jld at club-internet.fr
Mon Jun 6 00:18:04 PDT 2005
Brad Fitzpatrick wrote:
>On Sun, 5 Jun 2005, Paul Crowley wrote:
>>OK. What format do we use for the replies from servers to consumers
>>about server secrets? We should probably use the same format as that
>>for the signatures. I was thinking x-www-form-urlencoded there, but as
>>you say that might be hard for consumers to parse when it's part of the
>>reply rather than part of the request.
>You'll hear every debate. Some people will say text/line-based protocol
>is easiest. Some will want x-www-form-urlencoded encoding, and some will
>actually prefer XML, as it's built into their language/envifornemnt.
>I'd say in the interest of consistency we go with x-www-form-urlencoded.
>It's not that hard to parse, and it's usually possible to coerce a web
>framework's API to do most the heavy lifting of decoding it anyway.
I must really be missing something!
*Where* is the need to parse back the signed string?
I understand that it's content may be subject to variations and
therefore must be customisable and readily enumerable.
But isn't every field in it in already available on each side, customer
and server as well, and thus the whole string can be rebuilt anyway
before the signing or verification?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the yadis