Re: Content-Integrity header

On Fri, Jul 6, 2012 at 3:08 PM, Poul-Henning Kamp <> wrote:
> In message <>
> , Phillip Hallam-Baker writes:
>>A better approach would be:
>>Content-Integrity: <base64-value> ;alg=<ID>
> Wouldn't you need more fields than that ?
> A nonce or psk id for instance ?

The second example has a pre-shared Key ID, essentially a Kerberos
ticket in most cases, I would guess.

Nonces are important but I tend to think of them as something that
should go inside the message content rather than have the transport
binding have to engage with them. Quite often a Web Service
transaction will be split across a series of HTTP transactions and
connections and you want the nonces to carry across the Web Service

Another reason is that a nonce is often useful as an identifier in the
Web Service where it can double as a transaction ID.


Received on Friday, 6 July 2012 21:25:56 UTC