But what would be a problem with just running a hash function over the
payload as is? Seems to me that this way the recipient could check the
validity of the signature for this particular payload, right? Or is
there some strange case where the payload gets modified in transit
legitimately?
Igor
Paul C. Bryan wrote:
On Tue, 2010-02-09 at 13:58 -0500, Igor Faynberg wrote:
Paul C. Bryan wrote:
...
1. Payload would need to be embedded in the data element of the
signature, so we'd be duplicating payload to support digital signatures.
Would not just hash of the payload be enough?
I guess as long as there were rules on how to normalize the payload
before hashing it.
Paul
Igor
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
