[doseta-discuss] Doing a DOSETA variant
Dave CROCKER
dhc at dcrocker.net
Wed Jul 13 13:10:27 PDT 2011
On 7/12/2011 11:24 AM, Bill Burke wrote:
>>> I'm not exactly clear what this section allows. For example. I'd like
>>> to use
>>> doseta to only sign a set of headers that come with the request
>>
>> You are describing a very different kind of rule for selecting header
>> fields than the DOSETA base uses. Nothing says that using a template
>> like this requires rigid adherence to every detail of the template. So,
>> there's nothing wrong with what you want to do, of course, but it needs
>> distinct specification language. (And, of course, it will affect the
>> ability to use of any existing DOSETA software.)
>>
>
> Oh. I thought DOSETA allowed you to add an arbitrary list of headers to add to
> the signature calculation? I just wanted the option to leave out the "bh" field.
Wow. Just re-read your text and got a completely different sense of what you
want. This time I think I am in sych. Sorry for the confusion.
I thought you wanted a variant of header field hashing, rather than merely
wanting to leave out the body from the signature.
If you do the full algorithm, but make l=0, I think you'll get the effect you
want, since none of the body will be covered by the signature.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the doseta-discuss
mailing list