[auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
David Dong via RT <iana-matrix@iana.org> Mon, 12 February 2024 18:52 UTC
Return-Path: <iana-shared@icann.org>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7C4AC1519A4; Mon, 12 Feb 2024 10:52:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.658
X-Spam-Level:
X-Spam-Status: No, score=-6.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JF2XkH43gu-h; Mon, 12 Feb 2024 10:52:42 -0800 (PST)
Received: from smtp.lax.icann.org (smtp.lax.icann.org [IPv6:2620:0:2d0:201::1:81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2E4C1516E9; Mon, 12 Feb 2024 10:52:42 -0800 (PST)
Received: from request6.lax.icann.org (request1.lax.icann.org [10.32.11.221]) by smtp.lax.icann.org (Postfix) with ESMTP id DC0EFE1A08; Mon, 12 Feb 2024 18:52:41 +0000 (UTC)
Received: by request6.lax.icann.org (Postfix, from userid 48) id D91DD4E332; Mon, 12 Feb 2024 18:52:41 +0000 (UTC)
RT-Owner: david.dong
From: David Dong via RT <iana-matrix@iana.org>
Reply-To: iana-matrix@iana.org
In-Reply-To: <CC9AE0B9-03A8-479A-9235-88C1EBF5F67B@amsl.com>
References: <RT-Ticket-1358618@icann.org> <20240122235424.DA8495668A@rfcpa.amsl.com> <28B3E1C1-7695-4B4A-8640-E6B7A48F4D7B@mit.edu> <545597A1-9F15-43F8-A702-E1DB3A20E2F4@amsl.com> <3E666F1B-5F26-4FD3-9D2F-BDF0452BF40D@mit.edu> <E82CBD46-2EEC-4A8E-BF0B-97075344A077@amsl.com> <DEDC6CFC-823E-4495-BD6B-82BFB0317C9C@amsl.com> <3BBA66BB-D6F8-4FA3-8093-C7983D2FA446@mit.edu> <0E1DB15F-4FE6-435C-A682-A281F5FDDA23@amsl.com> <CC9AE0B9-03A8-479A-9235-88C1EBF5F67B@amsl.com>
Message-ID: <rt-5.0.3-1268122-1707763961-1915.1358618-37-0@icann.org>
X-RT-Loop-Prevention: IANA
X-RT-Ticket: IANA #1358618
X-Managed-BY: RT 5.0.3 (http://www.bestpractical.com/rt/)
X-RT-Originator: david.dong@iana.org
To: lbartholomew@amsl.com
CC: tpauly@apple.com, richanna@amazon.com, rfc-editor@rfc-editor.org, paul.wouters@aiven.io, msporny@digitalbazaar.com, jricher@mit.edu, iana@iana.org, httpbis-chairs@ietf.org, httpbis-ads@ietf.org, auth48archive@rfc-editor.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Precedence: bulk
Date: Mon, 12 Feb 2024 18:52:41 +0000
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/Dyu8ha7N5i3U6u8918zuq8235eM>
Subject: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 18:52:46 -0000
Hi Lynne, These changes are complete; please see: https://www.iana.org/assignments/http-message-signature/ Thank you. Best regards, David Dong IANA Services Sr. Specialist On Fri Feb 09 21:15:50 2024, lbartholomew@amsl.com wrote: > Dear IANA, > > We are preparing this document for publication. Per author-approved > updates to this document, please make the following updates on > <https://www.iana.org/assignments/http-message-signature/>: > > In the "HTTP Signature Algorithms" registry: > > OLD: > ed25519 Edwards Curve DSA using curve edwards25519 Active > [RFC-ietf-httpbis-message-signatures-19, Section 3.3.6] > > NEW: > ed25519 EdDSA using curve edwards25519 Active [RFC-ietf- > httpbis-message-signatures-19, Section 3.3.6] > > = = = = = > > In the "HTTP Signature Component Parameters" registry: > > OLD: > sf Strict structured field serialization [RFC-ietf-httpbis- > message-signatures-19, Section 2.1.1] > key Single key value of dictionary structured fields [RFC-ietf- > httpbis-message-signatures-19, Section 2.1.2] > > NEW: > sf Strict Structured Field serialization [RFC-ietf-httpbis- > message-signatures-19, Section 2.1.1] > key Single key value of Dictionary Structured Fields [RFC-ietf- > httpbis-message-signatures-19, Section 2.1.2] > > > Thank you! > > RFC Editor/lb > > > On Feb 9, 2024, at 1:00 PM, Lynne Bartholomew <lbartholomew@amsl.com> > > wrote: > > > > Hi again, Justin and Manu. > > > > Thank you very much for your quick replies! We have updated this > > document accordingly and will email IANA with the requested updates > > shortly. > > > > In the meantime, the latest files are here. Please refresh your > > browser: > > > > https://www.rfc-editor.org/authors/rfc9421.txt > > https://www.rfc-editor.org/authors/rfc9421.pdf > > https://www.rfc-editor.org/authors/rfc9421.html > > https://www.rfc-editor.org/authors/rfc9421.xml > > https://www.rfc-editor.org/authors/rfc9421-diff.html > > https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > > https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > > https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > > https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > > https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > > > > (FYI that per the fix for trouble ticket #1097 > > (https://github.com/ietf-tools/xml2rfc/issues/1097), the listing for > > [BCP195] in the References section has been updated as well.) > > > > Thanks again! > > > > RFC Editor/lb > > > > > >> On Feb 9, 2024, at 12:39 PM, Manu Sporny <msporny@digitalbazaar.com> > >> wrote: > >> > >> On Fri, Feb 9, 2024 at 3:29 PM Justin Richer <jricher@mit.edu> > >> wrote: > >>> Yes, that change is fine — I checked the defining RFC and it uses > >>> "EdDSA" regularly, so we can go with "EdDSA using curve > >>> edwards25519" as the value here. > >> > >> Agreed. > >> > >> -- manu > >> > >> -- > >> Manu Sporny - https://www.linkedin.com/in/manusporny/ > >> Founder/CEO - Digital Bazaar, Inc. > >> https://www.digitalbazaar.com/ > > > >> On Feb 9, 2024, at 12:28 PM, Justin Richer <jricher@mit.edu> wrote: > >> > >> Hi Lynne, > >> > >> Yes, that change is fine — I checked the defining RFC and it uses > >> "EdDSA" regularly, so we can go with "EdDSA using curve > >> edwards25519" as the value here. > >> > >> Thank you! > >> > >> — Justin > >> > >>> On Feb 9, 2024, at 3:19 PM, Lynne Bartholomew > >>> <lbartholomew@amsl.com> wrote: > >>> > >>> Hi, Justin and Manu. > >>> > >>> We are preparing this document for publication along with RFC-to-be > >>> 9530. > >>> > >>> Apologies for not spotting this earlier: > >>> > >>> The last entry in the "HTTP Signature Algorithms" registry on > >>> <https://www.iana.org/assignments/http-message-signature/> and the > >>> last entry in Table 2 do not follow the format/pattern used for the > >>> other entries. Would you like "Edwards Curve DSA using curve > >>> edwards25519" in Table 2 and on the IANA page to be "EdDSA using > >>> curve edwards25519"? We ask because the other entries appear to > >>> follow the form of the corresponding section titles. > >>> > >>> We have a couple other updates that we need to ask IANA to make > >>> before we publish this document, so if you agree to the update > >>> listed above, we will add it to the list of update requests for > >>> IANA. > >>> > >>> Thank you! > >>> > >>> RFC Editor/lb > >>> > >>> > >>>> On Feb 6, 2024, at 4:11 PM, Lynne Bartholomew > >>>> <lbartholomew@amsl.com> wrote: > >>>> > >>>> Hi, Paul. > >>>> > >>>> Thank you for approving on Annabelle's behalf. We have noted > >>>> approvals for publication for both of you: > >>>> > >>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>> > >>>> This document will be published when RFC-to-be 9530 is published. > >>>> > >>>> Thank you! > >>>> > >>>> RFC Editor/lb > >>>> > >>>>> On Feb 6, 2024, at 10:48 AM, Paul Wouters <paul.wouters@aiven.io> > >>>>> wrote: > >>>>> > >>>>> > >>>>> On Tue, Feb 6, 2024 at 1:16 PM Lynne Bartholomew > >>>>> <lbartholomew@amsl.com> wrote: > >>>>> Hi, Paul. > >>>>> > >>>>> Per the emails below, would you please approve this document for > >>>>> publication on behalf of Annabelle? > >>>>> > >>>>> I was checking to see when we last heard from her, which seems to > >>>>> be October 2023. Since that's been > >>>>> a while, I approve publication on her behalf. > >>>>> > >>>>> Paul > >>>>> > >>>>> Please see <https://www.rfc-editor.org/auth48/rfc9421> for the > >>>>> AUTH48 timeline for this document. > >>>>> > >>>>> The latest files are posted here. Please refresh your browser: > >>>>> > >>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > >>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > >>>>> > >>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>>> > >>>>> Thank you. > >>>>> > >>>>> RFC Editor/lb > >>>>> > >>>>>> On Feb 6, 2024, at 10:09 AM, Lynne Bartholomew > >>>>>> <lbartholomew@amsl.com> wrote: > >>>>>> > >>>>>> Hi, Justin and Manu. > >>>>>> > >>>>>> Thank you for the quick replies. We will email the AD to > >>>>>> request AD approval on behalf of Annabelle. > >>>>>> > >>>>>> RFC Editor/lb > >>>>>> > >>>>>>> On Feb 6, 2024, at 10:01 AM, Manu Sporny > >>>>>>> <msporny@digitalbazaar.com> wrote: > >>>>>>> > >>>>>>> On Tue, Feb 6, 2024 at 12:54 PM Justin Richer <jricher@mit.edu> > >>>>>>> wrote: > >>>>>>>> I strongly prefer option 3. > >>>>>>> > >>>>>>> Agreed. > >>>>>>> > >>>>>>> -- manu > >>>>>> > >>>>>>> On Feb 6, 2024, at 9:54 AM, Justin Richer <jricher@mit.edu> > >>>>>>> wrote: > >>>>>>> > >>>>>>> I strongly prefer option 3. > >>>>>>> > >>>>>>> Thank you, > >>>>>>> -Justin > >>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > >>>>>>> Sent: Tuesday, February 6, 2024 11:26 AM > >>>>>>> To: Justin Richer <jricher@mit.edu> > >>>>>>> Cc: Sandy Ginoza <sginoza@amsl.com>; richanna@amazon.com > >>>>>>> <richanna@amazon.com>; Manu Sporny <msporny@digitalbazaar.com>; > >>>>>>> rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>; httpbis- > >>>>>>> ads@ietf.org <httpbis-ads@ietf.org>; httpbis-chairs@ietf.org > >>>>>>> <httpbis-chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul > >>>>>>> Wouters <paul.wouters@aiven.io>; auth48archive@rfc-editor.org > >>>>>>> <auth48archive@rfc-editor.org> > >>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- > >>>>>>> message-signatures-19> for your review Hi, Justin. We have > >>>>>>> three options, as listed on <https://www.rfc- > >>>>>>> editor.org/faq/#missingauthor>. > >>>>>>> > >>>>>>> It sounds like Option 3 might be best in this case, but please > >>>>>>> let us know your preference regarding next steps. > >>>>>>> > >>>>>>> Thank you. > >>>>>>> > >>>>>>> RFC Editor/lb > >>>>>>> > >>>>>>>> On Feb 5, 2024, at 3:11 PM, Justin Richer <jricher@mit.edu> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>> Hi Sandy et al, > >>>>>>>> > >>>>>>>> In addition to these emails, I have reached out to Annabelle > >>>>>>>> on personal channels and have not heard back from her there > >>>>>>>> either in quite some time. I am not sure what her situation is > >>>>>>>> right now, but I am not sure we can anticipate her responding > >>>>>>>> soon. I hate to be in the position to ask this, but is there a > >>>>>>>> process for moving forward if we don't hear a response from > >>>>>>>> her? > >>>>>>>> > >>>>>>>> - Justin > >>>>>>>> From: Sandy Ginoza <sginoza@amsl.com> > >>>>>>>> Sent: Wednesday, January 31, 2024 11:29 AM > >>>>>>>> To: richanna@amazon.com <richanna@amazon.com>; Justin Richer > >>>>>>>> <jricher@mit.edu> > >>>>>>>> Cc: Lynne Bartholomew <lbartholomew@amsl.com>; Manu Sporny > >>>>>>>> <msporny@digitalbazaar.com>; RFC Editor <rfc-editor@rfc- > >>>>>>>> editor.org>; httpbis-ads@ietf.org <httpbis-ads@ietf.org>; > >>>>>>>> httpbis-chairs@ietf.org <httpbis-chairs@ietf.org>; Tommy Pauly > >>>>>>>> <tpauly@apple.com>; Paul Wouters <paul.wouters@aiven.io>; > >>>>>>>> auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> > >>>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- > >>>>>>>> message-signatures-19> for your review Hi Annabelle, > >>>>>>>> > >>>>>>>> We do not believe we have heard from you regarding this > >>>>>>>> document’s readiness for publication. Please review the files > >>>>>>>> and let us know if any updates are needed or if you approve > >>>>>>>> the RFC for publication. > >>>>>>>> > >>>>>>>> Thank you, > >>>>>>>> RFC Editor/sg > >>>>>>>> > >>>>>>>>> On Jan 29, 2024, at 7:54 PM, Justin Richer <jricher@mit.edu> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>> Thank you! > >>>>>>>>> > >>>>>>>>> - Justin > >>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > >>>>>>>>> Sent: Monday, January 29, 2024 7:15 PM > >>>>>>>>> To: Justin Richer <jricher@mit.edu> > >>>>>>>>> Cc: Manu Sporny <msporny@digitalbazaar.com>; rfc-editor@rfc- > >>>>>>>>> editor.org <rfc-editor@rfc-editor.org>; Annabelle Backman > >>>>>>>>> <richanna@amazon.com>; httpbis-ads@ietf.org <httpbis- > >>>>>>>>> ads@ietf.org>; httpbis-chairs@ietf.org <httpbis- > >>>>>>>>> chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul > >>>>>>>>> Wouters <paul.wouters@aiven.io>; auth48archive@rfc-editor.org > >>>>>>>>> <auth48archive@rfc-editor.org> > >>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- > >>>>>>>>> message-signatures-19> for your review > >>>>>>>>> > >>>>>>>>> Hi, Justin. > >>>>>>>>> > >>>>>>>>> We've made the additional updates in Sections 7.1.1 and 7.2.5 > >>>>>>>>> per your notes below. The latest files are here: > >>>>>>>>> > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > >>>>>>>>> > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>>>>>>> > >>>>>>>>> We have noted your approval on the AUTH48 status page: > >>>>>>>>> > >>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>>>>>>> > >>>>>>>>> Again, many thanks for your help with this document! > >>>>>>>>> > >>>>>>>>> RFC Editor/lb > >>>>>>>>> > >>>>>>>>>> On Jan 29, 2024, at 12:35 PM, Justin Richer > >>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>> > >>>>>>>>>> I think it’s fine to lowercase those items. I may have been > >>>>>>>>>> going a little overboard on Assuming Terms Are Proper Nouns > >>>>>>>>>> there. :) > >>>>>>>>>> > >>>>>>>>>> Two small changes we need to make: > >>>>>>>>>> > >>>>>>>>>> - In section 7.1.1, "HTTP message without the Signature > >>>>>>>>>> fields" should be "HTTP message without the Signature or > >>>>>>>>>> Signature-Input fields". > >>>>>>>>>> - In section 7.2.5, "HTTP message signature field values are > >>>>>>>>>> identified" should be reverted to "HTTP message signature > >>>>>>>>>> values are identified", as I think I was over-zealous at > >>>>>>>>>> adding "field" here. > >>>>>>>>>> > >>>>>>>>>> With those in place, I approve this version. Thank you so > >>>>>>>>>> much! > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> — Justin > >>>>>>>>>> > >>>>>>>>>>> On Jan 29, 2024, at 2:09 PM, Lynne Bartholomew > >>>>>>>>>>> <lbartholomew@amsl.com> wrote: > >>>>>>>>>>> > >>>>>>>>>>> Hi, Justin. > >>>>>>>>>>> > >>>>>>>>>>> Thank you for the latest XML file! We