[Openid-specs-ab] c_hash and at_hash appear to be underspecified
John Bradley
ve7jtb at ve7jtb.com
Wed May 15 09:25:32 UTC 2013
I think A is the intended.
Sent from my iPhone
On 2013-05-15, at 11:01 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> The specs use the language “hashing the "access_token"” and “hashing the "code"” when defining the at_hash and c_hash computations. As I see it, the value to be hashed could be any of:
>
> A. The bytes of the ASCII representation access_token/code (which is the same as the UTF-8 representation because only ASCII characters may be used)
> B. The bytes of the little-endian UTF-16 representation of the access_token/code
> C. The bytes of the big-endian UTF-16 representation of the access_token/code
>
> I assume that A is what people are actually doing, but I wanted to confirm that before clarifying the computation in the specifications.
>
> -- Mike
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130515/06cb55cf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2915 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130515/06cb55cf/attachment.p7s>
More information about the Openid-specs-ab
mailing list