@peat Yeah that seems to be the general consensus, but still ... • Aaron Parecki

85°F

peat also on mastodon.social https://twitter.com/peat • Nov 5
@aaronpk Doesn't SHA HMAC fit the bill? Depends on a shared secret, otherwise, pretty groovy.

@peat Yeah that seems to be the general consensus, but still leaves questions like which headers to sign, is the entire post body signed or a hash of the body, what does the Authorization header look like, etc. I did find this, http://tools.ietf.org/html/draft-cavage-http-signatures-00, but not sure what the status of it is.

Redlands, CA, USA

Mon, Nov 4, 2013 8:48pm -08:00

Have you written a response to this? Let me know the URL:

Posted in /replies