made further updates > >>>>>>>>>>> as noted below. > >>>>>>>>>>> > >>>>>>>>>>> * Removed the [rfced] questions again > >>>>>>>>>>> * Changed "boolean" to "Boolean" (per your note that we can > >>>>>>>>>>> go with "Boolean" for all cases) > >>>>>>>>>>> * Changed "HTTP Message" to "HTTP message where used > >>>>>>>>>>> generally (per your note that "HTTP message" is fine and > >>>>>>>>>>> seems to align with RFC 9110) > >>>>>>>>>>> * Changed "HTTP Message Signature" to "HTTP message > >>>>>>>>>>> signature" in running text (per your note below) > >>>>>>>>>>> * Updated our XML comment for draft-ietf-httpbis-digest- > >>>>>>>>>>> headers again, to point out that draft-ietf-httpbis-digest- > >>>>>>>>>>> headers is in AUTH48-DONE as of January 2024; if draft- > >>>>>>>>>>> ietf-httpbis-digest-headers is published first, we will > >>>>>>>>>>> update this document to list RFC 9530 instead > >>>>>>>>>>> > >>>>>>>>>>> Please note that we found five instances each of "HTTP > >>>>>>>>>>> Message Component" and "HTTP message component" in running > >>>>>>>>>>> text. Apologies for missing this earlier. Because we > >>>>>>>>>>> couldn't find a precedent for this term in published RFCs > >>>>>>>>>>> to date (nor could we find a precedent for "HTTP Message > >>>>>>>>>>> Signature" or "HTTP message signature"), we lowercased to > >>>>>>>>>>> "HTTP message component", "HTTP message component name", > >>>>>>>>>>> and "HTTP message component values" in running text. > >>>>>>>>>>> Please review, and let us know any objections. > >>>>>>>>>>> > >>>>>>>>>>> The latest files are posted here. Please refresh your > >>>>>>>>>>> browser: > >>>>>>>>>>> > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > >>>>>>>>>>> > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>>>>>>>>> > >>>>>>>>>>> Thanks again! > >>>>>>>>>>> > >>>>>>>>>>> RFC Editor/lb > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Jan 29, 2024, at 8:45 AM, Justin Richer > >>>>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> I went through all instances of the word "string" in the > >>>>>>>>>>>> text and I believe there were only four places that needed > >>>>>>>>>>>> to change. The resulting file is attached here. > >>>>>>>>>>>> > >>>>>>>>>>>> — Justin > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> On Jan 26, 2024, at 5:57 PM, Justin Richer > >>>>>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On Jan 26, 2024, at 5:45 PM, Lynne Bartholomew > >>>>>>>>>>>>>> <lbartholomew@amsl.com> wrote: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Hi, Justin. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Apologies for not being clear. Please let us know your > >>>>>>>>>>>>>> preference regarding how we should update the four items > >>>>>>>>>>>>>> below. (Question 12)b) says "The following terms appear > >>>>>>>>>>>>>> to be used inconsistently in this document. Please let > >>>>>>>>>>>>>> us know which form is preferred.") > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Oh, my apologies, I misunderstood — answers inline below. > >>>>>>>>>>>>> > >>>>>>>>>>>>>> Regarding RFC-to-be 9530: Per our standard process, > >>>>>>>>>>>>>> even though I updated the entry, if RFC-to-be 9530 > >>>>>>>>>>>>>> hasn't been published before this document is ready to > >>>>>>>>>>>>>> go, I will revert to the previous [DIGEST]/draftstring > >>>>>>>>>>>>>> reference entry. > >>>>>>>>>>>>> > >>>>>>>>>>>>> OK, that’s fine. My question was that RFC-to-be 9530 has > >>>>>>>>>>>>> an informative reference to RFC-to-be 9421 (this > >>>>>>>>>>>>> document). Would it be possible to publish the two > >>>>>>>>>>>>> documents together and have them cross-reference each > >>>>>>>>>>>>> other’s RFC number, since we’re so close? > >>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thank you! > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> RFC Editor/lb > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Jan 26, 2024, at 2:17 PM, Justin Richer > >>>>>>>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Thank you, yes please update each of those as you have > >>>>>>>>>>>>>>> suggested. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I believe RFC 9530 [DIGEST] is done as well, but I > >>>>>>>>>>>>>>> don’t see a good reason to wait until it’s published. I > >>>>>>>>>>>>>>> think it references this specification informationally > >>>>>>>>>>>>>>> as well — has that reference also been changed? If > >>>>>>>>>>>>>>> they’re both close to complete then they should > >>>>>>>>>>>>>>> probably have each others’ RFC numbers instead of ID > >>>>>>>>>>>>>>> names in them, I think. They weren’t put in as a batch > >>>>>>>>>>>>>>> though, and this isn’t critical as they’re > >>>>>>>>>>>>>>> informational references. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> — Justin > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> On Jan 26, 2024, at 5:07 PM, Lynne Bartholomew > >>>>>>>>>>>>>>>> <lbartholomew@amsl.com> wrote: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Hi, Justin and Manu. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Justin, thank you very much for the updated XML file, > >>>>>>>>>>>>>>>> diff file, and replies to our questions! > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Follow-up items for you: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Regarding your side question for [DIGEST]: We have > >>>>>>>>>>>>>>>> updated this entry to reflect RFC 9530 for now. Thank > >>>>>>>>>>>>>>>> you for pointing that out. It appears that RFC 9530 > >>>>>>>>>>>>>>>> might be published soon, but if not, would you like us > >>>>>>>>>>>>>>>> to hold publication of this document until RFC 9530 is > >>>>>>>>>>>>>>>> published? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Regarding our question 12)b) and your replies: We see > >>>>>>>>>>>>>>>> that the following four items were not addressed in > >>>>>>>>>>>>>>>> the updated XML file. Would you like us to make > >>>>>>>>>>>>>>>> updates to some or all of these? If yes, please > >>>>>>>>>>>>>>>> specify which items: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> boolean / Boolean > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> We can go with "Boolean" for all cases. > >>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, > >>>>>>>>>>>>>>>>>> e.g., > >>>>>>>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message > >>>>>>>>>>>>>>>>>> can contain", > >>>>>>>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", > >>>>>>>>>>>>>>>>>> "from the HTTP > >>>>>>>>>>>>>>>>>> Message", "from the HTTP message") > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> "HTTP message" is fine, and seems to align with RFC9110. > >>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message > >>>>>>>>>>>>>>>>>> signature(s) / > >>>>>>>>>>>>>>>>>> HTTP Message signature (in running text) > >>>>>>>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", > >>>>>>>>>>>>>>>>>> "an application > >>>>>>>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message > >>>>>>>>>>>>>>>>>> Signature" > >>>>>>>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section > >>>>>>>>>>>>>>>>>> 3.1), > >>>>>>>>>>>>>>>>>> "An