Re: New issue: Header type for JWT format values from Mark Nottingham on 2025-07-23 (ietf-http-wg@w3.org from July to September 2025)

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 23 Jul 2025 12:04:08 +0200
To: Atul Tulshibagwale <atul@sgnl.ai>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Brian Campbell <bcampbell@pingidentity.com>, ietf-http-wg@w3.org
Message-Id: <2B8E77A6-93C5-4800-ADAE-C4DDA2F344EB@mnot.net>

If you have deployed software and want to shift to structured fields, it sounds like a new field name is in order.

Cheers,


> On 23 Jul 2025, at 12:13 am, Atul Tulshibagwale <atul@sgnl.ai> wrote:
> 
> Hi Poul-Henning,
> We have existing software such as Tokenetes (a CNCF Sandbox project) which use TraTs and the Txn-Token header as a single, unquoted value, which is the JWT.
> 
> Using sf-string would mean we have to place quotes around this value and change software in a backward incompatible way, which is not desirable. The other options would have the same issue. 
> 
> I suppose we have to decide whether we need to change our draft in order to fit one of the existing types, or does it make sense to define a new type that can readily accept a JWT value. I am inclined toward the latter, because I think there will be many headers (for example in the WIMSE working group) that will require such JWT values.
> 
> Atul
> 
> On Tue, Jul 22, 2025 at 3:46 AM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> --------
> Brian Campbell writes:
> 
> 
> > RFC 7519 defines JWT but for the purpose of this conversation a JWT is text
> > that is composed of three base64url segments separated by the dot/period
> > "." character.
> 
> > There doesn't seem to be a natural fit of an HTTP Structured Field Values
> > to carry a JWT.
> 
> I'm not sure what your criteria is for "a natural fit", but I can see several
> ways that are neither inefficient nor (too) offensive to the eye:
> 
> A)  As a sf-string
> 
> B)  As three sf-strings in a sf-list
> 
> C)  Prepend a 'J' and call it a sf-token
>     (base64url fits in tchar, right ?)
> 
> D)  As three sf-binary in a sf-list.
> 
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 23 July 2025 10:04:14 UTC