Re: Artart last call review of draft-ietf-httpbis-message-signatures-16


> On Mar 10, 2023, at 3:01 AM, Julian Reschke <> wrote:
> On 07.03.2023 18:39, Justin Richer wrote:
>> ...
>>> All of section 2.2 seems to assume that we’re dealing only with HTTP
>>> URLs. This
>>> assumption should be made explicit.
>> This specification is signing for HTTP messages. What other URLs would
>> there be at play here? It seems redundant to call it out, especially
>> because we’re using the terms from the HTTP semantics specification to
>> define the components.
>> ...
> HTTP can in theory also be used to access resources with non-HTTP(s)
> URIs. In HTTP/1.1, you can use the absolute form of the request target
> for that.
> Is it common? No (I believe).

IPP uses this mechanism (ipp: and ipps: URIs specify IPP over HTTP/HTTPS), and with billions of IPP printers out there I think we can call it common. :)

(but I doubt IPP will use this mechanism for ensuring message integrity...)

Michael Sweet

Received on Friday, 10 March 2023 21:40:40 UTC