Re: Digest Headers: digest-algorithms "last call"
Martin Thomson <mt@lowentropy.net> Sun, 03 January 2021 22:42 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDFB3A13BF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 3 Jan 2021 14:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.872
X-Spam-Level:
X-Spam-Status: No, score=-0.872 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=XkzXgySt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WlPDk7Mx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48OP_kEAW76q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 3 Jan 2021 14:42:29 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 330273A13BE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 3 Jan 2021 14:42:28 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kwC1l-0002tF-Nx for ietf-http-wg-dist@listhub.w3.org; Sun, 03 Jan 2021 22:39:09 +0000
Resent-Date: Sun, 03 Jan 2021 22:39:09 +0000
Resent-Message-Id: <E1kwC1l-0002tF-Nx@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1kwC1k-0002sU-Ed for ietf-http-wg@listhub.w3.org; Sun, 03 Jan 2021 22:39:08 +0000
Received: from out3-smtp.messagingengine.com ([66.111.4.27]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1kwC1j-0007yq-04 for ietf-http-wg@w3.org; Sun, 03 Jan 2021 22:39:08 +0000
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3B8DD5C0044; Sun, 3 Jan 2021 17:38:55 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Sun, 03 Jan 2021 17:38:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=+lpmP 2WkbZew47yBD08UEeiSh2BT+cucqR+FPnSVyAs=; b=XkzXgySt+0CvWpyPinlj1 fm66i8PIXt4wvBkZ0ORWJwiOqmWCQxsWXiGR1aFUwtFFaFjncjcHK+36YOpMWRvN FKb8nl5kxtBTIf/wXU2rwDO7W3ia14+csGuM5819CKXxrK84ms9msgNF08m36pXF PNkaZLFeURT/wSQoHT1Nq9DQ8G8al6HAcPHcbU3gyS15yYKhiPMIqo7GDqWgWHrD Pv9XK2MLsjv3hFH7Hbfl0J7H8EwqIukxngkupDBZPWpWBiU0mlfdVKjy2Myk0A6a QLngugou+PBcCZMgbQZUIBwGaBZdlrcrKWriUE8CCj8nWOebTRS/Ivv4jWW9p4zy w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=+lpmP2WkbZew47yBD08UEeiSh2BT+cucqR+FPnSVy As=; b=WlPDk7Mxjc0P9MbgNgOTCtOQ7ismhKCqSoXqj6Ag+KdpM1lJb8CFo/e8t rbMGoaZjfapEKl/wRN2C5sICIlfhdFbmXULopGVUbJ4O8XSs0k0CHzCQRBDchQx1 TSI1XxUWyJLZC9qrRF/UjGEsTl5k2QbKTRyJySrv2Ea8OtHR6VTkzxxWNaZIYhp2 sWqzq+Talf8YHDW7qGKQax8DTHTZxp4cezrEyCSGVid40ydNzt2M82e2qHkeLYa2 FbHen5rMBnTAzy8t05ngFA7bcZ7jnG531wBSB27bHuwAsoSvpykAHvu/N6DwSoN7 d0i4cMuPg+o8ccqlUncGy2ThReiTg==
X-ME-Sender: <xms:fkfyX918-Kl8KitOEtslbbYCWTmQY7Jvy1WzalH8Lp46MHlmVPkyfQ> <xme:fkfyX0HUragfq5DPHnRCD3T2-YZ2s6KA2PBVvNEcTQ24UFbT8S-bfyI2s44Aqqc49 5mF8dtDbjTJnxfEiw4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdefuddgudeifecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdfo rghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqne cuggftrfgrthhtvghrnhepgfejueduieffledtgeelheejvdettdejudduhefggeefgfek gfeuieetgefftddtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:fkfyX94dAgCnFTdJDcIqRpMfDki9vocZ-g0WuJmaEuoDF5ZGopvbzg> <xmx:fkfyX62XRzkIWg6WjzqkTxx6byY2idw7islyU-JOAFsRjs7FjFxNGQ> <xmx:fkfyXwHHgMtjCXmBUlsoaK-xKFz23wv8Ayty9gl2gW-P7KDBrkHoyw> <xmx:f0fyXzzuZTFxSx2Hv0qX9YfOLaUjTpAWlb1-bPC8ccr4Fj4GnyhyKQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C7296200F8; Sun, 3 Jan 2021 17:38:54 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.1-61-gb52c239-fm-20201210.001-gb52c2396
Mime-Version: 1.0
Message-Id: <827f14da-f91c-4949-9dc1-be83572ad2f0@www.fastmail.com>
In-Reply-To: <CAP9qbHVs28AAaVuVMjhvoGTO8=y+gj9kKp5Hpee2kjwGHgZn4g@mail.gmail.com>
References: <CAP9qbHVs28AAaVuVMjhvoGTO8=y+gj9kKp5Hpee2kjwGHgZn4g@mail.gmail.com>
Date: Mon, 04 Jan 2021 09:38:36 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Roberto Polli <robipolli@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=66.111.4.27; envelope-from=mt@lowentropy.net; helo=out3-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kwC1j-0007yq-04 0f2e85dd574c28696e1ed80673ae9e8e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Digest Headers: digest-algorithms "last call"
Archived-At: <https://www.w3.org/mid/827f14da-f91c-4949-9dc1-be83572ad2f0@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38360
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Roberto, On Tue, Dec 29, 2020, at 02:37, Roberto Polli wrote: > The deprecation of `sum`, `cksum`, and `unixcksum`. The original design of Digest might have had reason to use these (and maybe CRC-32[c]/ADLER32). HTTP over unprotected TCP lacks even basic protection against transfer corruption, so it makes sense to include something like this. With HTTPS, transfers are abundantly protected against such errors, so the main reason to use Digest is as a hook for other things (like signatures). The only things I can think of require properties like collision and preimage resistance. On that basis, anything short of SHA-2 isn't good enough. > ## Reserve the `id-` prefix for digest-algorithms > > I think this should better suit this other I-D 👍 Easier to keep that in the one place rather than have to explain something that you don't define.
- Digest Headers: digest-algorithms "last call" Roberto Polli
- Re: Digest Headers: digest-algorithms "last call" Martin Thomson