Re: Https question

From: Volker Birk (bumens_at_dingens.org)
Date: 08/21/05

  • Next message: Buffalo: "Re: ZoneAlarm Service Agent popup" 
    Date: 21 Aug 2005 18:02:06 +0200

    Anand kumar <a.anandkumar@gmail.com> wrote:
    > No wait, in that rfc link, there's a para under the hmac computation
    > that says that key and time are optional. Which would mean that I can
    > get only teh mac (or mac of mac) of the message bits, if I specified no
    > key and time in my previous message to the server.

    2.4.5. MAC-Info tells me, that only time is optional. But you will
    not get a hash for a file with this, even if the secret also would be
    optional, because sHTTP requires a MAC for the encapsulated content
    of a message, and not a hash over the binary representation of a file.
    Sorry. Also the HMAC does not work for this.

    > -I want to know what the "encapsulated content" that the rfc is talking
    > about. I want to know how big this "encapsulated content" would be. Or,
    > in other words, the size of "message bits" that it considers in the
    > formula.

    The encapsulated content means, if you're transmitting a file, message
    header and the encoded representation of the transported data, not the
    binary representation of only the file content.

    > -I want the hash of the file in the remote http server, without having
    > to download the file
    > itself. Is this possible?

    Don't think so.

    But, another question: _why_ do you want to have this? Perhaps it could
    be possible to solve your needs in another way.

    Yours,
    VB. 

    -- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"
  • Next message: Buffalo: "Re: ZoneAlarm Service Agent popup"