Re: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
Lynne Bartholomew <lbartholomew@amsl.com> Mon, 12 February 2024 19:06 UTC
Return-Path: <lbartholomew@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC560C14F5E8; Mon, 12 Feb 2024 11:06:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3MR62yi7FXm; Mon, 12 Feb 2024 11:06:15 -0800 (PST)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D852C14F5EC; Mon, 12 Feb 2024 11:06:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id C78BD424CD01; Mon, 12 Feb 2024 11:06:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpHNq3dcL3Fk; Mon, 12 Feb 2024 11:06:14 -0800 (PST)
Received: from smtpclient.apple (unknown [IPv6:2601:646:8001:2fa0:f47e:55ce:458d:129b]) by c8a.amsl.com (Postfix) with ESMTPSA id 81A4D424B427; Mon, 12 Feb 2024 11:06:14 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\))
From: Lynne Bartholomew <lbartholomew@amsl.com>
In-Reply-To: <rt-5.0.3-1268122-1707763961-1915.1358618-37-0@icann.org>
Date: Mon, 12 Feb 2024 11:06:04 -0800
Cc: Tommy Pauly <tpauly@apple.com>, richanna@amazon.com, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, paul.wouters@aiven.io, msporny@digitalbazaar.com, jricher@mit.edu, iana@iana.org, httpbis-chairs@ietf.org, httpbis-ads@ietf.org, auth48archive@rfc-editor.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <76E47DC6-9878-4483-9D8A-7C2C8523BAF1@amsl.com>
References: <RT-Ticket-1358618@icann.org> <20240122235424.DA8495668A@rfcpa.amsl.com> <28B3E1C1-7695-4B4A-8640-E6B7A48F4D7B@mit.edu> <545597A1-9F15-43F8-A702-E1DB3A20E2F4@amsl.com> <3E666F1B-5F26-4FD3-9D2F-BDF0452BF40D@mit.edu> <E82CBD46-2EEC-4A8E-BF0B-97075344A077@amsl.com> <DEDC6CFC-823E-4495-BD6B-82BFB0317C9C@amsl.com> <3BBA66BB-D6F8-4FA3-8093-C7983D2FA446@mit.edu> <0E1DB15F-4FE6-435C-A682-A281F5FDDA23@amsl.com> <CC9AE0B9-03A8-479A-9235-88C1EBF5F67B@amsl.com> <rt-5.0.3-1268122-1707763961-1915.1358618-37-0@icann.org>
To: iana-matrix@iana.org
X-Mailer: Apple Mail (2.3731.200.110.1.12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/M_KHRoJuHXwTkyvwM9f4icRyfFc>
Subject: Re: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 19:06:19 -0000
Hi, David. Looks great; thank you! RFC Editor/lb > On Feb 12, 2024, at 10:52 AM, David Dong via RT <iana-matrix@iana.org> wrote: > > Hi Lynne, > > These changes are complete; please see: > > https://www.iana.org/assignments/http-message-signature/ > > Thank you. > > Best regards, > > David Dong > IANA Services Sr. Specialist > > On Fri Feb 09 21:15:50 2024, lbartholomew@amsl.com wrote: >> Dear IANA, >> >> We are preparing this document for publication. Per author-approved >> updates to this document, please make the following updates on >> <https://www.iana.org/assignments/http-message-signature/>: >> >> In the "HTTP Signature Algorithms" registry: >> >> OLD: >> ed25519 Edwards Curve DSA using curve edwards25519 Active >> [RFC-ietf-httpbis-message-signatures-19, Section 3.3.6] >> >> NEW: >> ed25519 EdDSA using curve edwards25519 Active [RFC-ietf- >> httpbis-message-signatures-19, Section 3.3.6] >> >> = = = = = >> >> In the "HTTP Signature Component Parameters" registry: >> >> OLD: >> sf Strict structured field serialization [RFC-ietf-httpbis- >> message-signatures-19, Section 2.1.1] >> key Single key value of dictionary structured fields [RFC-ietf- >> httpbis-message-signatures-19, Section 2.1.2] >> >> NEW: >> sf Strict Structured Field serialization [RFC-ietf-httpbis- >> message-signatures-19, Section 2.1.1] >> key Single key value of Dictionary Structured Fields [RFC-ietf- >> httpbis-message-signatures-19, Section 2.1.2] >> >> >> Thank you! >> >> RFC Editor/lb >> >>> On Feb 9, 2024, at 1:00 PM, Lynne Bartholomew <lbartholomew@amsl.com> >>> wrote: >>> >>> Hi again, Justin and Manu. >>> >>> Thank you very much for your quick replies! We have updated this >>> document accordingly and will email IANA with the requested updates >>> shortly. >>> >>> In the meantime, the latest files are here. Please refresh your >>> browser: >>> >>> https://www.rfc-editor.org/authors/rfc9421.txt >>> https://www.rfc-editor.org/authors/rfc9421.pdf >>> https://www.rfc-editor.org/authors/rfc9421.html >>> https://www.rfc-editor.org/authors/rfc9421.xml >>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html >>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html >>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html >>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html >>> >>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html >>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html >>> >>> (FYI that per the fix for trouble ticket #1097 >>> (https://github.com/ietf-tools/xml2rfc/issues/1097), the listing for >>> [BCP195] in the References section has been updated as well.) >>> >>> Thanks again! >>> >>> RFC Editor/lb >>> >>> >>>> On Feb 9, 2024, at 12:39 PM, Manu Sporny <msporny@digitalbazaar.com> >>>> wrote: >>>> >>>> On Fri, Feb 9, 2024 at 3:29 PM Justin Richer <jricher@mit.edu> >>>> wrote: >>>>> Yes, that change is fine — I checked the defining RFC and it uses >>>>> "EdDSA" regularly, so we can go with "EdDSA using curve >>>>> edwards25519" as the value here. >>>> >>>> Agreed. >>>> >>>> -- manu >>>> >>>> -- >>>> Manu Sporny - https://www.linkedin.com/in/manusporny/ >>>> Founder/CEO - Digital Bazaar, Inc. >>>> https://www.digitalbazaar.com/ >>> >>>> On Feb 9, 2024, at 12:28 PM, Justin Richer <jricher@mit.edu> wrote: >>>> >>>> Hi Lynne, >>>> >>>> Yes, that change is fine — I checked the defining RFC and it uses >>>> "EdDSA" regularly, so we can go with "EdDSA using curve >>>> edwards25519" as the value here. >>>> >>>> Thank you! >>>> >>>> — Justin >>>> >>>>> On Feb 9, 2024, at 3:19 PM, Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> >>>>> Hi, Justin and Manu. >>>>> >>>>> We are preparing this document for publication along with RFC-to-be >>>>> 9530. >>>>> >>>>> Apologies for not spotting this earlier: >>>>> >>>>> The last entry in the "HTTP Signature Algorithms" registry on >>>>> <https://www.iana.org/assignments/http-message-signature/> and the >>>>> last entry in Table 2 do not follow the format/pattern used for the >>>>> other entries. Would you like "Edwards Curve DSA using curve >>>>> edwards25519" in Table 2 and on the IANA page to be "EdDSA using >>>>> curve edwards25519"? We ask because the other entries appear to >>>>> follow the form of the corresponding section titles. >>>>> >>>>> We have a couple other updates that we need to ask IANA to make >>>>> before we publish this document, so if you agree to the update >>>>> listed above, we will add it to the list of update requests for >>>>> IANA. >>>>> >>>>> Thank you! >>>>> >>>>> RFC Editor/lb >>>>> >>>>> >>>>>> On Feb 6, 2024, at 4:11 PM, Lynne Bartholomew >>>>>> <lbartholomew@amsl.com> wrote: >>>>>> >>>>>> Hi, Paul. >>>>>> >>>>>> Thank you for approving on Annabelle's behalf. We have noted >>>>>> approvals for publication for both of you: >>>>>> >>>>>> https://www.rfc-editor.org/auth48/rfc9421 >>>>>> >>>>>> This document will be published when RFC-to-be 9530 is published. >>>>>> >>>>>> Thank