- From: <internet-drafts@ietf.org>
- Date: Thu, 09 Apr 2026 07:52:03 -0700
- To: <i-d-announce@ietf.org>
- Cc: ietf-http-wg@w3.org
Internet-Draft draft-hardt-httpbis-signature-key-04.txt is now available. It
is a work item of the HTTP (HTTPBIS) WG of the IETF.
Title: HTTP Signature Keys
Authors: Dick Hardt
Thibault Meunier
Name: draft-hardt-httpbis-signature-key-04.txt
Pages: 35
Dates: 2026-04-09
Abstract:
This document defines two HTTP header fields and one Accept-Signature
parameter for use with HTTP Message Signatures as defined in RFC
9421. The Signature-Key request header distributes public keys used
to verify signatures, with five initial key distribution schemes:
pseudonymous inline keys (hwk), self-issued key delegation via JWK
Thumbprint JWTs (jkt-jwt), identified signers with JWKS URI discovery
(jwks_uri), JWT-based delegation (jwt), and X.509 certificate chains
(x509). The sigkey parameter extends Accept-Signature (RFC 9421
Section 5) to indicate the type of Signature-Key the server requires.
The Signature-Error response header provides structured error
information when signature verification fails. Together, these
mechanisms enable flexible trust models ranging from privacy-
preserving pseudonymous verification to horizontally-scalable
delegated authentication and PKI-based identity chains.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-hardt-httpbis-signature-key/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-hardt-httpbis-signature-key-04.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-hardt-httpbis-signature-key-04
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
Received on Thursday, 9 April 2026 14:52:07 UTC