Re: How to implement the best practice "cache resources"

Yes, but not necessarily of the content, which is what the BP specifies.

Jo

On 25/01/2010 13:58, Scheppe, Kai-Dietrich wrote:
> Isn't the Etag some form of hash already?
> 
> Kai
> 
> 
>  
> 
>> -----Original Message-----
>> From: Jo Rabin [mailto:jo@linguafranca.org] 
>> Sent: Monday, January 25, 2010 2:53 PM
>> To: Rotan Hanrahan
>> Cc: Tom Hume; JOSE MANUEL CANTERA FONSECA; Mobile Web Best 
>> Practices Working Group WG
>> Subject: Re: How to implement the best practice "cache resources"
>>
>> I thought you'd do this same way as you would an ETag. But 
>> the BP does specify a hash of the resource content, rather 
>> than something made from the last modified date, or 
>> something. So perhaps the BP is overly prescriptive about this.
>>
>> Jo
>>
>> On 24/01/2010 22:08, Rotan Hanrahan wrote:
>>> That's an interesting question. On seeing that BP for the 
>> first time I assumed the fingerprint would be derived from 
>> the metadata (mainly the HTTP headers). Certainly one could 
>> hash these to facilitate an associative lookup. The question, 
>> as posed, raises another possibility, and that is a digital 
>> signature of the entire response. Headers and payload. So now 
>> I too would like to get some clarity from the proposers.
>>>  
>>> As for MD5, whether used to hash only (a subset of) the 
>> headers or the entire response, there is always the 
>> possibility of "hash clash". Despite this, MD5 is still 
>> useful as a checksum, though I have my doubts about using it 
>> as the sole means of key generation for a resource cache.
>>>  
>>> If you want to consider an alternative, SHA-2 is worth a 
>> look. I get the impression that this is going to take over 
>> from MD5 in the near future.
>>>  
>>> Assuming the security of the hashing is not significant, 
>> the focus might turn to the processing efficiency. Maybe some 
>> cryptographers reading this might care to comment.
>>>  
>>> Finally, if you are interested in some open source crypto 
>> resources, I recommend you take a look at Bouncy Castle. ( 
>> www.bouncycastle.org )
>>>  
>>> ---Rotan.
>>>
>>> ________________________________
>>>
>>> From: public-bpwg-request@w3.org on behalf of Tom Hume
>>> Sent: Sun 24/01/2010 13:35
>>> To: JOSE MANUEL CANTERA FONSECA
>>> Cc: Mobile Web Best Practices Working Group WG
>>> Subject: Re: How to implement the best practice "cache resources"
>>>
>>>
>>>
>>> Would MD5 be a good means of doing this?
>>>
>>> 2010/1/21 JOSE MANUEL CANTERA FONSECA <jmcf@tid.es>:
>>>> Hi all,
>>>>
>>>>
>>>>
>>>> I was trying to find a recommended open source library to 
>> calculate a hash
>>>> of a resource in accordance with the "cache resources by 
>> fingerprinting" bes
>>>> practice. any advice, specially from the people who 
>> proposed this BP would
>>>> be welcome
>>>>
>>>>
>>>>
>>>> thank you
>>>>
>>>>
>>>>
>>>> best r.
>>>
>>>
>>> --
>>> Future Platforms: hungry and foolish since 2000
>>> work: Tom.Hume@futureplatforms.com play: tomhume.org
>>>
>>>
>>>
>>>
>>

Received on Monday, 25 January 2010 14:02:03 UTC