Re: Call for Adoption: draft-richanna-http-message-signatures from Rob Sayre on 2020-02-04 (ietf-http-wg@w3.org from January to March 2020)

From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 3 Feb 2020 17:24:33 -0800
To: Eric Rescorla <ekr@rtfm.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Message-ID: <CAChr6SweKS5FrKQcghZuX=D+8xP_F1y6ZJ2=eA=6sGFG7SNNcg@mail.gmail.com>

On Sun, Feb 2, 2020 at 8:49 AM Eric Rescorla <ekr@rtfm.com> wrote:

> Hi folks,
>
> I do not believe we should initiate work in HTTP on HTTP Request
> signatures starting with draft-richanna-http-message-signatures.
>
> My high order concern is that we seem to be starting to build a
> piecemeal object security system for HTTP without any kind of
> coordination or common architecture. So far, we have standardized or
> proposals to standardize:
>

AWSv4 is the de facto standard, for better or worse.

I view this task as an inspection of that.

thanks,
Rob

Received on Tuesday, 4 February 2020 01:24:48 UTC