Re: plain text protocol [was: Re: Performance analysis questions]

HALLAM-BAKER Phillip ([email protected])
Sun, 5 Jun 1994 21:42:46 +0200


In article <[email protected]> you write:

|>>> Suppose, in the future, we want to be able to take the md5 checksum of
|>>> the HTTP headers. If you corrupt the bytes by throwing away whitespace
|>>> at the end of a line, you defeat such efforts.
|>>
|>> You're saying that HTTP is -not- a plain text protocol.
|>> If it's not a plain text protocol, then GET should have been
|>>something like (in C):
|>>
|>> sprintf(GET_REQUEST,"%c%s",0x01,URL)
|>
|>
|>What is a "plain text protocol"? If you answer, please be very, very
|>precise.
|>
|>HTTP depends on reliable, 8-bit transport. The fact that HTTP has byte
|>sequences that spell out English words has no implication on other aspects
|>of the protocol.

The security extensions have been designed specifically to ensure that headers
can be MD5'd. A signed header consists of two parts, one that is signed and
another that is unsigned. So a gateway must preserve absolutely the signed
parts but can add in extra bits into the unsigned portion (eg going through
a gateway).

--
Phillip M. Hallam-Baker

Not Speaking for anyone else.