W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Content-Integrity header

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Fri, 6 Jul 2012 17:25:24 -0400
Message-ID: <CAMm+LwjWHDpt33s8tNgjyTvcOZVHcWJ4fg+ip2WPEPSJaE8ASw@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: ietf-http-wg@w3.org
On Fri, Jul 6, 2012 at 3:08 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAMm+LwhYqO0NFxW6BnreaWB0TEhpW8nAMMy2YzobC429CmtqPA@mail.gmail.com>
> , Phillip Hallam-Baker writes:
>
>>A better approach would be:
>>
>>Content-Integrity: <base64-value> ;alg=<ID>
>
> Wouldn't you need more fields than that ?
>
> A nonce or psk id for instance ?

The second example has a pre-shared Key ID, essentially a Kerberos
ticket in most cases, I would guess.

Nonces are important but I tend to think of them as something that
should go inside the message content rather than have the transport
binding have to engage with them. Quite often a Web Service
transaction will be split across a series of HTTP transactions and
connections and you want the nonces to carry across the Web Service
Transaction.

Another reason is that a nonce is often useful as an identifier in the
Web Service where it can double as a transaction ID.

-- 
Website: http://hallambaker.com/
Received on Friday, 6 July 2012 21:25:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 July 2012 21:26:05 GMT