On Jun 30, 2009, at 12:17 AM, Noah Slater wrote:
On Fri, Jun 26, 2009 at 07:08:32AM -0400, Damien Katz wrote:
Md5 here is for integrity purposes, not security, so manufactured
collisions aren't a problem we are worried about. And I don't think
there is standard SHA1 header, not that I could find anyway.
I've been seeing some unrelated emails go past on the W3C HTTP WG
mailing list
about Content-MD5 header which reminded me of this thread. It seems
that this
value must be calculated from the MIME canonical response body,
which means a
different value for content ranges. This presumably means that
CouchDB must
refuse content range requests, send an MD5 value that does not match
the
document revision, or break RFC 1864.
Im not sure I understand why we can't just calculate and send the MD5
header for the content range.
-Damien
Best,
--
Noah Slater, http://tumbolia.org/nslater
