W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2022

Re: signatures vs sf-date

From: Justin Richer <jricher@mit.edu>
Date: Fri, 2 Dec 2022 14:25:32 +0000
To: Julian Reschke <julian.reschke@gmx.de>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <04A5CE20-A291-4FA4-A330-FB1090697EA1@mit.edu>
On Dec 1, 2022, at 12:16 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
> Hi there.
> 
> Currently the signatures draft relies on structured fields as defined in
> RFC 8941 - that is, without the date type we are currently working on.
> 
> We need to make a few decisions here:
> 
> 1) Should signatures *use* the date type in the field(s) it defines
> ("created" TS)?

It could, but I don’t think it’s worth delaying signatures over. There are two timestamp fields (created and expires) with clear semantics, I don’t see a huge value to waiting. I’d like to hear feedback from implementors about how this would affect their code — I know from my part that I rely on structured field libraries (notably yours on the Java side) that would need to be updated for the new format first.

> 
> 2) When signing parts of a SF shaped field, should it support RFC
> 8941bis in some way?

That should “just work”. If you’re doing SF fields using the SF-bit or anything else that uses strict serialization rules, and your system needs and supports the SFbis definitions, then it should just work. Otherwise if someone sends you something that you can’t parse, well, then you need to figure out how to parse it, right?

I don’t think there’s any change that needs to be made for that. If SFbis gets out the door first (or even has an RFC number first), we can change the reference and call it a day. Or a @DATE. :)

 — Justin
Received on Friday, 2 December 2022 14:26:24 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 1 February 2023 02:18:31 UTC