you! >>>>>> >>>>>> RFC Editor/lb >>>>>> >>>>>>> On Feb 6, 2024, at 10:48 AM, Paul Wouters <paul.wouters@aiven.io> >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> On Tue, Feb 6, 2024 at 1:16 PM Lynne Bartholomew >>>>>>> <lbartholomew@amsl.com> wrote: >>>>>>> Hi, Paul. >>>>>>> >>>>>>> Per the emails below, would you please approve this document for >>>>>>> publication on behalf of Annabelle? >>>>>>> >>>>>>> I was checking to see when we last heard from her, which seems to >>>>>>> be October 2023. Since that's been >>>>>>> a while, I approve publication on her behalf. >>>>>>> >>>>>>> Paul >>>>>>> >>>>>>> Please see <https://www.rfc-editor.org/auth48/rfc9421> for the >>>>>>> AUTH48 timeline for this document. >>>>>>> >>>>>>> The latest files are posted here. Please refresh your browser: >>>>>>> >>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt >>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf >>>>>>> https://www.rfc-editor.org/authors/rfc9421.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml >>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html >>>>>>> >>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html >>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> RFC Editor/lb >>>>>>> >>>>>>>> On Feb 6, 2024, at 10:09 AM, Lynne Bartholomew >>>>>>>> <lbartholomew@amsl.com> wrote: >>>>>>>> >>>>>>>> Hi, Justin and Manu. >>>>>>>> >>>>>>>> Thank you for the quick replies. We will email the AD to >>>>>>>> request AD approval on behalf of Annabelle. >>>>>>>> >>>>>>>> RFC Editor/lb >>>>>>>> >>>>>>>>> On Feb 6, 2024, at 10:01 AM, Manu Sporny >>>>>>>>> <msporny@digitalbazaar.com> wrote: >>>>>>>>> >>>>>>>>> On Tue, Feb 6, 2024 at 12:54 PM Justin Richer <jricher@mit.edu> >>>>>>>>> wrote: >>>>>>>>>> I strongly prefer option 3. >>>>>>>>> >>>>>>>>> Agreed. >>>>>>>>> >>>>>>>>> -- manu >>>>>>>> >>>>>>>>> On Feb 6, 2024, at 9:54 AM, Justin Richer <jricher@mit.edu> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> I strongly prefer option 3. >>>>>>>>> >>>>>>>>> Thank you, >>>>>>>>> -Justin >>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> >>>>>>>>> Sent: Tuesday, February 6, 2024 11:26 AM >>>>>>>>> To: Justin Richer <jricher@mit.edu> >>>>>>>>> Cc: Sandy Ginoza <sginoza@amsl.com>; richanna@amazon.com >>>>>>>>> <richanna@amazon.com>; Manu Sporny <msporny@digitalbazaar.com>; >>>>>>>>> rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>; httpbis- >>>>>>>>> ads@ietf.org <httpbis-ads@ietf.org>; httpbis-chairs@ietf.org >>>>>>>>> <httpbis-chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul >>>>>>>>> Wouters <paul.wouters@aiven.io>; auth48archive@rfc-editor.org >>>>>>>>> <auth48archive@rfc-editor.org> >>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- >>>>>>>>> message-signatures-19> for your review Hi, Justin. We have >>>>>>>>> three options, as listed on <https://www.rfc- >>>>>>>>> editor.org/faq/#missingauthor>. >>>>>>>>> >>>>>>>>> It sounds like Option 3 might be best in this case, but please >>>>>>>>> let us know your preference regarding next steps. >>>>>>>>> >>>>>>>>> Thank you. >>>>>>>>> >>>>>>>>> RFC Editor/lb >>>>>>>>> >>>>>>>>>> On Feb 5, 2024, at 3:11 PM, Justin Richer <jricher@mit.edu> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi Sandy et al, >>>>>>>>>> >>>>>>>>>> In addition to these emails, I have reached out to Annabelle >>>>>>>>>> on personal channels and have not heard back from her there >>>>>>>>>> either in quite some time. I am not sure what her situation is >>>>>>>>>> right now, but I am not