How does this compare with justin's draft? Phil
Begin forwarded message: > From: Manu Sporny <mspo...@digitalbazaar.com> > Date: May 8, 2014 at 14:41:55 PDT > To: IETF HTTP Auth <http-a...@ietf.org> > Cc: Julian Reschke <julian.resc...@gmx.de>, Mark Nottingham <m...@mnot.net>, > Web Payments CG <public-webpayme...@w3.org> > Subject: [http-auth] Review Request for third draft of "Signing HTTP Messages" > > After feedback from Mark Nottingham[1], Julian Reschke[2], folks in the > HTTP Auth WG, and people in the Web Payments CG, we've modified the HTTP > Signatures specification in the following ways: > > 1. The specification has been renamed to "Signing HTTP Messages". > 2. The specification now covers both a signature-based Authorization > mechanism (client-to-server) as well as a general mechanism to sign > HTTP messages (client-to-server and server-to-client). > 3. A new "Signature" header has been introduced. > 4. The layout has been modified heavily to streamline the information > conveyed in the spec. > 5. New registries have been created for the algorithms referred to in > the specification. > 6. We're now more specific in the way certain canonicalizations are > performed. > 7. More examples have been added, including how to digitally sign > the body of an HTTP message. > > The basic mechanism of generating the signatures has not changed (and > has been stable for over a year). > > The newest spec can be found here: > > http://tools.ietf.org/html/draft-cavage-http-signatures-02 > > The diff is here: > > http://tools.ietf.org/rfcdiff?url2=draft-cavage-http-signatures-02.txt > > Matt, Yoav, Kathleen, if there are no show stopping review comments, I'd > like to push this spec onto the RFC track in the HTTP Auth WG, or > HTTPbis/2 WG. It'll be ready for a LC in a month or two. I realize that > HTTP Auth may be shutting down next month, so what's the next step to > get the HTTP Signatures spec further down the IETF RFC track? > > -- manu > > [1] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0038.html > [2] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0036.html > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: The Marathonic Dawn of Web Payments > http://manu.sporny.org/2014/dawn-of-web-payments/ > > _______________________________________________ > http-auth mailing list > http-a...@ietf.org > https://www.ietf.org/mailman/listinfo/http-auth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
