draft-ietf-httpbis-message-signatures-06.txt   draft-ietf-httpbis-message-signatures-latest.txt 
HTTP Working Group A. Backman, Ed. HTTP Working Group A. Backman, Ed.
Internet-Draft Amazon Internet-Draft Amazon
Intended status: Standards Track J. Richer Intended status: Standards Track J. Richer
Expires: February 14, 2022 Bespoke Engineering Expires: March 17, 2022 Bespoke Engineering
M. Sporny M. Sporny
Digital Bazaar Digital Bazaar
August 13, 2021 September 13, 2021
HTTP Message Signatures HTTP Message Signatures
draft-ietf-httpbis-message-signatures-06 draft-ietf-httpbis-message-signatures-latest
Abstract Abstract
This document describes a mechanism for creating, encoding, and This document describes a mechanism for creating, encoding, and
verifying digital signatures or message authentication codes over verifying digital signatures or message authentication codes over
components of an HTTP message. This mechanism supports use cases components of an HTTP message. This mechanism supports use cases
where the full HTTP message may not be known to the signer, and where where the full HTTP message may not be known to the signer, and where
the message may be transformed (e.g., by intermediaries) before the message may be transformed (e.g., by intermediaries) before
reaching the verifier. This document also describes a means for reaching the verifier. This document also describes a means for
requesting that a signature be applied to a subsequent HTTP message requesting that a signature be applied to a subsequent HTTP message
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 14, 2022. This Internet-Draft will expire on March 17, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 43, line 23 skipping to change at page 43, line 23
[FIPS186-4] [FIPS186-4]
"Digital Signature Standard (DSS)", 2013, "Digital Signature Standard (DSS)", 2013,
<https://csrc.nist.gov/publications/detail/fips/186/4/ <https://csrc.nist.gov/publications/detail/fips/186/4/
final>. final>.
[HTMLURL] "URL (Living Standard)", 2021, [HTMLURL] "URL (Living Standard)", 2021,
<https://url.spec.whatwg.org/>. <https://url.spec.whatwg.org/>.
[MESSAGING] [MESSAGING]
Fielding, R. T., Nottingham, M., and J. Reschke, Fielding, R. T., Nottingham, M., and J. Reschke,
"HTTP/1.1", draft-ietf-httpbis-messaging-17 (work in "HTTP/1.1", draft-ietf-httpbis-messaging-19 (work in
progress), July 2021. progress), September 2021.
[POSIX.1] "The Open Group Base Specifications Issue 7, 2018 [POSIX.1] "The Open Group Base Specifications Issue 7, 2018
edition", 2018, edition", 2018,
<https://pubs.opengroup.org/onlinepubs/9699919799/>. <https://pubs.opengroup.org/onlinepubs/9699919799/>.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>. <https://www.rfc-editor.org/info/rfc2104>.
skipping to change at page 44, line 16 skipping to change at page 44, line 16
"Handling Long Lines in Content of Internet-Drafts and "Handling Long Lines in Content of Internet-Drafts and
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020,
<https://www.rfc-editor.org/info/rfc8792>. <https://www.rfc-editor.org/info/rfc8792>.
[RFC8941] Nottingham, M. and P-H. Kamp, "Structured Field Values for [RFC8941] Nottingham, M. and P-H. Kamp, "Structured Field Values for
HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021, HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021,
<https://www.rfc-editor.org/info/rfc8941>. <https://www.rfc-editor.org/info/rfc8941>.
[SEMANTICS] [SEMANTICS]
Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
Semantics", draft-ietf-httpbis-semantics-17 (work in Semantics", draft-ietf-httpbis-semantics-19 (work in
progress), July 2021. progress), September 2021.
8.2. Informative References 8.2. Informative References
[I-D.ietf-httpbis-client-cert-field] [I-D.ietf-httpbis-client-cert-field]
Campbell, B. and M. Bishop, "Client-Cert HTTP Header Campbell, B. and M. Bishop, "Client-Cert HTTP Header
Field: Conveying Client Certificate Information from TLS Field: Conveying Client Certificate Information from TLS
Terminating Reverse Proxies to Origin Server Terminating Reverse Proxies to Origin Server
Applications", draft-ietf-httpbis-client-cert-field-00 Applications", draft-ietf-httpbis-client-cert-field-00
(work in progress), June 2021. (work in progress), June 2021.
skipping to change at page 56, line 16 skipping to change at page 56, line 16
Michael Richardson, Wojciech Rygielski, Adam Scarr, Cory J. Slep, Michael Richardson, Wojciech Rygielski, Adam Scarr, Cory J. Slep,
Dirk Stein, Henry Story, Lukasz Szewc, Chris Webber, and Jeffrey Dirk Stein, Henry Story, Lukasz Szewc, Chris Webber, and Jeffrey
Yasskin. Yasskin.
Document History Document History
_RFC EDITOR: please remove this section before publication_ _RFC EDITOR: please remove this section before publication_
o draft-ietf-httpbis-message-signatures o draft-ietf-httpbis-message-signatures
* -07
+ No substantive changes.
* -06 * -06
+ Updated language for message components, including + Updated language for message components, including
identifiers and values. identifiers and values.
+ Clarified that Signature-Input and Signature are fields + Clarified that Signature-Input and Signature are fields
which can be used as headers or trailers. which can be used as headers or trailers.
+ Add "Accept-Signature" field and semantics for signature + Add "Accept-Signature" field and semantics for signature
negotiation. negotiation.
 End of changes. 7 change blocks. 
8 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/