HTTP Message signature MUST use") > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> With the above, let’s go with "HTTP message signature". > >>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> string value / String value > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> This one is more tricky — if it’s talking about the > >>>>>>>>>>>>> Structured Field type of String, it should be > >>>>>>>>>>>>> capitalized. If it’s talking about a "string" in general, > >>>>>>>>>>>>> it shouldn’t be. > >>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> = = = = = > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> The latest files are posted here: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>> rfcdiff.html > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>> auth48diff.html > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>> xmldiff1.html > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>> xmldiff2.html > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Manu, we have noted your approval on the AUTH48 status > >>>>>>>>>>>>>>>> page: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Thanks again! > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> RFC Editor/lb > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> On Jan 26, 2024, at 5:58 AM, Manu Sporny > >>>>>>>>>>>>>>>>> <msporny@digitalbazaar.com> wrote: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> On Thu, Jan 25, 2024 at 11:48 PM Justin Richer > >>>>>>>>>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>>>>>>>>>> Attached please find the XML file with some small > >>>>>>>>>>>>>>>>>> edits applied with regard to the below, as well as a > >>>>>>>>>>>>>>>>>> diff file from the provided XML. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This email is just noting my approval of the edits > >>>>>>>>>>>>>>>>> (thank you, > >>>>>>>>>>>>>>>>> Justin!) as well as the publication of the RFC. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> -- manu > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>>>> Manu Sporny - https://www.linkedin.com/in/manusporny/ > >>>>>>>>>>>>>>>>> Founder/CEO - Digital Bazaar, Inc. > >>>>>>>>>>>>>>>>> https://www.digitalbazaar.com/ > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> On Jan 25, 2024, at 8:48 PM, Justin Richer > >>>>>>>>>>>>>>>>> <jricher@mit.edu> wrote: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Hi RFC Editor! > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Attached please find the XML file with some small > >>>>>>>>>>>>>>>>> edits applied with regard to the below, as well as a > >>>>>>>>>>>>>>>>> diff file from the provided XML. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> There were a couple of small changes to the text that > >>>>>>>>>>>>>>>>> I caught on this read through that I fixed in the > >>>>>>>>>>>>>>>>> XML, not covered in the sections below: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> - Section 1.3, bullet 2, "A combination" should be > >>>>>>>>>>>>>>>>> reverted to "Combination", as we are trying to say > >>>>>>>>>>>>>>>>> "the act and result of combining the fields with the > >>>>>>>>>>>>>>>>> same name" which is specifically described in HTTP > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> - Section 2.1, "content identifier" should be > >>>>>>>>>>>>>>>>> "component identifier" > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> - Section B.1.1. should be named "Example RSA Key", > >>>>>>>>>>>>>>>>> so I’ve updated the XML as appropriate. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> - Example B.2 had an incorrect digest value, this has > >>>>>>>>>>>>>>>>> been corrected (see https://github.com/httpwg/http- > >>>>>>>>>>>>>>>>> extensions/pull/2669) — the calculated signature > >>>>>>>>>>>>>>>>> example that uses this value in B.2.4 had already > >>>>>>>>>>>>>>>>> been corrected and did not need to be changed. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I’ve also replied to the questions inline. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> On Jan 22, 2024, at 6:54 PM, rfc-editor@rfc- > >>>>>>>>>>>>>>>>>> editor.org wrote: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Authors, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> While reviewing this document during AUTH48, please > >>>>>>>>>>>>>>>>>> resolve (as necessary) > >>>>>>>>>>>>>>>>>> the following questions, which are also in the XML > >>>>>>>>>>>>>>>>>> file. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 1) <!-- [rfced] Note that we have removed the URI > >>>>>>>>>>>>>>>>>> <https://manu.sporny.org/>. We checked its > >>>>>>>>>>>>>>>>>> availability many times (including today) and were > >>>>>>>>>>>>>>>>>> unable to connect. > >>>>>>>>>>>>>>>>>> <uri>https://manu.sporny.org/</uri> --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> That’s fine with me. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 2) <!-- [rfced] Sections 1 and subsequent: Because > >>>>>>>>>>>>>>>>>> many changes were > >>>>>>>>>>>>>>>>>> made to this document during the EDIT and AUTH > >>>>>>>>>>>>>>>>>> states, please review > >>>>>>>>>>>>>>>>>> all updates in this document carefully, and let us > >>>>>>>>>>>>>>>>>> know if anything > >>>>>>>>>>>>>>>>>> is incorrect. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I’ve reviewed and, apart from the edits noted above, > >>>>>>>>>>>>>>>>> this section is good. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Also, a follow-on to December 2023 email discussions > >>>>>>>>>>>>>>>>>> regarding the > >>>>>>>>>>>>>>>>>> use of <tt>: Please (1) review current instances of > >>>>>>>>>>>>>>>>>> <tt> and > >>>>>>>>>>>>>>>>>> (2) review changes from "header" to "header field" > >>>>>>>>>>>>>>>>>> as instructed > >>>>>>>>>>>>>>>>>> during the AUTH state (not applied to all > >>>>>>>>>>>>>>>>>> parameters). Let us know > >>>>>>>>>>>>>>>>>> if further updates are needed. --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I’ve gone through the document and have checked > >>>>>>>>>>>>>>>>> instances of <tt> and "header/header field" and these > >>>>>>>>>>>>>>>>> seem to be OK with the suggested edits. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 3) <!-- [rfced] Please review the "type" attribute > >>>>>>>>>>>>>>>>>> of each sourcecode > >>>>>>>>>>>>>>>>>> element in the XML file to ensure correctness. If > >>>>>>>>>>>>>>>>>> the current list > >>>>>>>>>>>>>>>>>> of preferred values for "type" > >>>>>>>>>>>>>>>>>> (https://www.rfc-editor.org/materials/sourcecode- > >>>>>>>>>>>>>>>>>> types.txt) does not > >>>>>>>>>>>>>>>>>> contain an applicable type, please let us know. > >>>>>>>>>>>>>>>>>> Also, it is > >>>>>>>>>>>>>>>>>> acceptable to leave the "type" attribute not set. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> In addition, review each artwork element. > >>>>>>>>>>>>>>>>>> Specifically, should any > >>>>>>>>>>>>>>>>>> artwork element be tagged as sourcecode? --> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I’ve gone through all of these, and they look > >>>>>>>>>>>>>>>>> correct. I made not changes in the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 4) <!