martinthomson
commented
8 years ago I think that it might be better to include content-encoding on both. Thanks for picking that up.
Closed manger closed 8 years ago
martinthomson
commented
8 years ago I think that it might be better to include content-encoding on both. Thanks for picking that up.
Need a "content-encoding: mi-sha256" header on the signature example. The MI header conveys an integrity check of the whole content, but isn't a signal that the content has been changed (to include hashes).
The simple example (§4.1) might not need a Content-Encoding header as (this version of) MICE doesn’t actually change the payload as it is shorter than the 4096-byte record size. Might be worth adding a Content-Encoding header anyway.