Re: I-D Action: draft-ietf-httpbis-message-signatures-17.txt from Justin Richer on 2023-05-02 (ietf-http-wg@w3.org from April to June 2023)

From: Justin Richer <jricher@mit.edu>
Date: Tue, 2 May 2023 15:12:01 +0000
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <C46CA4A0-A1A4-42FA-8C5C-626980E43FBD@mit.edu>

This draft incorporates changes from discussions at and following IETF116. 

Most of the changes are around examples from signing signatures (and specifically, why it’s a bad idea to do that).

There are also more precise directions for dealing with encodings in field values, which shouldn’t change any of the vast majority of current code or affect most users of the spec.

One normative change is made to a less-used function, the @query-parameter derived component now uses percent encoding to normalize values and ensure the output is both ASCII and doesn’t include illegal characters like newlines. The authors believe that this change is not significant enough to warrant another round of WGLC.

 — Justin

> On May 2, 2023, at 9:48 AM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This Internet-Draft is a work item of the HTTP (HTTPBIS) WG of
> the IETF.
> 
>   Title           : HTTP Message Signatures
>   Authors         : Annabelle Backman
>                     Justin Richer
>                     Manu Sporny
>   Filename        : draft-ietf-httpbis-message-signatures-17.txt
>   Pages           : 117
>   Date            : 2023-05-02
> 
> Abstract:
>   This document describes a mechanism for creating, encoding, and
>   verifying digital signatures or message authentication codes over
>   components of an HTTP message.  This mechanism supports use cases
>   where the full HTTP message may not be known to the signer, and where
>   the message may be transformed (e.g., by intermediaries) before
>   reaching the verifier.  This document also describes a means for
>   requesting that a signature be applied to a subsequent HTTP message
>   in an ongoing HTTP exchange.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/

> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html

> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-message-signatures-17

> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
>

Received on Tuesday, 2 May 2023 15:13:17 UTC