sure we can anticipate her responding >>>>>>>>>> soon. I hate to be in the position to ask this, but is there a >>>>>>>>>> process for moving forward if we don't hear a response from >>>>>>>>>> her? >>>>>>>>>> >>>>>>>>>> - Justin >>>>>>>>>> From: Sandy Ginoza <sginoza@amsl.com> >>>>>>>>>> Sent: Wednesday, January 31, 2024 11:29 AM >>>>>>>>>> To: richanna@amazon.com <richanna@amazon.com>; Justin Richer >>>>>>>>>> <jricher@mit.edu> >>>>>>>>>> Cc: Lynne Bartholomew <lbartholomew@amsl.com>; Manu Sporny >>>>>>>>>> <msporny@digitalbazaar.com>; RFC Editor <rfc-editor@rfc- >>>>>>>>>> editor.org>; httpbis-ads@ietf.org <httpbis-ads@ietf.org>; >>>>>>>>>> httpbis-chairs@ietf.org <httpbis-chairs@ietf.org>; Tommy Pauly >>>>>>>>>> <tpauly@apple.com>; Paul Wouters <paul.wouters@aiven.io>; >>>>>>>>>> auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> >>>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- >>>>>>>>>> message-signatures-19> for your review Hi Annabelle, >>>>>>>>>> >>>>>>>>>> We do not believe we have heard from you regarding this >>>>>>>>>> document’s readiness for publication. Please review the files >>>>>>>>>> and let us know if any updates are needed or if you approve >>>>>>>>>> the RFC for publication. >>>>>>>>>> >>>>>>>>>> Thank you, >>>>>>>>>> RFC Editor/sg >>>>>>>>>> >>>>>>>>>>> On Jan 29, 2024, at 7:54 PM, Justin Richer <jricher@mit.edu> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Thank you! >>>>>>>>>>> >>>>>>>>>>> - Justin >>>>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> >>>>>>>>>>> Sent: Monday, January 29, 2024 7:15 PM >>>>>>>>>>> To: Justin Richer <jricher@mit.edu> >>>>>>>>>>> Cc: Manu Sporny <msporny@digitalbazaar.com>; rfc-editor@rfc- >>>>>>>>>>> editor.org <rfc-editor@rfc-editor.org>; Annabelle Backman >>>>>>>>>>> <richanna@amazon.com>; httpbis-ads@ietf.org <httpbis- >>>>>>>>>>> ads@ietf.org>; httpbis-chairs@ietf.org <httpbis- >>>>>>>>>>> chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul >>>>>>>>>>> Wouters <paul.wouters@aiven.io>; auth48archive@rfc-editor.org >>>>>>>>>>> <auth48archive@rfc-editor.org> >>>>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis- >>>>>>>>>>> message-signatures-19> for your review >>>>>>>>>>> >>>>>>>>>>> Hi, Justin. >>>>>>>>>>> >>>>>>>>>>> We've made the additional updates in Sections 7.1.1 and 7.2.5 >>>>>>>>>>> per your notes below. The latest files are here: >>>>>>>>>>> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html >>>>>>>>>>> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html >>>>>>>>>>> >>>>>>>>>>> We have noted your approval on the AUTH48 status page: >>>>>>>>>>> >>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 >>>>>>>>>>> >>>>>>>>>>> Again, many thanks for your help with this document! >>>>>>>>>>> >>>>>>>>>>> RFC Editor/lb >>>>>>>>>>> >>>>>>>>>>>> On Jan 29, 2024, at 12:35 PM, Justin Richer >>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>> >>>>>>>>>>>> I think it’s fine to lowercase those items. I may have been >>>>>>>>>>>> going a little overboard on Assuming Terms Are Proper Nouns >>>>>>>>>>>> there. :) >>>>>>>>>>>> >>>>>>>>>>>> Two small changes we need to make: >>>>>>>>>>>> >>>>>>>>>>>> - In section 7.1.1, "HTTP message without the Signature >>>>>>>>>>>> fields" should be "HTTP message without the Signature or >>>>>>>>>>>> Signature-Input fields". >>>>>>>>>>>> - In section 7.2.5, "HTTP message signature field values are >>>>>>>>>>>> identified" should be reverted to "HTTP message signature >>>>>>>>>>>> values are identified", as I think I was over-zealous at >>>>>>>>>>>> adding "field" here. >>>>>>>>>>>> >>>>>>>>>>>> With those in place, I approve this version. Thank you so >>>>>>>>>>>> much! >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> — Justin >>>>>>>>>>>> >>>>>>>>>>>>> On Jan 29, 2024, at 2:09 PM, Lynne Bartholomew >>>>>>>>>>>>> <lbartholomew@amsl.