Re: [Content-MD5 and Message Digest Authentication.], MD5 broken.

Laurent Demailly (dl@hplyot.obspm.fr)
Sun, 28 Apr 1996 13:54:42 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Koen Holtman: "EDITS for Section 5 (Request) (Was: Re: 5.1.2 Request-URI)"
Previous message: Koen Holtman: "SPOOF issue (Was: Re: Rewrite of 13.12 (Cache keys))"
In reply to: hallam@w3.org: "[Content-MD5 and Message Digest Authentication.], MD5 broken."
Next in thread: hallam@w3.org: "Re: [Content-MD5 and Message Digest Authentication.], MD5 broken."

hallam@w3.org writes:
[...]
 > We can fix the problem by simply introducing an algorithm parameter. Ie:-
 > Content-Digest: 2A1238912371239587; alg=SHA
 > This change was strongly recommended by Ron Rivest, author of MD5.

I don't want to whine with "I said it... I said it..." but
FYI draft-demailly-cd-header-00.txt which suggested exactly that
almost 6 monthes ago expires in 15 days... just in time ;-)

( http://www.lyot.obspm.fr/~dl/draft-contentdigest.txt )

Regards
dl

ps: I know the issued has been settled very democraticaly
already... but as the big chief says "you don't need an rfc to add
an entity-header field", feel free to use Content-Digest in your
(incompatible :-() implementations...

Next message: Koen Holtman: "EDITS for Section 5 (Request) (Was: Re: 5.1.2 Request-URI)"
Previous message: Koen Holtman: "SPOOF issue (Was: Re: Rewrite of 13.12 (Cache keys))"
In reply to: hallam@w3.org: "[Content-MD5 and Message Digest Authentication.], MD5 broken."
Next in thread: hallam@w3.org: "Re: [Content-MD5 and Message Digest Authentication.], MD5 broken."