Difference between revisions of "Talk:Certified HTTP"
Jump to navigation
Jump to search
(New page: ==X-Message-ID== How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same m...) |
|||
Line 2: | Line 2: | ||
How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --[[User:Omei Turnbull|Omei Turnbull]] 20:21, 10 July 2007 (PDT) | How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --[[User:Omei Turnbull|Omei Turnbull]] 20:21, 10 July 2007 (PDT) | ||
:That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a [http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.13 412]. -- [[User:Strife Onizuka|Strife Onizuka]] 00:01, 11 July 2007 (PDT) |
Revision as of 00:01, 11 July 2007
X-Message-ID
How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --Omei Turnbull 20:21, 10 July 2007 (PDT)
- That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a 412. -- Strife Onizuka 00:01, 11 July 2007 (PDT)