- From: Kirill Kutsenok <kirill@reclaimprotocol.org>
- Date: Thu, 12 Jun 2025 14:50:54 +0300
- To: ietf-http-wg@w3.org
- Cc: Madhavan Malolan <madhavan@reclaimprotocol.org>
- Message-ID: <CAFVZLYz79DxBP2uJCJ++4bEKLz60i657rBpse-NSwMOs-_GNBg@mail.gmail.com>
Hello HTTP WG, I would like to share a petition advocating for broader adoption and, where applicable, regulatory enforcement of RFC 9421 <https://www.rfc-editor.org/rfc/rfc9421.html>, which defines HTTP Message Signatures: https://www.change.org/p/mandate-rfc-9421-for-signing-digital-responses-containing-user-data The motivation behind this effort is the increasing reliance on digital documents (such as bank statements or activity records) that users retrieve from websites and later present to third parties. Without a standard mechanism to authenticate these documents, their integrity and origin are often difficult to verify. RFC 9421 offers a potential solution by enabling digital signatures on HTTP responses, allowing recipients to validate the source and contents of the data. The petition specifically calls for policymakers, regulators, and platform providers to consider mandating support for this mechanism in contexts where users are expected to share digital records with third parties. While widespread voluntary adoption would be beneficial, regulatory endorsement could provide a clearer trust model for consumers and relying parties. While this initiative is not affiliated with the IETF, I thought it relevant to share with the working group given the technical overlap. Feedback is welcome, especially regarding real-world deployment considerations or known challenges with adoption. Thanks for your time. — Kirill Kutsenok Cryptography Researcher, Reclaim Protocol (https://reclaimprotocol.org)
Received on Thursday, 26 June 2025 19:50:45 UTC