New Signatures Draft from Justin Richer on 2021-03-15 (ietf-http-wg@w3.org from January to March 2021)

From: Justin Richer <jricher@mit.edu>
Date: Mon, 15 Mar 2021 16:10:43 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <63C7894E-4B5B-4667-808D-61F000210E20@mit.edu>

We’ve published a new version of the Signatures draft:

https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-02.html <https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-02.html>

It’s been a while since the last publication, and there are a lot of big changes from the -01 version. The short version:

 - Two headers, one for signature inputs and one for the signature itself
 - Headers both use Structure Field syntax
 - Signature base string generation mechanism uses Structured Field composition rules
 - Signature now always covers the signature metadata (this alone solved about a half dozen reported problems, at least)

It’s still a bit drafty, but it’s implementable: I’ve managed to implement the client and server side of this in Java, thanks to Julian’s Structured Fields library on that platform. 

 — Justin

Received on Monday, 15 March 2021 20:10:57 UTC