Re: message-signatures: Renaming "Content Identifiers"

I’m personally not super keen on “Values” because there are too many parts that already have an internal idea of a “value”, especially fields. 

I like “Covered Components”, and if it’s not stepping on anything else in the HTTP space already that might be our best option. “Protocol Elements” was also suggested at one point, which would lead to “Element Identifiers” as the indicator portion.

 — Justin

> On Jul 16, 2021, at 8:41 PM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> I suspect you're going to need to invent something.
> 
> Perhaps 'Covered Values' and 'Value Identifiers'? 
> 
> or 'Covered Components' and 'Component Identifiers'?
> 
> Cheers,
> 
> 
>> On 17 Jul 2021, at 2:59 am, Richard Backman, Annabelle <richanna@amazon.com> wrote:
>> 
>> Hello HTTP Working Group,
>> 
>> As discussed during the previous interim meeting, the way that the draft-ietf-http-message-signatures draft uses the term "content" is not consistent with the meaning of "content" as defined elsewhere in HTTP. That raises the question: what term should we use?
>> 
>> As a refresher (or for those who haven't been following this particular thread thus far), Message Signatures uses the term "Covered Content" to refer to the different pieces of an HTTP message that are covered by a message signature. It also uses the term "Content Identifier" to refer to the identifiers used to indicate which pieces of an HTTP message are included within the Covered Content. The draft currently defines Content Identifiers for the following pieces of information:
>>  • Header fields
>>  • Specific members within the value of a dictionary structured field
>>  • Signature metadata (e.g., algorithm and key identifiers, creation time, expiration)
>>  • The request target, target URI, and method, as defined in draft-ietf-httpbis-semantics
>>  • The response status, as defined in draft-ietf-httpbis-semantics
>>  • Specific portions of a request message's target URL: scheme, authority, path, query
>>  • Specific query parameters from the query portion of a request message's target URL
>> 
>> Additionally, there are use cases (albeit hotly contested, in some cases) for adding Content Identifiers for the following:
>>  • Footer fields
>>  • Specific cookies included in a request message
>>  • Ranges of items within a comma-delimited unstructured field (e.g., a proxy signing the first N items in the "Via" header field, allowing for further proxies to add additional items)
>>  • Ranges of elements within a list structured field
>> 
>> Are there any existing terms in the HTTP space that fit this use case? Or a combination of terms that isn't too much of a mouthful? Or do we need to invent something?
>> 
>> —
>> Annabelle Backman (she/her)
>> richanna@amazon.com
>> 
>> 
>> 
>> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 

Received on Friday, 23 July 2021 18:34:50 UTC