Hello,
I have finally gotten around to reading Marshall's Content-MD5 document.
I like it.
- It's short
- It's simple
- It's plainly limited in scope
- It plainly points to PEM for those who want to do fancy things.
However, I have a nit (as usual):
(This is the md5-02 draft)
Chapter 3:
3. Processing the Content-MD5 field
If the Content-MD5 field is present, a recipient user agent
may choose to use it to verify that the contents of a MIME
entity have not been modified during transport. Message
relays and gateways are expressly forbidden to alter its
processing based on the presence of the Content-MD5 field.
However, a message gateway is allowed to remove the Content-
MD5 field if the corresponding MIME entity is translated into
a different content-type.
This means, to a standards-oriented(blinkered) reader, that the gateway
cannot take any action except to delete the Content-MD5 header, if required.
In certain cases, such as X.400 gateways, the contents *will* be changed,
so the Content-MD5 should be dropped because it will confuse the end-user
who sees the Content-MD5 header and fails to verify it.
(I don't suggest mandating the dropping, because this involves retrofitting
old gateways - always hard to force people into)
However, facilities exist (mainly by creating a fake RFC-822 header)
to warn the recipient that the checksum was wrong (or right) at the gateway.
So, new language suggested:
3. Processing the Content-MD5 field
If the Content-MD5 field is present, a recipient user agent
may choose to use it to verify that the contents of a MIME
entity have not been modified during transport. Message
relays and gateways are expressly forbidden to alter its
processing based on the presence of the Content-MD5 field,
new text
except for possibly inserting a warning to the recipient that
the Content-MD5 check failed at the gateway. The gateway should
always deliver the message, even if the Content-MD5 check failed.
End of new text
However, a message gateway is allowed to remove the Content-
MD5 field if the corresponding MIME entity is translated into
a different content-type.
new text
If the translation involves changing the bytes of the message,
so that the recipient will fail to verify the Content-MD5 checksum
even if no error occurs, the Content-MD5 field should be removed.
A warning message may be inserted, if appropriate.
end of new text
I hope this can be uncontroversial.
Regards,
Harald Tveit Alvestrand