- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 06 May 2013 17:45:53 -0400
- To: Kingsley Idehen <kidehen@openlinksw.com>
- CC: public-webpayments@w3.org
On 05/06/2013 09:24 AM, Kingsley Idehen wrote: >> https://payswarm.com/specs/ED/http-signatures/2013-05-04/ >> > Have you considered using this effort to get IETF folks to > understand why the "From:" header needn't be maito: URI scheme > specific? You mean for Internet Message Format (RFC 5322)? Not really. It would be an interesting discussion to have, but I just don't have the time to pursue it. > Right now, I could pull off what I describe by using a Linked Data > URI that denotes a public key for the keyid. Basically, the URI > would resolve to a public key that I use to verify the signed > payload. Yes, this is exactly why we are pushing HTTP Signatures forward at IETF. The Web Keys spec will use the 'keyId' field in HTTP Signatures to express a Linked Data URI. A receiver of the HTTP message will look up the key to verify the contents of the message, and then could look up the owner of the key to understand who sent the message. It's a pretty simple and powerful mechanism that could be extended to RFC 5322, or an HTTP-based messaging format which could be tied into our current e-mail infrastructure. Alternatively, a new/simpler messaging system could be built on top of the Web using HTTP Signatures to perform verified message delivery between hosts. > If we have the "From:" header extended to support URIs rather than > mailto: URIs only, one could then use a Linked URI that denotes an > Agent as mechanism for accessing a public key used to verify signed > payloads. Yep. Now for the simple matter of convincing the IETF that this is worth pursuing. :P -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Meritora - Web payments commercial launch http://blog.meritora.com/launch/
Received on Monday, 6 May 2013 21:46:15 UTC