>>> >>>> >>>> >>>> thank you >>>> >>>> >>>> >>>> best r. >>> >>> >>> -- >>> Future Platforms: hungry and foolish since 2000 >>> work: Tom.Hume@futureplatforms.com play: tomhume.org >>> >>> >>> >>> >>
Received on Monday, 25 January 2010 14:02:03 UTC