Re: Call for adoption: draft-hardt-httpbis-signature-key-01 (Ends 2026-02-26)

Hey

I just saw this thread -- I did not know a call for adoption had been
issued -- I plan on presenting remotely at the next meeting.

I just published a minor update to use base64 for the x509 scheme per
Martin's suggestion.

Martin: If I understand your comment correctly, you are suggesting that
only some schemes will be used, and they will be used in isolated
ecosystems?

I'll share use cases that span hwk, jws_uri, and jwt -- x509 is there
because lots of infrastructure uses it so we thought we should define
something rather than not.

/Dick



On Fri, Feb 13, 2026 at 7:14 AM Martin Thomson <mt@lowentropy.net> wrote:

> I'd like to see more discussion on use cases that would motivate the
> panoply of formats that this proposes.  It might be better, in the spirit
> of RFC 9170, to have multiple fields rather than a single field with such
> extreme diversity as this proposes.
>
> I know that it's tempting to try to sweep all the use cases away in one
> action, but what the proposed design is more likely to produce (in my view,
> at least) is some successful variants, some unsuccessful variants, and a
> whole bunch of interoperability failure as people use incompatible
> variants.  The only outcomes that will be interoperable are (again, my
> prediction) is isolated ecosystems that happily use their chosen variants,
> or less isolated ecosystems that pick a single, de-facto winner.
>
> On Fri, Feb 13, 2026, at 15:06, Tommy Pauly wrote:
> > Hi HTTP,
> >
> > As this email notes, we’re starting a call for adoption on
> > draft-hardt-httpbis-signature-key. We’ve had some discussion on list,
> > and also would plan to have time at IETF 125 to discuss. Please take a
> > look and let us know if you think this a document the working group
> > should adopt.
> >
> > Best,
> > Tommy
> >
> >> On Feb 12, 2026, at 8:04 PM, Tommy Pauly via Datatracker <
> noreply@ietf.org> wrote:
> >>
> >> This message starts a httpbis WG Call for Adoption of:
> >> draft-hardt-httpbis-signature-key-01
> >>
> >> This Working Group Call for Adoption ends on 2026-02-26
> >>
> >> Abstract:
> >>   This document defines the Signature-Key HTTP header field for
> >>   distributing public keys used to verify HTTP Message Signatures as
> >>   defined in RFC 9421.  Four initial key distribution schemes are
> >>   defined: pseudonymous inline keys (hwk), identified signers with JWKS
> >>   URI discovery (jwks_uri), X.509 certificate chains (x509), and JWT-
> >>   based delegation (jwt).  These schemes enable flexible trust models
> >>   ranging from privacy-preserving pseudonymous verification to PKI-
> >>   based identity chains and horizontally-scalable delegated
> >>   authentication.
> >>
> >> Please reply to this message and indicate whether or not you support
> adoption
> >> of this Internet-Draft by the httpbis WG. Comments to explain your
> preference
> >> are greatly appreciated. Please reply to all recipients of this message
> and
> >> include this message in your response.
> >>
> >> Authors, and WG participants in general, are reminded of the
> Intellectual
> >> Property Rights (IPR) disclosure obligations described in BCP 79 [2].
> >> Appropriate IPR disclosures required for full conformance with the
> provisions
> >> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
> >> Sanctions available for application to violators of IETF IPR Policy can
> be
> >> found at [3].
> >>
> >> Thank you.
> >> [1] https://datatracker.ietf.org/doc/bcp78/
> >> [2] https://datatracker.ietf.org/doc/bcp79/
> >> [3] https://datatracker.ietf.org/doc/rfc6701/
> >>
> >> The IETF datatracker status page for this Internet-Draft is:
> >> https://datatracker.ietf.org/doc/draft-hardt-httpbis-signature-key/
> >>
> >> There is also an HTML version available at:
> >>
> https://www.ietf.org/archive/id/draft-hardt-httpbis-signature-key-01.html
> >>
> >> A diff from the previous version is available at:
> >>
> https://author-tools.ietf.org/iddiff?url2=draft-hardt-httpbis-signature-key-01
>
>