Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme

> You are referring to draft-salgueiro-secure-state-management-04?
>
> In that document, Section 6 covers responses from the server.  The server
> may hash any part of the message it wishes, including the body and selected
> header.  It's possible to also have an empty body and including that in the
> hash will ensure that no body is inserted where one shouldn't have been.


No, throughout this discussion I'm just looking at:
  http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token

Does this tie in to the secure state management draft?  If so, can you
point me to the section in the MAC draft so I can get up to speed?

> We've not looked at HTTP Digest and we were not targeting OAuth with our
> document.  Just so that I'm looking at the right "HTTP Digest" text, can you
> tell me the document name?  I found several when I did a search.

Just the (latest?) RFC:
  http://www.ietf.org/rfc/rfc2617.txt

thanks,
tim

Received on Thursday, 9 June 2011 14:30:26 UTC