Seth,
I probably did not read carefully enough, but I did not see the
answer to my question:
When the server decrypts the signature, how does it know
the string is valid? Presumably it is some pre-
established string that it recognizes?
When the call-back service gets data from the querier, the
call-back service does some decription and then validates the
results. What is inside the decryption that the service uses for
that validation?
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker(_at_)(_dot_)(_dot_)(_dot_)
brandenburg.com