Should responses include calculated digest?

[Acconut]

The current draft recommends server to include the expected digest value in an error response when the digest provided by the client doesn't match the server's expectation. This opens the door to potential information leakage and oracle attacks, which potentially allows an attacker to learn about the data over which the digest was computed.

Should we remove this recommendation to include the digest calculated by the server?

Is there a good way to get an expert's opinion in this topic? Maybe through a secdir early review?

[richsalz]

Yes, we can asks for a secdir review. But I've been involved with the SEC area stuff and yes, saying "nope this is the value" is not a good idea.

[Acconut]

Thanks for the early feedback. It makes sense to be more cautious here, so I have opened #4 to remove the calculated digest from the problem type.