- From: Justin Richer <jricher@mit.edu>
- Date: Wed, 1 Feb 2023 14:46:03 +0000
- To: HTTP Working Group <ietf-http-wg@w3.org>
I’d like a bit more input from the WG about this proposed change in semantics surrounding the parameters in Accept-Signature, from the AD review. The PR is here and has some comments on it: https://github.com/httpwg/http-extensions/pull/2377/ Previously, sending things like “created” was prohibited, but Francesca made a reasonable point that sending these parameters could be a signal to the signer about what’s wanted in the response. The new text explicitly lays out what each parameter means when it is applied in this context. This dovetails with new text in a separate PR that gives instructions to the DE’s about requiring a parameter be defined in each context. This does not change the core processing of the field — you still have to sign the list it’s given, and use the given label, if you’re going to respond to it. Response to any accept-signature header is still optional. — Justin
Received on Wednesday, 1 February 2023 14:46:42 UTC