W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2013

Re: Web Keys and HTTP Signatures

From: Carsten Bormann <cabo@tzi.org>
Date: Thu, 18 Apr 2013 00:03:14 +0200
Cc: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
Message-Id: <9DF0F237-62DC-4E82-A545-B09C6083849B@tzi.org>
To: Manu Sporny <msporny@digitalbazaar.com>
On Apr 17, 2013, at 23:32, Manu Sporny <msporny@digitalbazaar.com> wrote:

> https://github.com/joyent/node-http-signature/blob/master/http_signing.md

I looked at this for about 5 seconds, but are you telling us the attacker gets to choose what the lines in the signed string are supposed to mean?

Gre, Carsten
Received on Wednesday, 17 April 2013 22:03:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:31 UTC