On 18/07/2010 18:22, Nathan wrote: > we simply stick the public key in an http header instead. How do you prove the user has the private key, then? HTTPsec (not really commonly supported)? Best wishes, Bruno.