RE: [Content-MD5 and Message Digest Authentication.], MD5 broken.

Paul Leach (paulle@microsoft.com)
Fri, 26 Apr 1996 16:31:11 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy T. Fielding: "Re: 8.12 TRACE and entity"
Previous message: Roy T. Fielding: "Re: [Content-MD5 and Message Digest Authentication.], MD5 broken."

Digest Auth already has the algorithm as a parameter. The name
"Content-MD5" can't be changed for historical reasons.

>----------
>From: 	Roy T. Fielding[SMTP:fielding@avron.ICS.UCI.EDU]
>Sent: 	Friday, April 26, 1996 4:08 PM
>To: 	hallam@w3.org
>Cc: 	http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>Subject: 	Re: [Content-MD5 and Message Digest Authentication.], MD5
>broken. 
>
>> Content-MD5: 2A1238912371239587; alg=SHA
>> 
>> This construction is likely to break for obvious reasons.
>
>Phill, this has already been discussed to death.  There is no advantage
>to using a generic parameter name for an Entity-Header -- they can be
>added
>or removed at any time.  The only thing you accomplish in such a
>situation
>is for programs to have to parse the contents of the header field in
>order to know whether or not it is applicable to them, which is a
>bad design.
>
>The obvious way to handle a new digest algorithm like SHA is
>
>   Content-SHA: 2A1238912371239587
>
>which is exactly how the HTTP protocol is designed.  Leave it be.
>
>
> ...Roy T. Fielding
>    Department of Information & Computer Science   
>(fielding@ics.uci.edu)
>    University of California, Irvine, CA 92717-3425   
>fax:+1(714)824-4056
>    http://www.ics.uci.edu/~fielding/
>
>

Next message: Roy T. Fielding: "Re: 8.12 TRACE and entity"
Previous message: Roy T. Fielding: "Re: [Content-MD5 and Message Digest Authentication.], MD5 broken."