Re: Concrete format for signed responses from Andy Green on 2017-12-05 (ietf-http-wg@w3.org from October to December 2017)

From: Andy Green <andy@warmcat.com>
Date: Wed, 6 Dec 2017 06:23:23 +0800
To: Jeffrey Yasskin <jyasskin@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <75aacd42-b7b0-34aa-be11-3b571d15a0fa@warmcat.com>

On 12/06/2017 05:19 AM, Jeffrey Yasskin wrote:
> Hi all,
> 
> I've published 
> https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-01.html 
> to follow up on 
> https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0385.html 
> with a concrete proposal for the Signature header.

Sorry if this was already discussed, but do you know about JWS / JWK?

https://tools.ietf.org/html/rfc7515
https://tools.ietf.org/html/rfc7517

ACME uses them

https://datatracker.ietf.org/doc/draft-ietf-acme-acme/

So there are an increasing number of implementations of this.

There seems to be a lot of crossover with what you're trying to do there 
(encode key type and parameters).

It's B64url encoding but it will let you put everything in one header.

-Andy

> Thanks,
> Jeffrey

Received on Tuesday, 5 December 2017 22:24:13 UTC