[squid-dev] Digest related question.

Eliezer Croitoru eliezer at ngtech.co.il
Sat Feb 21 23:31:56 UTC 2015 

 From what I understand, the HTTP protocol and some RFC docs that was 
mentioned in the list allow or provide a way to utilize Digest header 
and\or Link headers which might contain some digest data.

So the first question is about the current md5 hash which is being used 
by the internal index hashing.
Assuming we want to allow the admin change the default md5 hash into 
sha1 or sha256 hash, how complicated will it be? can it be considered a 
wanted feature?

And the second question, about metalinks related integration with squid.
In any scenario I see possible a digest of cache objects from the server 
side would require digest update of any of the in transit objects and 
another index or maybe two.
Another aspect of this thing is the integrity of the src server.
If the origin-server is indeed a hostile one we must not rely on it.
So there is a policy which needs to be implemented in some way to allow 
an origin server which we rely on.

In order to prove this is indeed possible and applicable for what ever 
system there is out-there I was thinking about writing a proof of 
concept of the idea.

I would like to not touch squid code at all in the first steps while 
implementing the proof of concept.

I need your help with the right point of view and ideas about how to 
prove the idea.
What API or what options squid gives that can be used to implement the idea?
What available programming resources are there that can help me with the 
task that you can think might help with the task?(assuming I am not a 
c\c++ programmer)

Another pointer is that I do not have an option(from an outside 
software) to run a lookup at the cache index for cached objects.
The way things are now, when I am trying to access the object with a GET 
request I can get a result which will tell me if the object is in the 
cache using the headers but will force me\UA to fetch the object or ABORT.
If I would use the HEAD method to request an object I will get a 
HIT\MISS but it will not be related at all to the GET object state since 
it's another object.
So, assuming I will need some http interface\API that will allow me to 
run a query on squid index DB, will it make sense to write one?(If I 
missed it and there is a way to do so already..)

I had some time in the past to learn this document:
https://cwiki.apache.org/confluence/display/TS/Metalink

which actually describes one approach to the subject.

Eliezer

More information about the squid-dev mailing list