W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme

From: Tim <tim-projects@sentinelchicken.org>
Date: Thu, 9 Jun 2011 07:30:00 -0700
To: "Paul E\. Jones" <paulej@packetizer.com>
Cc: apps-discuss@ietf.org, http-state@ietf.org, 'HTTP Working Group' <ietf-http-wg@w3.org>, 'OAuth WG' <oauth@ietf.org>
Message-ID: <20110609143000.GQ1565@sentinelchicken.org>
> You are referring to draft-salgueiro-secure-state-management-04?
>
> In that document, Section 6 covers responses from the server.  The server
> may hash any part of the message it wishes, including the body and selected
> header.  It's possible to also have an empty body and including that in the
> hash will ensure that no body is inserted where one shouldn't have been.


No, throughout this discussion I'm just looking at:
  http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token

Does this tie in to the secure state management draft?  If so, can you
point me to the section in the MAC draft so I can get up to speed?

> We've not looked at HTTP Digest and we were not targeting OAuth with our
> document.  Just so that I'm looking at the right "HTTP Digest" text, can you
> tell me the document name?  I found several when I did a search.

Just the (latest?) RFC:
  http://www.ietf.org/rfc/rfc2617.txt

thanks,
tim
Received on Thursday, 9 June 2011 14:30:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:41 GMT