- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Fri, 6 Jul 2012 17:25:24 -0400
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: ietf-http-wg@w3.org
On Fri, Jul 6, 2012 at 3:08 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CAMm+LwhYqO0NFxW6BnreaWB0TEhpW8nAMMy2YzobC429CmtqPA@mail.gmail.com> > , Phillip Hallam-Baker writes: > >>A better approach would be: >> >>Content-Integrity: <base64-value> ;alg=<ID> > > Wouldn't you need more fields than that ? > > A nonce or psk id for instance ? The second example has a pre-shared Key ID, essentially a Kerberos ticket in most cases, I would guess. Nonces are important but I tend to think of them as something that should go inside the message content rather than have the transport binding have to engage with them. Quite often a Web Service transaction will be split across a series of HTTP transactions and connections and you want the nonces to carry across the Web Service Transaction. Another reason is that a nonce is often useful as an identifier in the Web Service where it can double as a transaction ID. -- Website: http://hallambaker.com/
Received on Friday, 6 July 2012 21:25:56 UTC