md5 in http with range

947 views Asked by At

Imagine a user asks for Rage: bytes=2-5 of a 10-byte file. What MD5 sum has to be served to the user? The MD5 sum of all 10 bytes or only of the partial content, bytes 2-5?

RFC2616 Section 14.15 reads:

The MD5 digest is computed based on the content of the entity-body, including any content-coding that has been applied, but not including any transfer-encoding applied to the message-body. If the message is received with a transfer-encoding, that encoding MUST be removed prior to checking the Content-MD5 value against the received entity.

How must I interpret that? I ask this because I would refrain from adding md5sums to partial content, iff it has to be re-generated for each range-request.

2

There are 2 answers

2
Julian Reschke On BEST ANSWER

This is: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/178.

So there is no easy answer, the Working Group will gladly accept feedback.

1
symcbean On

Unless you're running HTTP over some very unusual network protocol, what are you gaining by using MD5 checksums? TCP handles integrity checking, the HTTP header is optional, and its not intended to ensure integrity against malicious attacks.