|author||Thien-Thi Nguyen <firstname.lastname@example.org>||2020-11-28 00:28:37 -0500|
|committer||Thien-Thi Nguyen <email@example.com>||2020-11-28 00:28:37 -0500|
mark up ‘$ACCOUNT_PRIV’
1 files changed, 1 insertions, 1 deletions
diff --git a/anastasis.rst b/anastasis.rst
index c03620f..113b0b2 100644
@@ -545,7 +545,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_.
The server MUST refuse the upload with a "304" status code if the Etag matches
the latest version already known to the server.
- *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with $ACCOUNT_PRIV, affirming desire to upload an encrypted recovery document.
+ *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to upload an encrypted recovery document.
*Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see 402 status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the **kdf_id** might be known to an attacker). If this header is missing in the client's request (or the associated payment has exceeded the upload limit), the server must return a 402 response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request.