Re: HTTP Signatures draft published at IETF

On 7 May 2013 19:01, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 05/07/2013 04:04 AM, Melvin Carvalho wrote:
> > Yeah, I'll ping Julian Reschke or Mark Nottingham about it to see if
> > we can update the HTTP header field easily.
> >
> > +1
> >
> > There have been proponents of this for many years e.g. Toby, Nathan,
> >  Kingsley, myself ... just need to get the spec tweaked to
> > distinguish between strings and URIs.
>
> Do one of you want to take the lead on this? :)
>

Sure, I would be happy to.  Kingsley already asked Mark Nottingham about
this last month.  Im unsure what the most productive next steps should be.


>
> > Non email values in the from header are already permissible.
>
> Where's the spec that allows that? The HTTP spec is pretty explicit
> about only allowing e-mail values?
>

My take on:

if given, SHOULD contain an Internet e-mail address for the human user
who controls the requesting user agent


SHOULD is not the same as MUST, so perhaps the language can be loosened, or
be left as is and in certain circumstances send an HTTP identity ...


> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Meritora - Web payments commercial launch
> http://blog.meritora.com/launch/
>

Received on Tuesday, 7 May 2013 18:13:13 UTC