Manu, Justin, Annabelle, On Wed, Feb 14, 2024 at 3:51 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > You can use DIDs (or other types of > keys) to digitally sign these messages and there are other > specifications that this group is incubating > I'd be interested in adding SSH detached signatures to the "HTTP Signature Algorithms" registry. SSH signatures have been available for the last few years (since openssh v8.7), and are now supported by git (since git v2.34 for signing commits and tags), work for detached file signing (as an alternative to PGP), and they also supports a simple P2P signature certificate hierarchy (https://smallstep.com/blog/use-ssh-certificates/). What would be involved in registering ssh? The spec says "specification required" but I've found in the past it is never just as simple as internet-draft specification and an IANA submission. Is this a working group decision, or is it "assigned expert" who they delegate the registry decisions to? (the latter is what is actually required for "specification required" CBOR tags). Do you know how that might work or who the "assigned experts" might be? Thanks! -- Christopher Allen
Received on Thursday, 15 February 2024 00:41:23 UTC