On 17.10.2022 18:27, Anders Rundgren wrote: > On 2022-10-17 13:59, Julian Reschke wrote: >> On 17.10.2022 12:44, Anders Rundgren wrote: >>> +1 >>> >>> Target URI and Method (as well as other data related to the message), >>> may equally well be put in the payload. HTTP header signing is an >>> unnecessary complication. >>> ... >> >> Can you elaborate? You might have a media type that allows adding a >> *copy* of that information, but that's not the same thing. > > Hi Julian, > It is quite possible that I misunderstand what you write but I don't see > a problem with having a copy of targetUri in the payload. > An RP may (depending on proxying etc) compare this data with the HTTP > header counterpart and fail if there is a mismatch. > > An additional advantage with this arrangement is that signed messages > become serializable and thus can easily be stored in databases, embedded > in other objects, etc. > > Regards, > Anders Well, that would only work with certain media types. It's not a generic solution. Best regards, JulianReceived on Monday, 17 October 2022 16:31:45 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:08 UTC