On 29 Jun 2020, at 16:37, Ruediger Pluem <rpl...@apache.org> wrote: > Makes sense. > Do you see a possibility to merge this code and the one of ap_md5digest to a > more generic procedure that > allows to choose the digest algorithm while using 'MMAPED' reads? > BTW: Is sha1 mandatory for strong etags? If not wouldn't MD5 be enough and if > MD5 is seen as too insecure > why isn't sha1?
I chose sha1 as it was a) widely available in APR and b) better than md5, but that was it. I am wondering if for 2.4 if we use md5 instead, and then set Content-MD5 at the same time in the same code instead of calculating the md5 twice. Then - as per the removal of Content-MD5 from https://tools.ietf.org/html/rfc7231#appendix-B - we separately switch it to sha1 and remove Content-MD5 in trunk. Is that sane? Regards, Graham —
