- From: Cyrus Daboo <cyrus@daboo.name>
- Date: Fri, 25 Mar 2011 10:29:17 -0400
- To: Eran Hammer-Lahav <eran@hueniverse.com>, Mark Nottingham <mnot@mnot.net>
- cc: "Thomson, Martin" <Martin.Thomson@commscope.com>, Bill Burke <bburke@redhat.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Eran, --On March 23, 2011 11:47:45 PM -0700 Eran Hammer-Lahav <eran@hueniverse.com> wrote: > No matter what the use cases are, most signature algorithm requiring > complex canonicalization of data have failed the test of widespread > adoption, so before we produce yet another such solutions, we should > figure out if this complexity adds real value. Please take a look at DKIM which does this for email (and reasonably well by most accounts). In fact my preference here is to use DKIM for HTTP as well. Whilst DKIM is currently used for email it was designed to be generally applicable to similar protocols - in fact we are planning on using it for iTIP-over-HTTP (iSchedule: <http://tools.ietf.org/id/draft-desruisseaux-ischedule-01.txt>). It would be good to be able to utilize the existing infrastructure and experience from DKIM in HTTP. -- Cyrus Daboo
Received on Friday, 25 March 2011 14:29:52 UTC