On Fri, Jun 26, 2009 at 07:08:32AM -0400, Damien Katz wrote: > Md5 here is for integrity purposes, not security, so manufactured > collisions aren't a problem we are worried about. And I don't think > there is standard SHA1 header, not that I could find anyway.
I've been seeing some unrelated emails go past on the W3C HTTP WG mailing list about Content-MD5 header which reminded me of this thread. It seems that this value must be calculated from the MIME canonical response body, which means a different value for content ranges. This presumably means that CouchDB must refuse content range requests, send an MD5 value that does not match the document revision, or break RFC 1864. Best, -- Noah Slater, http://tumbolia.org/nslater
