- From: Tim <tim-projects@sentinelchicken.org>
- Date: Thu, 9 Jun 2011 07:30:00 -0700
- To: "Paul E\. Jones" <paulej@packetizer.com>
- Cc: apps-discuss@ietf.org, http-state@ietf.org, 'HTTP Working Group' <ietf-http-wg@w3.org>, 'OAuth WG' <oauth@ietf.org>
> You are referring to draft-salgueiro-secure-state-management-04? > > In that document, Section 6 covers responses from the server. The server > may hash any part of the message it wishes, including the body and selected > header. It's possible to also have an empty body and including that in the > hash will ensure that no body is inserted where one shouldn't have been. No, throughout this discussion I'm just looking at: http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token Does this tie in to the secure state management draft? If so, can you point me to the section in the MAC draft so I can get up to speed? > We've not looked at HTTP Digest and we were not targeting OAuth with our > document. Just so that I'm looking at the right "HTTP Digest" text, can you > tell me the document name? I found several when I did a search. Just the (latest?) RFC: http://www.ietf.org/rfc/rfc2617.txt thanks, tim
Received on Thursday, 9 June 2011 14:30:26 UTC