W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2021

HTTP Signatures Playround

From: Justin Richer <jricher@mit.edu>
Date: Mon, 22 Nov 2021 12:27:47 -0500
Message-Id: <C8D0ABBF-5CA9-415E-8131-F6787EC66410@mit.edu>
To: HTTP Working Group <ietf-http-wg@w3.org>
Hi all,

I’ve stood up a very simple HTTP Message Signatures playground and finally gotten hosting sorted out (for now, anyway). Please check it out:


The site is set up to basically step you through the stages of creating or validating an HTTP Signature on a request or response message. 

1. Parse an HTTP Message
2. Select which parts of the message to sign, and set those parameters in the signature input, to create the signature input string
3. Select the crypto parameters (key and algorithm) and sign or validate the message
4. Get the signature or validation results

It comes pre-loaded with examples, but you should be able to put in your own messages and keys as you see fit.

When you break it, because I know you probably will, please let me know how it breaks — or even better, help fix it! All the code is here: https://github.com/bspk/httpsig-org/ <https://github.com/bspk/httpsig-org/>

And before you report it, yes, I know that the header-style detection is a little wonky, as this is the code what prompted the other thread I opened last week about detecting structured fields. 

Annabelle and I would love for people to try this out and see how all the pieces work in this draft.

 — Justin
Received on Monday, 22 November 2021 17:28:01 UTC

This archive was generated by hypermail 2.4.0 : Monday, 22 November 2021 17:28:03 UTC