> Can it replies an error "too late, my caps changed, please ask again with the > new verification string"?
No, and that shouldn't be a problem. Just reply with <item-not-found/>. The client will not cache any information about that hash as a result. In the meantime, it will have gotten a new hash, and query the new hash anyway. cheers, Remko