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, Justin. >>>>>>>>>>>>> >>>>>>>>>>>>> Thank you for the latest XML file! We made further updates >>>>>>>>>>>>> as noted below. >>>>>>>>>>>>> >>>>>>>>>>>>> * Removed the [rfced] questions again >>>>>>>>>>>>> * Changed "boolean" to "Boolean" (per your note that we can >>>>>>>>>>>>> go with "Boolean" for all cases) >>>>>>>>>>>>> * Changed "HTTP Message" to "HTTP message where used >>>>>>>>>>>>> generally (per your note that "HTTP message" is fine and >>>>>>>>>>>>> seems to align with RFC 9110) >>>>>>>>>>>>> * Changed "HTTP Message Signature" to "HTTP message >>>>>>>>>>>>> signature" in running text (per your note below) >>>>>>>>>>>>> * Updated our XML comment for draft-ietf-httpbis-digest- >>>>>>>>>>>>> headers again, to point out that draft-ietf-httpbis-digest- >>>>>>>>>>>>> headers is in AUTH48-DONE as of January 2024; if draft- >>>>>>>>>>>>> ietf-httpbis-digest-headers is published first, we will >>>>>>>>>>>>> update this document to list RFC 9530 instead >>>>>>>>>>>>> >>>>>>>>>>>>> Please note that we found five instances each of "HTTP >>>>>>>>>>>>> Message Component" and "HTTP message component" in running >>>>>>>>>>>>> text. Apologies for missing this earlier. Because we >>>>>>>>>>>>> couldn't find a precedent for this term in published RFCs >>>>>>>>>>>>> to date (nor could we find a precedent for "HTTP Message >>>>>>>>>>>>> Signature" or "HTTP message signature"), we lowercased to >>>>>>>>>>>>> "HTTP message component", "HTTP message component name", >>>>>>>>>>>>> and "HTTP message component values" in running text. >>>>>>>>>>>>> Please review, and let us know any objections. >>>>>>>>>>>>> >>>>>>>>>>>>> The latest files are posted here. Please refresh your >>>>>>>>>>>>> browser: >>>>>>>>>>>>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html >>>>>>>>>>>>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks again! >>>>>>>>>>>>> >>>>>>>>>>>>> RFC Editor/lb >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> On Jan 29, 2024, at 8:45 AM, Justin Richer >>>>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> I went through all instances of the word "string" in the >>>>>>>>>>>>>> text and I believe there were only four places that needed >>>>>>>>>>>>>> to change. The resulting file is attached here. >>>>>>>>>>>>>> >>>>>>>>>>>>>> — Justin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Jan 26, 2024, at 5:57 PM, Justin Richer >>>>>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Jan 26, 2024, at 5:45 PM, Lynne Bartholomew >>>>>>>>>>>>>>>> <lbartholomew@amsl.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi, Justin. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Apologies for not being clear. Please let us know your >>>>>>>>>>>>>>>> preference regarding how we should update the four items >>>>>>>>>>>>>>>> below. (Question 12)b) says "The following terms appear >>>>>>>>>>>>>>>> to be used inconsistently in this document. Please let >>>>>>>>>>>>>>>> us know which form is preferred.") >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Oh, my apologies, I misunderstood — answers inline below. