Security and Privacy considerations for Signatures from Justin Richer on 2021-11-02 (ietf-http-wg@w3.org from October to December 2021)

From: Justin Richer <jricher@mit.edu>
Date: Tue, 2 Nov 2021 11:47:43 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <85B21F00-8A14-4769-B8F4-034F37BCC79A@mit.edu>

All,

As discussed at the interim, we’ve pushed up a PR to add security and privacy considerations for the signatures draft. Please review when you can:

https://github.com/httpwg/http-extensions/pull/1776 <https://github.com/httpwg/http-extensions/pull/1776>

And importantly, please help us expand this as necessary. Are there other attacks we should enumerate? Are there other aspects we should highlight? Are there other mitigations and tradeoffs that implementors should be aware of?

Thanks,

 — Justin

Received on Tuesday, 2 November 2021 15:47:56 UTC