W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: Partial signatures on the Via header

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sat, 11 Sep 2021 09:30:02 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1CA2D67D-4E00-4FC3-93C5-C216C3B40C87@gbiv.com>
To: Justin Richer <jricher@mit.edu>
> On Sep 11, 2021, at 5:01 AM, Justin Richer <jricher@mit.edu> wrote:
> 
> Via can already be excluded by simply not signing it. Are you suggesting that we explicitly say that it should not be signed, for the reasons you mention? 

Unless the goal is to fail verification, signing Via is unwise because it is supposed to be changed by recipients as the message is received (usually before the message semantics are processed). I don't think I would go as far as making it a SHOULD NOT requirement, but I would never sign it myself.

....Roy
Received on Saturday, 11 September 2021 16:30:21 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 11 September 2021 16:30:22 UTC