W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: message-signatures: Renaming "Content Identifiers"

From: Mark Nottingham <mnot@mnot.net>
Date: Sat, 17 Jul 2021 10:41:37 +1000
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <18F194A3-A068-43CA-8177-8A12C6452274@mnot.net>
To: "Richard Backman, Annabelle" <richanna@amazon.com>
I suspect you're going to need to invent something.

Perhaps 'Covered Values' and 'Value Identifiers'? 

or 'Covered Components' and 'Component Identifiers'?

Cheers,


> On 17 Jul 2021, at 2:59 am, Richard Backman, Annabelle <richanna@amazon.com> wrote:
> 
> Hello HTTP Working Group,
> 
> As discussed during the previous interim meeting, the way that the draft-ietf-http-message-signatures draft uses the term "content" is not consistent with the meaning of "content" as defined elsewhere in HTTP. That raises the question: what term should we use?
> 
> As a refresher (or for those who haven't been following this particular thread thus far), Message Signatures uses the term "Covered Content" to refer to the different pieces of an HTTP message that are covered by a message signature. It also uses the term "Content Identifier" to refer to the identifiers used to indicate which pieces of an HTTP message are included within the Covered Content. The draft currently defines Content Identifiers for the following pieces of information:
> 	• Header fields
> 	• Specific members within the value of a dictionary structured field
> 	• Signature metadata (e.g., algorithm and key identifiers, creation time, expiration)
> 	• The request target, target URI, and method, as defined in draft-ietf-httpbis-semantics
> 	• The response status, as defined in draft-ietf-httpbis-semantics
> 	• Specific portions of a request message's target URL: scheme, authority, path, query
> 	• Specific query parameters from the query portion of a request message's target URL
> 
> Additionally, there are use cases (albeit hotly contested, in some cases) for adding Content Identifiers for the following:
> 	• Footer fields
> 	• Specific cookies included in a request message
> 	• Ranges of items within a comma-delimited unstructured field (e.g., a proxy signing the first N items in the "Via" header field, allowing for further proxies to add additional items)
> 	• Ranges of elements within a list structured field
> 
> Are there any existing terms in the HTTP space that fit this use case? Or a combination of terms that isn't too much of a mouthful? Or do we need to invent something?
> 
> —
> Annabelle Backman (she/her)
> richanna@amazon.com
> 
> 
> 
> 

--
Mark Nottingham   https://www.mnot.net/
Received on Saturday, 17 July 2021 00:41:58 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 17 July 2021 00:41:59 UTC