Signature Negotiation

I’ve created an initial pull request to define an “Accept-Signature” header field. This is to allow the following scenarios:

A client wants the server to sign its response, and do so in a particular way. The client sends the Accept-Signature header in the request with one or more signature definitions that the server applies to the response. This is meant to mirror things like content negotiation (but not exactly, so please don’t get hooked on the comparison).

A server wants the client to sign its next request, and do so in a particular way. The server sends the Accept-Signature header in the response with one or more signature definitions that the client then applies to the next request to the server. This is meant to mirror things like authentication (but not exactly, so please don’t get hooked on the comparison).

Please review the text of the PR, and let the editors know what you think of the idea and this execution:

https://github.com/httpwg/http-extensions/pull/1594 <https://github.com/httpwg/http-extensions/pull/1594>

 — Justin

Received on Friday, 6 August 2021 20:42:22 UTC