- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 08 May 2014 17:41:55 -0400
- To: IETF HTTP Auth <http-auth@ietf.org>
- CC: Web Payments CG <public-webpayments@w3.org>, Mark Nottingham <mnot@mnot.net>, Mark Cavage <mark.cavage@joyent.com>, Julian Reschke <julian.reschke@gmx.de>
After feedback from Mark Nottingham[1], Julian Reschke[2], folks in the HTTP Auth WG, and people in the Web Payments CG, we've modified the HTTP Signatures specification in the following ways: 1. The specification has been renamed to "Signing HTTP Messages". 2. The specification now covers both a signature-based Authorization mechanism (client-to-server) as well as a general mechanism to sign HTTP messages (client-to-server and server-to-client). 3. A new "Signature" header has been introduced. 4. The layout has been modified heavily to streamline the information conveyed in the spec. 5. New registries have been created for the algorithms referred to in the specification. 6. We're now more specific in the way certain canonicalizations are performed. 7. More examples have been added, including how to digitally sign the body of an HTTP message. The basic mechanism of generating the signatures has not changed (and has been stable for over a year). The newest spec can be found here: http://tools.ietf.org/html/draft-cavage-http-signatures-02 The diff is here: http://tools.ietf.org/rfcdiff?url2=draft-cavage-http-signatures-02.txt Matt, Yoav, Kathleen, if there are no show stopping review comments, I'd like to push this spec onto the RFC track in the HTTP Auth WG, or HTTPbis/2 WG. It'll be ready for a LC in a month or two. I realize that HTTP Auth may be shutting down next month, so what's the next step to get the HTTP Signatures spec further down the IETF RFC track? -- manu [1] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0038.html [2] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0036.html -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Thursday, 8 May 2014 21:42:19 UTC