- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 16 Sep 2014 08:58:47 +0200
- To: Ángel González <angel@16bits.net>, public-webappsec@w3.org
On 2014-09-16 01:42, Ángel González wrote: > ... > Open idea: > Add a Content-integrity http header akin to Content-MD5 but with a named > information uri. Checking that a GET of the url returns that header will > help the schema to still work avoiding origin confusion problems (and > obviously any body with such header MUST match the hash). > It would be useful to add an equivalent If-None-Match (or even extend > those headers for dealing with ni uris in addition to etags) but I'm not > convinced about that. > ... Yes. In RFC 7231 we have deprecated Content-MD5 because of the use of MD5, and interop problems with range requests (see <https://tools.ietf.org/wg/httpbis/trac/ticket/178>). See also HTTPbis mailing list thread around <http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/2215.html>. Best regards, Julian
Received on Tuesday, 16 September 2014 06:59:22 UTC