W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2019

Re: HTTP Signing

From: Roberto Polli <robipolli@gmail.com>
Date: Fri, 22 Nov 2019 09:48:43 +0100
Message-ID: <CAP9qbHXSAam1i=6B7mnEpPh3d-yzVOLQk2Vj25f9QNsoe0uaaw@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>, Liam Dennehy <liam@wiemax.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi Rob & co,

Il giorno ven 22 nov 2019 alle ore 07:05 Rob Sayre <sayrer@gmail.com>
ha scritto:
> I saw the "HTTP Signing" presentation in the SECDISPATCH meeting on YouTube[1], and it seems like it's going to end up in this WG.
Interesting thread: the video is at
https://www.youtube.com/watch?v=CYBhLQ0-fwE&t=3000

>  I'd like to suggest adopting something very similar to AWSv4.
iiuc the approach of draft-cavage and signed-exchange is very similar
and the signed-exchange workgroup made a lot of progresses.
AWSv4 seems to me quite limited and IMHO if you expand it you'll
eventually end with
draft-cavage or http-signatures.

> I've implemented the server side of AWSv4 [...]
> it's possible to use off-the-shelf AWSv4 client SDKs, make up your own "service" name, and implement the server side of the protocol
Understand, though AWS can change that sdk in the future as that's
tied to their infrastructure.

> [1] https://www.youtube.com/watch?v=CYBhLQ0-fwE
> [2] https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

Regards,
R.
Received on Friday, 22 November 2019 08:48:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:43 UTC