From 3fc26ba3dfd7a3b33b84aa43ec90944aa954068e Mon Sep 17 00:00:00 2001 From: Thien-Thi Nguyen Date: Sat, 28 Nov 2020 00:28:37 -0500 Subject: mark up ‘$ACCOUNT_PRIV’ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- anastasis.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'anastasis.rst') diff --git a/anastasis.rst b/anastasis.rst index c03620f2..113b0b27 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -545,7 +545,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_. The server MUST refuse the upload with a "304" status code if the Etag matches the latest version already known to the server. - *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with $ACCOUNT_PRIV, affirming desire to upload an encrypted recovery document. + *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to upload an encrypted recovery document. *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see 402 status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the **kdf_id** might be known to an attacker). If this header is missing in the client's request (or the associated payment has exceeded the upload limit), the server must return a 402 response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request. -- cgit v1.2.3