Re: Https question

From: Volker Birk (
Date: 08/21/05

  • Next message: Buffalo: "Re: ZoneAlarm Service Agent popup"
    Date: 21 Aug 2005 18:02:06 +0200

    Anand kumar <> wrote:
    > No wait, in that rfc link, there's a para under the hmac computation
    > that says that key and time are optional. Which would mean that I can
    > get only teh mac (or mac of mac) of the message bits, if I specified no
    > key and time in my previous message to the server.

    2.4.5. MAC-Info tells me, that only time is optional. But you will
    not get a hash for a file with this, even if the secret also would be
    optional, because sHTTP requires a MAC for the encapsulated content
    of a message, and not a hash over the binary representation of a file.
    Sorry. Also the HMAC does not work for this.

    > -I want to know what the "encapsulated content" that the rfc is talking
    > about. I want to know how big this "encapsulated content" would be. Or,
    > in other words, the size of "message bits" that it considers in the
    > formula.

    The encapsulated content means, if you're transmitting a file, message
    header and the encoded representation of the transported data, not the
    binary representation of only the file content.

    > -I want the hash of the file in the remote http server, without having
    > to download the file
    > itself. Is this possible?

    Don't think so.

    But, another question: _why_ do you want to have this? Perhaps it could
    be possible to solve your needs in another way.


    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
                                        Harald Schmidt zum "Weltjugendtag"

  • Next message: Buffalo: "Re: ZoneAlarm Service Agent popup"