-- [rfced] Sections 2.2.8 and subsequent: > >>>>>>>>>>>>>>>>>> Please review the links > >>>>>>>>>>>>>>>>>> that we provided when we made updates to the > >>>>>>>>>>>>>>>>>> citations to [HTMLURL] > >>>>>>>>>>>>>>>>>> (best viewed in the HTML and PDF output files), and > >>>>>>>>>>>>>>>>>> let us know if > >>>>>>>>>>>>>>>>>> there are any issues. For example, it appears to us > >>>>>>>>>>>>>>>>>> that these links > >>>>>>>>>>>>>>>>>> would be stable, but please let us know if this is > >>>>>>>>>>>>>>>>>> incorrect: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#application/x-www- > >>>>>>>>>>>>>>>>>> form-urlencoded> > >>>>>>>>>>>>>>>>>> for Section 5 > >>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded-parsing> > >>>>>>>>>>>>>>>>>> for Section 5.1 > >>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded- > >>>>>>>>>>>>>>>>>> serializing> > >>>>>>>>>>>>>>>>>> for Section 5.2 --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> These all seem to be correct. I made no changes in > >>>>>>>>>>>>>>>>> the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 5) <!-- [rfced] For alignment with the IANA > >>>>>>>>>>>>>>>>>> registry, would it be appropriate to change > >>>>>>>>>>>>>>>>>> "Specification document(s)" to "Reference(s)" in the > >>>>>>>>>>>>>>>>>> descriptions and the column headers throughout > >>>>>>>>>>>>>>>>>> Section 6? > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Example from Section 6.2.1: > >>>>>>>>>>>>>>>>>> Specification document(s): > >>>>>>>>>>>>>>>>>> Reference to the document(s) that specify the > >>>>>>>>>>>>>>>>>> algorithm, > >>>>>>>>>>>>>>>>>> preferably including a URI that can be used to > >>>>>>>>>>>>>>>>>> retrieve a copy of > >>>>>>>>>>>>>>>>>> the document(s). An indication of the relevant > >>>>>>>>>>>>>>>>>> sections may also > >>>>>>>>>>>>>>>>>> be included but is not required. > >>>>>>>>>>>>>>>>>> --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I’m OK with this change. I have changed the attached > >>>>>>>>>>>>>>>>> file to use "Reference" (with no (s) attached) for > >>>>>>>>>>>>>>>>> both the description and column name to match the > >>>>>>>>>>>>>>>>> created IANA registry. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 6) <!-- [rfced] The description for ed25519 is > >>>>>>>>>>>>>>>>>> slightly different than the other entries. Is this > >>>>>>>>>>>>>>>>>> intentional, or perhaps the description could be > >>>>>>>>>>>>>>>>>> updated as follows: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original: > >>>>>>>>>>>>>>>>>> Edwards Curve DSA using curve edwards25519 > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Perhaps: > >>>>>>>>>>>>>>>>>> ECDSA using curve edwards25519 > >>>>>>>>>>>>>>>>>> --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> The existing text is correct as per rfc8032, no > >>>>>>>>>>>>>>>>> changes should be made. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 7) <!-- [rfced] We were unable to verify this > >>>>>>>>>>>>>>>>>> statement. Please confirm that the reference is > >>>>>>>>>>>>>>>>>> correct. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original: > >>>>>>>>>>>>>>>>>> As discussed in [DIGEST], the value of the Content- > >>>>>>>>>>>>>>>>>> Digest field is > >>>>>>>>>>>>>>>>>> dependent on the content encoding of the message. > >>>>>>>>>>>>>>>>>> --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Yes, this is discussed at length in sections 2 and 3 > >>>>>>>>>>>>>>>>> of DIGEST. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> An aside from the authors - we will need to update > >>>>>>>>>>>>>>>>> this reference to the digest RFC number, right? > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 8) <!-- [rfced] Section 7.3.3: As it appears that > >>>>>>>>>>>>>>>>>> "its" actually refers > >>>>>>>>>>>>>>>>>> to the symmetric cryptographic methods, we changed > >>>>>>>>>>>>>>>>>> "its" to "their". > >>>>>>>>>>>>>>>>>> If this is incorrect, please clarify what "its" > >>>>>>>>>>>>>>>>>> refers to. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original (the previous sentence is included for > >>>>>>>>>>>>>>>>>> context): > >>>>>>>>>>>>>>>>>> The HTTP Message Signatures specification allows for > >>>>>>>>>>>>>>>>>> both asymmetric > >>>>>>>>>>>>>>>>>> and symmetric cryptography to be applied to HTTP > >>>>>>>>>>>>>>>>>> messages. By its > >>>>>>>>>>>>>>>>>> nature, symmetric cryptographic methods require the > >>>>>>>>>>>>>>>>>> same key material > >>>>>>>>>>>>>>>>>> to be known by both the signer and verifier. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Currently: > >>>>>>>>>>>>>>>>>> By their > >>>>>>>>>>>>>>>>>> nature, symmetric cryptographic methods require the > >>>>>>>>>>>>>>>>>> same key material > >>>>>>>>>>>>>>>>>> to be known by both the signer and verifier. --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Yes, this change is OK. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 9) <!-- [rfced] For clarity, may we update "other > >>>>>>>>>>>>>>>>>> historical drafts" to "other Internet-Drafts"? Is > >>>>>>>>>>>>>>>>>> mention of "historical" important? > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original: > >>>>>>>>>>>>>>>>>> It is recommended > >>>>>>>>>>>>>>>>>> that developers wishing to support both this > >>>>>>>>>>>>>>>>>> specification and other > >>>>>>>>>>>>>>>>>> historical drafts do so carefully and deliberately, > >>>>>>>>>>>>>>>>>> as > >>>>>>>>>>>>>>>>>> incompatibilities between this specification and > >>>>>>>>>>>>>>>>>> various versions of > >>>>>>>>>>>>>>>>>> other drafts could lead to unexpected problems. > >>>>>>>>>>>>>>>>>> --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I think "historical" is reasonable to keep as it is. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 10) <!-- [rfced] Because this document is a Proposed > >>>>>>>>>>>>>>>>>> Standard, may we update the following text? > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original: > >>>>>>>>>>>>>>>>>> It is recommended that implementers first detect and > >>>>>>>>>>>>>>>>>> validate the > >>>>>>>>>>>>>>>>>> Signature-Input field defined in this specification > >>>>>>>>>>>>>>>>>> to detect that > >>>>>>>>>>>>>>>>>> this standard is in use and not an alternative. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Perhaps: > >>>>>>>>>>>>>>>>>> It is recommended that implementers first detect and > >>>>>>>>>>>>>>>>>> validate the > >>>>>>>>>>>>>>>>>> Signature-Input field defined in this specification > >>>>>>>>>>>>>>>>>> to detect that > >>>>>>>>>>>>>>>>>> the mechanism described in this document is in use > >>>>>>>>>>>>>>>>>> and not an > >>>>>>>>>>>>>>>>>> alternative. > >>>>>>>>>>>>>>>>>> --> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Yes, this change is fine. I have updated the text as > >>>>>>>>>>>>>>>>> proposed. The sentence also ends with "this > >>>>>>>>>>>>>>>>> specification", is this OK to keep? > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 11) <!