> You are referring to draft-salgueiro-secure-state-management-04? > > In that document, Section 6 covers responses from the server. The server > may hash any part of the message it wishes, including the body and selected > header. It's possible to also have an empty body and including that in the > hash will ensure that no body is inserted where one shouldn't have been.
No, throughout this discussion I'm just looking at: http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token Does this tie in to the secure state management draft? If so, can you point me to the section in the MAC draft so I can get up to speed? > We've not looked at HTTP Digest and we were not targeting OAuth with our > document. Just so that I'm looking at the right "HTTP Digest" text, can you > tell me the document name? I found several when I did a search. Just the (latest?) RFC: http://www.ietf.org/rfc/rfc2617.txt thanks, tim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth