Message Integrity Check with HTTP headers since Content-MD5 was deprecated?

Question

Making a REST web server mainly based on large files uploads / downloads, I want to be able to check the file integrity. I believed that the proper way to do it was using Content-MD5 HTTP header [0] as proved useful by aws experience [1].

However, much to my dismay, I recently learned that it was (to be ?) deprecated [2].

The deprecation discussion did not give any workaround hint, so I am asking you :

Should I still decide to use a Content-MD5 HTTP header ?

Should I use an ETag with the same meaning (base64 encoding of the md5sum) ?

Should I use an ?md5sum=XXX parameter ?

Is there a better solution altogether ?

Thanks for your insights.

Best Regards, B.

[0] https://webmasters.stackexchange.com/questions/2924/

[1] http://developer.amazonwebservices.com/connect/thread.jspa?threadID=22709

[2] http://trac.tools.ietf.org/wg/httpbis/trac/ticket/178

Answer 1

Add a custom header, called say X-YourService-Integrity. That makes it explicit that it's a system specific to your service, and allows you to use integrity check mechanisms other than MD5 in the future (for example, SHA1). It also avoids you having to "overload" existing mechanisms that are similar but not quite what you want.