Fix: #968. Clarifications on Want-Digest.

[ioggstream]

This PR

clarifies that no normative parts were added to Want-Digest, only examples.

[LPardue]

Hmm I think the issue might have conflated two things. 1) We are deprecating use of the MD5 algorithm in digests (including want-digest with md5 2) We are deprecating the use of content-MD5 as described in https://tools.ietf.org/html/rfc3230#section-5. I think we should expand the deprecate-contentMD5 section a little to explicitly state what want-digest with contentMD5 means in this draft i.e. is it ignored?. It's easy to confuse these things with the current text.

[ioggstream]

I think we should expand the deprecate-contentMD5 section a little
to explicitly state what want-digest with contentMD5 means in this draft i.e. is it ignored?

To me the implementor is free to ignore or error on contentMD5: OTOH it's an unregistered algorithm.
We could just reserve that word to avoid that to be registered, but I don't like this kind of entries lingering around (eg. see httpwg/http-core#388 )

re-reading the draft, I found the message quite clear: forget md5 and all that relates to it.

[reschke]

We could just reserve that word to avoid that to be registered, but I don't like this kind of entries lingering around

Having the value in the registry makes a lot of sense, because that's what people are supposed to look up. It should just make clear that it's deprecated.

(eg. see httpwg/http-core#388 )

That's IMHO a bit misleading as "identity" is not a real content-coding.

[LPardue]

My interpretation is different than Roberto's; RFC3230 registers the value contentMD5 for use in want-digest, and only want-digest.

   First, we add to the set of digest-algorithm values (in section
   4.1.1) the token "contentMD5", with the provision that this digest-
   algorithm MUST NOT be used in a Digest header field.

then

  The presence of the "contentMD5" digest-algorithm with a non-zero
   qvalue in a Want-Digest header field indicates that the sender wishes
   to receive a Content-MD5 header on messages associated with the
   Request-URI.

so a client sending want-digest: contentMD5;q=1 is asking for the server to provide a Content-MD5 in the response, independent of the Digest. That contentMD5 is missing from any registry seems like an oversight.

In the meantime, RFC 7231 has deprecated Content-MD5 and says:

   The Content-MD5 header field has been removed because it was
   inconsistently implemented with respect to partial responses.

So the right thing to do, I think, is to register this as an obsolete digest-algorithm. Whether that needs to be a SHOULD NOT be used in Want-Digest and MUST NOT be used in Digest, or a MUST NOT in both (probably unenforceable) I don't know.

[ioggstream]

1- I'll register the algorithm in the table and mark it as Obsolete
2- PTAL https://github.com/httpwg/http-extensions/pull/1249/files#r472865789

[ioggstream]

@LPardue

So the right thing to do, I think, is to register this as an obsolete digest-algorithm. Whether that needs to be a SHOULD NOT be used in Want-Digest and MUST NOT be used in Digest, or a MUST NOT in both (probably unenforceable) I don't know.

@reschke

Having the value in the registry makes a lot of sense

Done :)