W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2022

Signaling absent fields in signatures

From: Justin Richer <jricher@mit.edu>
Date: Thu, 17 Feb 2022 12:49:25 -0500
Message-Id: <1583AC8B-BC14-49D6-8C94-DBF4E15FFE1C@mit.edu>
To: HTTP Working Group <ietf-http-wg@w3.org>
An idea got brought up a little while ago that you could have a signer signal that a given field would :not: be present in the message to be signed, and so that when the verifier sees this, they can check the message and see that if that field is present then it’s an error and must be rejected. I’ve put together a PR to add that functionality here, and I’d like to have people check it out to see if it’s clearly described and is useful:

https://github.com/httpwg/http-extensions/pull/1976 <https://github.com/httpwg/http-extensions/pull/1976>

 — Justin
Received on Thursday, 17 February 2022 17:49:38 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 17 February 2022 17:49:40 UTC