W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Signature [protocol element] identifiers

From: Justin Richer <jricher@mit.edu>
Date: Tue, 29 Jun 2021 15:41:22 -0400
Message-Id: <2EA4634A-6131-465B-A9AD-A5CEAC9BB807@mit.edu>
Cc: "Richard Backman, Annabelle" <richanna@amazon.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
I just pushed a strawman proposal for new identifiers for elements covered by the signature, and the editors would like feedback on this. I tried to base the language on the draft semantics and messaging drafts, but I’m sure I mixed a few things up — please help us make sure these things are right!

https://github.com/httpwg/http-extensions/pull/1565 <https://github.com/httpwg/http-extensions/pull/1565>

This also removes the “@request-target” identifier, which was problematic for a number of reasons. In its stead you can now use “@method” and “@request-origin” (or some combination of “@path” and “@query”) to cover the same elements of a request.

As a side note, we know that terms like “covered content” are problematic and will be fixing that language in a different PR in the future. So that wires don’t get crossed with that related conversation, please limit feedback to the definitions of these items, both in terms of the identifier used and the value generation and canonicalization method.

Thank you!
 — Justin
Received on Tuesday, 29 June 2021 19:41:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 29 June 2021 19:41:40 UTC