ietf-822
[Top] [All Lists]

checksums

1991-10-30 14:02:45
I will backoff of insisting on a more flexible and general solution to the
checksum "requirement".  However, I do have three comments about adding a
checksum solution:

1.  The checksum must be based on a canonical form of the data.  One
    candidate canonical form is the base64 encoding.  In other words, it
    would be very bad to base the checksum on the underlying binary (or
    local) representation.  See RFC 1113 for the rationale.

2.  A gateway must NOT touch the checksum.  The checksum must be an end to
    end service.  Although a gateway may manipulate a message in order to
    pass it from one environment to another, it must not manipulate it in
    such a way that the recipient can not recover the version upon which the
    checksum is based.  This is simply a special case of basing the checksum
    on a canonical form.

3.  If the checksum is present, it must be mandatory for a recipient to
    verify it and alert the user to a discrepancy.  Otherwise what is the
    point in having it.

Jim

<Prev in Thread] Current Thread [Next in Thread>