diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-04-07 03:49:03 -0400 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-04-07 03:49:03 -0400 |
commit | 65168843798b7f4d18b7850f7ff69b69cb9509ed (patch) | |
tree | 44d7c9e5952c08b995f256426fdbaa7f123396fe /anastasis.rst | |
parent | 95af36b957800dd50e6e587711dcf9347ad9976d (diff) | |
download | docs-65168843798b7f4d18b7850f7ff69b69cb9509ed.tar.gz docs-65168843798b7f4d18b7850f7ff69b69cb9509ed.tar.bz2 docs-65168843798b7f4d18b7850f7ff69b69cb9509ed.zip |
mark up of ‘402’ (two instances)
Diffstat (limited to 'anastasis.rst')
-rw-r--r-- | anastasis.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/anastasis.rst b/anastasis.rst index f1efa2ed..f6d92af2 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -571,7 +571,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_. *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to upload an encrypted recovery document. - *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see 402 status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the **kdf_id** might be known to an attacker). If this header is missing in the client's request (or the associated payment has exceeded the upload limit), the server must return a 402 response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request. + *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see ``402`` status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the **kdf_id** might be known to an attacker). If this header is missing in the client's request (or the associated payment has exceeded the upload limit), the server must return a ``402`` response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request. **Response**: |