-- [rfced] Please review the "Inclusive > >>>>>>>>>>>>>>>>>> Language" portion of the > >>>>>>>>>>>>>>>>>> online Style Guide at > >>>>>>>>>>>>>>>>>> <https://www.rfc- > >>>>>>>>>>>>>>>>>> editor.org/styleguide/part2/#inclusive_language>, > >>>>>>>>>>>>>>>>>> and let us know if any changes are needed. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> For example, please consider whether the following > >>>>>>>>>>>>>>>>>> should be updated: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> whitespace --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This is the specific term used in [HTTP] so I believe > >>>>>>>>>>>>>>>>> we shouldn’t vary from it. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 12) <!-- [rfced] Please let us know if any changes > >>>>>>>>>>>>>>>>>> are needed for the > >>>>>>>>>>>>>>>>>> following: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> a) The following terms were used inconsistently in > >>>>>>>>>>>>>>>>>> this document. > >>>>>>>>>>>>>>>>>> We chose to use the latter forms. Please let us > >>>>>>>>>>>>>>>>>> know any objections. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> "@authority" derived component (last paragraph of > >>>>>>>>>>>>>>>>>> Section 7.2.4) / > >>>>>>>>>>>>>>>>>> @authority derived component (per unquoted names of > >>>>>>>>>>>>>>>>>> derived > >>>>>>>>>>>>>>>>>> components in the rest of this document) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I have changed this to be wrapped in <tt> tags as in > >>>>>>>>>>>>>>>>> other places in the document, removing the quotes. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> dictionary / Dictionary (per [STRUCTURED-FIELDS]; we > >>>>>>>>>>>>>>>>>> see that > >>>>>>>>>>>>>>>>>> [STRUCTURED-FIELDS] uses the term "Dictionary".) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> dictionary structured field / Dictionary structured > >>>>>>>>>>>>>>>>>> field / > >>>>>>>>>>>>>>>>>> Dictionary Structured Field > >>>>>>>>>>>>>>>>>> (per [STRUCTURED-FIELDS]; we see that [STRUCTURED- > >>>>>>>>>>>>>>>>>> FIELDS] uses > >>>>>>>>>>>>>>>>>> the terms "Dictionary" and "Structured Field".) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Note: We also changed instances of "structured > >>>>>>>>>>>>>>>>>> field" where used > >>>>>>>>>>>>>>>>>> more generally to "Structured Field", also per usage > >>>>>>>>>>>>>>>>>> in > >>>>>>>>>>>>>>>>>> [STRUCTURED-FIELDS]. Please let us know any > >>>>>>>>>>>>>>>>>> concerns. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> ed25519 algorithm / Ed25519 algorithm (per RFC 8032) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> encoded in big-endian unsigned integers / > >>>>>>>>>>>>>>>>>> encoded as big-endian unsigned integers > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Host field (1 instance) / Host header field > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. I believe I found a few other > >>>>>>>>>>>>>>>>> places that were not using "field" and have updated > >>>>>>>>>>>>>>>>> them in the attached text. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> host name (2 instances in original) / > >>>>>>>>>>>>>>>>>> hostname (5 instances in original) > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> HTTP Signature Algorithm(s) (used generally in > >>>>>>>>>>>>>>>>>> Sections 6.2 > >>>>>>>>>>>>>>>>>> and 6.2.1) / HTTP signature algorithm(s) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> key id (Section 4.3) / keyid > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I changed this to "key" to be consistent with other > >>>>>>>>>>>>>>>>> uses of identifying keys directly in examples. > >>>>>>>>>>>>>>>>> "keyid" on its own is used as "<tt>keyid</tt> > >>>>>>>>>>>>>>>>> parameter" or similar, and "key identifier" is used > >>>>>>>>>>>>>>>>> when speaking of the term generically. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> line-folding / line folding (per RFC 9112) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> RSA PSS / RSA-PSS (per post-6000 published RFCs, > >>>>>>>>>>>>>>>>>> including > >>>>>>>>>>>>>>>>>> RFC 8017) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> signature field / Signature field > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Unix timestamp / UNIX timestamp > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> b) The following terms appear to be used > >>>>>>>>>>>>>>>>>> inconsistently in this > >>>>>>>>>>>>>>>>>> document. Please let us know which form is > >>>>>>>>>>>>>>>>>> preferred. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Accept header (noun) (4 instances) / > >>>>>>>>>>>>>>>>>> Accept-Header (adj.) ("Accept-Header signature") (1 > >>>>>>>>>>>>>>>>>> instance) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This should be "Accept header field", I have changed > >>>>>>>>>>>>>>>>> this in the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> boolean / Boolean > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> "host" header field ('"host" header field is > >>>>>>>>>>>>>>>>>> specific to HTTP/1.1') / > >>>>>>>>>>>>>>>>>> Host header ('the Host header field in HTTP/1.1') > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This should be Host header field, I have changed this > >>>>>>>>>>>>>>>>> in the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, > >>>>>>>>>>>>>>>>>> e.g., > >>>>>>>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message > >>>>>>>>>>>>>>>>>> can contain", > >>>>>>>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", > >>>>>>>>>>>>>>>>>> "from the HTTP > >>>>>>>>>>>>>>>>>> Message", "from the HTTP message") > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message > >>>>>>>>>>>>>>>>>> signature(s) / > >>>>>>>>>>>>>>>>>> HTTP Message signature (in running text) > >>>>>>>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", > >>>>>>>>>>>>>>>>>> "an application > >>>>>>>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message > >>>>>>>>>>>>>>>>>> Signature" > >>>>>>>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section > >>>>>>>>>>>>>>>>>> 3.1), > >>>>>>>>>>>>>>>>>> "An HTTP Message signature MUST use") > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Referer / Referrer (Appendix B.4) > >>>>>>>>>>>>>>>>>> We see both spellings used in post-6000 published > >>>>>>>>>>>>>>>>>> RFCs. Google > >>>>>>>>>>>>>>>>>> searches for "what is a referer header?" and "what > >>>>>>>>>>>>>>>>>> is a referrer > >>>>>>>>>>>>>>>>>> header?" both seem to indicate that "Referer" is > >>>>>>>>>>>>>>>>>> technically > >>>>>>>>>>>>>>>>>> correct but that it is "a misspelling of Referrer". > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Because RFC 9110 uses "Referer", it might be best to > >>>>>>>>>>>>>>>>>> use that > >>>>>>>>>>>>>>>>>> form, but we defer to your choice. Please advise. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This should be "Referer header field", I have updated > >>>>>>>>>>>>>>>>> the text in the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> signature value(s) (37 instances in text) / > >>>>>>>>>>>>>>>>>> Signature value(s) (6 instances in text) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> The distinction is correct, but was unclear in the > >>>>>>>>>>>>>>>>> text. When used uppercase as "Signature value" it is > >>>>>>>>>>>>>>>>> referring specifically to the Signature field value, > >>>>>>>>>>>>>>>>> so I have changed those instances to "Signature field > >>>>>>>>>>>>>>>>> value" to be precise. I’ve made the same change to > >>>>>>>>>>>>>>>>> Signature-Input field value here. The lowercase > >>>>>>>>>>>>>>>>> instances all refer to the value of the HTTP message > >>>>>>>>>>>>>>>>> signature itself, not specifically the field. