> Could it be argued that if you hash the Yadis file returned > at both non-SSL and SSL and it is the same then they should > be treated the same? I like the idea, if it's possible to overcome the usual c14n/normalization issues. Your solution would nip in the bud more esoteric issues of "do https://abc.com and https://abc.com:8443 differ" Hans