Use a SHA2 hash function instead of MD5 for the body

acquia / http-hmac-spec

An HMAC message format for securing RESTful web APIs.

81 stars 14 forks source link

Use a SHA2 hash function instead of MD5 for the body #3

Closed cpliakas closed 8 years ago

cpliakas commented 9 years ago

From @pwolanin in #1

Any new spec should use SHA2 such as SHA256 or SHA512

AWS is probably using the content-md5 since it's the only standard http hash header, but there is not a good reason to mimic this, especially if you are not actually sending that HTTP header. IF you want to send the header, I'd also use a SHA2 hash of the body.

cpliakas commented 8 years ago

Marking as closed since this is fixed in the 2.0 spec.