We should look at HTTP Digest as well. HTTP Digest is an existing standard used for password authentication. It was designed before the current level of understanding of MAC function construction from a Digest. That said though the amount of data involved means that the difference between the Digest scheme and HMAC is not significant.
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of John Merrells > Sent: Monday, February 13, 2006 1:34 PM > To: Digital Identity Exchange > Subject: Re: [dix] Review of draft-merrells-dix-00.txt > > > On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote: > > > A suggested implementation of a signature function > would be to use > > the SHA1 algorithm, which takes as input a digest of > the message and > > a secret known only to the Homesite. > > > > Signature = T ( S + Digest ) > > > > Where, Digest is message digest (defined above), S is > the Homesite > > Secret, T is the signature generation function, and '+' > means string > > concatentation. > > > > The technical term for a "signature" which can only be > verified by the > > holder of a symmetric secret is Message Authentication Code > (MAC) and > > there's a standard technique for performing MACs: HMAC (RFC 2104). > > We looked at that... but decided what we were doing was > different in some way. I'll dig out my notes. > > John > > > > _______________________________________________ > dix mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/dix > > _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
