[mdx] Feedback on https://datatracker.ietf.org/doc/draft-young-md-query/
Cantor, Scott
cantor.2 at osu.edu
Mon Aug 26 12:22:02 PDT 2013
On 8/26/13 3:03 PM, "Leif Johansson" <leifj at sunet.se> wrote:
>>
>> We don't need HEAD to do cache checks, and that just adds multiple ways
>>of
>> doing the same thing.
>I think its reasonable to expect that http clients are going to do what
>they usually do for cache checks - some do HEAD.
I don't think most clients that aren't browsers do anything in particular
unless they're instructed to, but it is true that supporting HEAD isn't
hard. But I still don't see a strong need.
>>Disagree. We're defining what the codes mean in our context here.
>why?
It's an application profile of HTTP. I also think we should be precisely
nailing down what codes can be used, so it's not as though we're saying
all of HTTP's status space is fair game, or at least not specified.
>I guess I can buy that argument, however doing case-folding is
>not unreasonable in terms of work and it will make the protocol
>more robust.
I'm reading the hash identifiers as a registry in the making here, and so
my feeling is that we shouldn't have aliases in such a registry.
>Not sure I agree - we're using hashes to lookup security-critical
>objects. We need to be sure of this if we decide to keep md5
To look them up, but not to accept them. If I ask for foo and I get back
bar, my code's not going to accept that. So a hash collision just results
in failure. Perhaps worth highlighting.
You're not asking for metadata for some entity whose name you don't know.
The hash isn't really used for that.
-- Scott
More information about the mdx
mailing list