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> status code derived component / @status code / > >>>>>>>>>>>>>>>>>> @status derived component > >>>>>>>>>>>>>>>>>> (We suggest the latter, as @status is defined as > >>>>>>>>>>>>>>>>>> "The status code > >>>>>>>>>>>>>>>>>> for a response" in Section 2.2.) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This should be left as is. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> string value / String value > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This change is fine. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> The hash function (Hash) SHA-<###> / The hash SHA- > >>>>>>>>>>>>>>>>>> <###> / > >>>>>>>>>>>>>>>>>> The hash function SHA-<###> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> This should be left as -is since <tt>Hash</tt> is > >>>>>>>>>>>>>>>>> defined as an algorithm variable in the associated > >>>>>>>>>>>>>>>>> RFC8017. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> c) Spacing after colons in message examples: Should > >>>>>>>>>>>>>>>>>> there be only > >>>>>>>>>>>>>>>>>> one space after the colons for the following? > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> X-OWS-Header: Leading and trailing whitespace. > >>>>>>>>>>>>>>>>>> Cache-Control: must-revalidate > >>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) > >>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) > >>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c), d > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> For example, in post-6000 published RFCs, we see > >>>>>>>>>>>>>>>>>> entries for > >>>>>>>>>>>>>>>>>> "Cache-Control:" (e.g., RFCs 9126, 9205, and 9449) > >>>>>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>>>>> "Example-Dict:" (RFC 8941) with only one space > >>>>>>>>>>>>>>>>>> between the colon > >>>>>>>>>>>>>>>>>> and the parameter(s) in question. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> The extra spaces here are specifically for an > >>>>>>>>>>>>>>>>> aberrant example of what to do with non-conforming > >>>>>>>>>>>>>>>>> text on the wire, and they should be left in. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> d) Should "Digest" in this sentence be "Content- > >>>>>>>>>>>>>>>>>> Digest"? We ask > >>>>>>>>>>>>>>>>>> because of "Content-Digest field defined in > >>>>>>>>>>>>>>>>>> [DIGEST]" in Section 1.4. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Original: > >>>>>>>>>>>>>>>>>> * Requiring a specific set of header fields to be > >>>>>>>>>>>>>>>>>> signed (e.g., > >>>>>>>>>>>>>>>>>> Authorization, Digest). --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Yes, this can change to "Content-Digest", I have > >>>>>>>>>>>>>>>>> updated the attached file. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Thank you. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> RFC Editor > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> On Jan 22, 2024, at 3:47 PM, rfc-editor@rfc- > >>>>>>>>>>>>>>>>>> editor.org wrote: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> *****IMPORTANT***** > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Updated 2024/01/22 > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> RFC Author(s): > >>>>>>>>>>>>>>>>>> -------------- > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Instructions for Completing AUTH48 > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Your document has now entered AUTH48. Once it has > >>>>>>>>>>>>>>>>>> been reviewed and > >>>>>>>>>>>>>>>>>> approved by you and all coauthors, it will be > >>>>>>>>>>>>>>>>>> published as an RFC. > >>>>>>>>>>>>>>>>>> If an author is no longer available, there are > >>>>>>>>>>>>>>>>>> several remedies > >>>>>>>>>>>>>>>>>> available as listed in the FAQ (https://www.rfc- > >>>>>>>>>>>>>>>>>> editor.org/faq/). > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> You and you coauthors are responsible for engaging > >>>>>>>>>>>>>>>>>> other parties > >>>>>>>>>>>>>>>>>> (e.g., Contributors or Working Group) as necessary > >>>>>>>>>>>>>>>>>> before providing > >>>>>>>>>>>>>>>>>> your approval. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Planning your review > >>>>>>>>>>>>>>>>>> --------------------- > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review the following aspects of your > >>>>>>>>>>>>>>>>>> document: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * RFC Editor questions > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review and resolve any questions raised by > >>>>>>>>>>>>>>>>>> the RFC Editor > >>>>>>>>>>>>>>>>>> that have been included in the XML file as comments > >>>>>>>>>>>>>>>>>> marked as > >>>>>>>>>>>>>>>>>> follows: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> <!-- [rfced] ... --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> These questions will also be sent in a subsequent > >>>>>>>>>>>>>>>>>> email. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Changes submitted by coauthors > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please ensure that you review any changes submitted > >>>>>>>>>>>>>>>>>> by your > >>>>>>>>>>>>>>>>>> coauthors. We assume that if you do not speak up > >>>>>>>>>>>>>>>>>> that you > >>>>>>>>>>>>>>>>>> agree to changes submitted by your coauthors. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Content > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review the full content of the document, as > >>>>>>>>>>>>>>>>>> this cannot > >>>>>>>>>>>>>>>>>> change once the RFC is published. Please pay > >>>>>>>>>>>>>>>>>> particular attention to: > >>>>>>>>>>>>>>>>>> - IANA considerations updates (if applicable) > >>>>>>>>>>>>>>>>>> - contact information > >>>>>>>>>>>>>>>>>> - references > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Copyright notices and legends > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review the copyright notice and legends as > >>>>>>>>>>>>>>>>>> defined in > >>>>>>>>>>>>>>>>>> RFC 5378 and the Trust Legal Provisions > >>>>>>>>>>>>>>>>>> (TLP – https://trustee.ietf.org/license-info/). > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Semantic markup > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review the markup in the XML file to ensure > >>>>>>>>>>>>>>>>>> that elements of > >>>>>>>>>>>>>>>>>> content are correctly tagged. For example, ensure > >>>>>>>>>>>>>>>>>> that <sourcecode> > >>>>>>>>>>>>>>>>>> and <artwork> are set correctly. See details at > >>>>>>>>>>>>>>>>>> <https://authors.ietf.org/rfcxml-vocabulary>. