W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2023

Accept Signature Parameter Semantics

From: Justin Richer <jricher@mit.edu>
Date: Wed, 1 Feb 2023 14:46:03 +0000
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <E428146F-79D7-4118-A10E-46E587C63A27@mit.edu>
I’d like a bit more input from the WG about this proposed change in semantics surrounding the parameters in Accept-Signature, from the AD review. The PR is here and has some comments on it:

https://github.com/httpwg/http-extensions/pull/2377/


Previously, sending things like “created” was prohibited, but Francesca made a reasonable point that sending these parameters could be a signal to the signer about what’s wanted in the response. The new text explicitly lays out what each parameter means when it is applied in this context. This dovetails with new text in a separate PR that gives instructions to the DE’s about requiring a parameter be defined in each context.

This does not change the core processing of the field — you still have to sign the list it’s given, and use the given label, if you’re going to respond to it. Response to any accept-signature header is still optional.

 — Justin
Received on Wednesday, 1 February 2023 14:46:42 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:08 UTC