- From: David Waite <dwaite@pingidentity.com>
- Date: Sat, 4 Feb 2023 23:17:04 -0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Sunday, 5 February 2023 06:17:28 UTC
On Mon, Jan 30, 2023 at 12:20 PM Manu Sporny <msporny@digitalbazaar.com> wrote: <snipping> Meanwhile, other canonicalization schemes, like the one used in HTTP > Signatures, tend to sail through large groups like the HTTP WG where > these "All Canonicalization is bad" folks haven't been able to block > the work. > The original "cavage" scheme, which you co-authored, was first published nearly 10 years ago. That was hardly the first scheme created; and I imagine that work built on learnings before it. After several revisions, it was adopted by the HTTPbis group nearly 3 years ago, and has been revised 15 times since. The HTTPbis working group is (in my personal opinion) the only group I could imagine knowledgeable enough to result in a robust and safe specification in that space. The challenges in retrofitting a canonicalization and signature system over HTTP are significant, and (again, in my opinion) saying http signatures are "sailing through" does a disservice to others involved in that work. -DW -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
Received on Sunday, 5 February 2023 06:17:28 UTC