#113 HMAC for SRPC
It would be nice if SRPC included a built-in message
integrity check. It should be possible to implement
this inside the SRPC library, sending authentication
hashes with each call and each response, without client
code having to change.
HMAC relies on a pre-shared key. I believe this is
typically exchanged with public/private key encryption,
which means we'd need a cryptography library, and Vesta
doesn't currently use one. This makes it somewhat
related secure authentication, which is in another RFE:
https://sourceforge.net/tracker/index.php?func=detail&aid=742838&group_id=34164&atid=410430
However it is in some ways a distinct issue from both
authentication and encryption, as the point of HMAC is
simply to ensure that messages arrive without having
been tampered with by a third party.
For an example of how another revision control system
uses HMAC, see the netsync.cc file in the monotone
sources (comments at the top of the file give a decent
overview):
http://viewmtn.angrygoats.net/headofbranch.psp?branch=net.venge.monotone
See also:
http://en.wikipedia.org/wiki/HMAC
http://www.cryptostuff.com/crypto/index.php?title=hmac
http://www.ietf.org/rfc/rfc2104.txt
