HTTP Message Signatures (RFC 9421) and Registering SSH as a HTTP Signature Algorithm?

Manu, Justin, Annabelle,

On Wed, Feb 14, 2024 at 3:51 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> You can use DIDs (or other types of
> keys) to digitally sign these messages and there are other
> specifications that this group is incubating
>

I'd be interested in adding SSH detached signatures to the "HTTP Signature
Algorithms" registry. SSH signatures have been available for the last few
years (since openssh v8.7), and are now supported by git (since git v2.34
for signing commits and tags), work for detached file signing (as an
alternative to PGP), and they also supports a simple P2P signature
certificate hierarchy (https://smallstep.com/blog/use-ssh-certificates/).

What would be involved in registering ssh? The spec says "specification
required" but I've found in the past it is never just as simple as
internet-draft specification and an IANA submission. Is this a working
group decision, or is it "assigned expert" who they delegate the registry
decisions to? (the latter is what is actually required for "specification
required" CBOR tags). Do you know how that might work or who the "assigned
experts" might be?

Thanks!

-- Christopher Allen

Received on Thursday, 15 February 2024 00:41:23 UTC