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Formatted output > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please review the PDF, HTML, and TXT files to ensure > >>>>>>>>>>>>>>>>>> that the > >>>>>>>>>>>>>>>>>> formatted output, as generated from the markup in > >>>>>>>>>>>>>>>>>> the XML file, is > >>>>>>>>>>>>>>>>>> reasonable. Please note that the TXT will have > >>>>>>>>>>>>>>>>>> formatting > >>>>>>>>>>>>>>>>>> limitations compared to the PDF and HTML. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Submitting changes > >>>>>>>>>>>>>>>>>> ------------------ > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> To submit changes, please reply to this email using > >>>>>>>>>>>>>>>>>> ‘REPLY ALL’ as all > >>>>>>>>>>>>>>>>>> the parties CCed on this message need to see your > >>>>>>>>>>>>>>>>>> changes. The parties > >>>>>>>>>>>>>>>>>> include: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * your coauthors > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * rfc-editor@rfc-editor.org (the RPC team) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * other document participants, depending on the > >>>>>>>>>>>>>>>>>> stream (e.g., > >>>>>>>>>>>>>>>>>> IETF Stream participants are your working group > >>>>>>>>>>>>>>>>>> chairs, the > >>>>>>>>>>>>>>>>>> responsible ADs, and the document shepherd). > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * auth48archive@rfc-editor.org, which is a new > >>>>>>>>>>>>>>>>>> archival mailing list > >>>>>>>>>>>>>>>>>> to preserve AUTH48 conversations; it is not an > >>>>>>>>>>>>>>>>>> active discussion > >>>>>>>>>>>>>>>>>> list: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * More info: > >>>>>>>>>>>>>>>>>> https://mailarchive.ietf.org/arch/msg/ietf- > >>>>>>>>>>>>>>>>>> announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * The archive itself: > >>>>>>>>>>>>>>>>>> https://mailarchive.ietf.org/arch/browse/auth48archive/ > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> * Note: If only absolutely necessary, you may > >>>>>>>>>>>>>>>>>> temporarily opt out > >>>>>>>>>>>>>>>>>> of the archiving of messages (e.g., to discuss a > >>>>>>>>>>>>>>>>>> sensitive matter). > >>>>>>>>>>>>>>>>>> If needed, please add a note at the top of the > >>>>>>>>>>>>>>>>>> message that you > >>>>>>>>>>>>>>>>>> have dropped the address. When the discussion is > >>>>>>>>>>>>>>>>>> concluded, > >>>>>>>>>>>>>>>>>> auth48archive@rfc-editor.org will be re-added to the > >>>>>>>>>>>>>>>>>> CC list and > >>>>>>>>>>>>>>>>>> its addition will be noted at the top of the > >>>>>>>>>>>>>>>>>> message. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> You may submit your changes in one of two ways: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> An update to the provided XML file > >>>>>>>>>>>>>>>>>> — OR — > >>>>>>>>>>>>>>>>>> An explicit list of changes in this format > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Section # (or indicate Global) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> OLD: > >>>>>>>>>>>>>>>>>> old text > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> NEW: > >>>>>>>>>>>>>>>>>> new text > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> You do not need to reply with both an updated XML > >>>>>>>>>>>>>>>>>> file and an explicit > >>>>>>>>>>>>>>>>>> list of changes, as either form is sufficient. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> We will ask a stream manager to review and approve > >>>>>>>>>>>>>>>>>> any changes that seem > >>>>>>>>>>>>>>>>>> beyond editorial in nature, e.g., addition of new > >>>>>>>>>>>>>>>>>> text, deletion of text, > >>>>>>>>>>>>>>>>>> and technical changes. Information about stream > >>>>>>>>>>>>>>>>>> managers can be found in > >>>>>>>>>>>>>>>>>> the FAQ. Editorial changes do not require approval > >>>>>>>>>>>>>>>>>> from a stream manager. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Approving for publication > >>>>>>>>>>>>>>>>>> -------------------------- > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> To approve your RFC for publication, please reply to > >>>>>>>>>>>>>>>>>> this email stating > >>>>>>>>>>>>>>>>>> that you approve this RFC for publication. Please > >>>>>>>>>>>>>>>>>> use ‘REPLY ALL’, > >>>>>>>>>>>>>>>>>> as all the parties CCed on this message need to see > >>>>>>>>>>>>>>>>>> your approval. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Files > >>>>>>>>>>>>>>>>>> ----- > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> The files are available here: > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Diff file of the text: > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>>>> rfcdiff.html (side by side) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Diff of the XML: > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- > >>>>>>>>>>>>>>>>>> xmldiff1.html > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> The following files are provided to facilitate > >>>>>>>>>>>>>>>>>> creation of your own > >>>>>>>>>>>>>>>>>> diff files of the XML. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Initial XMLv3 created using XMLv2 as input: > >>>>>>>>>>>>>>>>>> https://www.rfc- > >>>>>>>>>>>>>>>>>> editor.org/authors/rfc9421.original.v2v3.xml > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> XMLv3 file that is a best effort to capture v3- > >>>>>>>>>>>>>>>>>> related format updates > >>>>>>>>>>>>>>>>>> only: > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.form.xml > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Tracking progress > >>>>>>>>>>>>>>>>>> ----------------- > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> The details of the AUTH48 status of your document > >>>>>>>>>>>>>>>>>> are here: > >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please let us know if you have any questions. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Thank you for your cooperation, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> RFC Editor > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> -------------------------------------- > >>>>>>>>>>>>>>>>>> RFC9421 (draft-ietf-httpbis-message-signatures-19) > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Title : HTTP Message Signatures > >>>>>>>>>>>>>>>>>> Author(s) : A. Backman, Ed., J. Richer, Ed., > >>>>>>>>>>>>>>>>>> M. Sporny > >>>>>>>>>>>>>>>>>> WG Chair(s) : Mark Nottingham, Tommy Pauly > >>>>>>>>>>>>>>>>>> Area Director(s) : Murray Kucherawy, Francesca > >>>>>>>>>>>>>>>>>> Palombini > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> <rfc9421-jricher.xml><rfc9421-jricher.diff> > >>>>>>>>>>>> > >>>>>>>>>>>> <rfc9421-jricher2.xml> > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >> > >
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… rfc-editor
- [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-httpb… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Sandy Ginoza
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <dra… Paul Wouters
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Justin Richer
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Manu Sporny
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- [auth48] [IANA] AUTH48: RFC-to-be 9421 <draft-iet… Lynne Bartholomew
- [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be… David Dong via RT
- Re: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-t… Lynne Bartholomew