Sorry, I meant binary in terms of either on or off - not binary signature. Cheers <k/>
|-----Original Message----- |From: [email protected] [mailto:[email protected]] On Behalf |Of Blaine Cook |Sent: Thursday, December 11, 2008 7:10 AM |To: [email protected] |Subject: [oauth] Re: [opensocial-and-gadgets-spec] Re: body signing for |oauth and opensocial | | |On Wed, Dec 10, 2008 at 11:30 PM, Krishna Sankar (ksankar) |<[email protected]> wrote: |> Why can't we make it binary - just say header-signature- |required |> or header-signature-not-required. And if required, sign all the |headers |> or a set of well specified headers - no messy selection of which one |to |> sign et al. | |Binary signing would be really difficult; the headers that the |consumer sees, and those that the service provider sees are |potentially very different with the interference of proxies, servers, |etc. | |OTOH, I agree that header signature selection is not at all appetising. | |b. | | --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