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Regarding RFC-to-be 9530: Per our standard process, >>>>>>>>>>>>>>>> even though I updated the entry, if RFC-to-be 9530 >>>>>>>>>>>>>>>> hasn't been published before this document is ready to >>>>>>>>>>>>>>>> go, I will revert to the previous [DIGEST]/draftstring >>>>>>>>>>>>>>>> reference entry. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> OK, that’s fine. My question was that RFC-to-be 9530 has >>>>>>>>>>>>>>> an informative reference to RFC-to-be 9421 (this >>>>>>>>>>>>>>> document). Would it be possible to publish the two >>>>>>>>>>>>>>> documents together and have them cross-reference each >>>>>>>>>>>>>>> other’s RFC number, since we’re so close? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thank you! >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> RFC Editor/lb >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Jan 26, 2024, at 2:17 PM, Justin Richer >>>>>>>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thank you, yes please update each of those as you have >>>>>>>>>>>>>>>>> suggested. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I believe RFC 9530 [DIGEST] is done as well, but I >>>>>>>>>>>>>>>>> don’t see a good reason to wait until it’s published. I >>>>>>>>>>>>>>>>> think it references this specification informationally >>>>>>>>>>>>>>>>> as well — has that reference also been changed? If >>>>>>>>>>>>>>>>> they’re both close to complete then they should >>>>>>>>>>>>>>>>> probably have each others’ RFC numbers instead of ID >>>>>>>>>>>>>>>>> names in them, I think. They weren’t put in as a batch >>>>>>>>>>>>>>>>> though, and this isn’t critical as they’re >>>>>>>>>>>>>>>>> informational references. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> — Justin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Jan 26, 2024, at 5:07 PM, Lynne Bartholomew >>>>>>>>>>>>>>>>>> <lbartholomew@amsl.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, Justin and Manu. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Justin, thank you very much for the updated XML file, >>>>>>>>>>>>>>>>>> diff file, and replies to our questions! >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Follow-up items for you: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Regarding your side question for [DIGEST]: We have >>>>>>>>>>>>>>>>>> updated this entry to reflect RFC 9530 for now. Thank >>>>>>>>>>>>>>>>>> you for pointing that out. It appears that RFC 9530 >>>>>>>>>>>>>>>>>> might be published soon, but if not, would you like us >>>>>>>>>>>>>>>>>> to hold publication of this document until RFC 9530 is >>>>>>>>>>>>>>>>>> published? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Regarding our question 12)b) and your replies: We see >>>>>>>>>>>>>>>>>> that the following four items were not addressed in >>>>>>>>>>>>>>>>>> the updated XML file. Would you like us to make >>>>>>>>>>>>>>>>>> updates to some or all of these? If yes, please >>>>>>>>>>>>>>>>>> specify which items: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> boolean / Boolean >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> We can go with "Boolean" for all cases. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, >>>>>>>>>>>>>>>>>>>> e.g., >>>>>>>>>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message >>>>>>>>>>>>>>>>>>>> can contain", >>>>>>>>>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", >>>>>>>>>>>>>>>>>>>> "from the HTTP >>>>>>>>>>>>>>>>>>>> Message", "from the HTTP message") >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> "HTTP message" is fine, and seems to align with RFC9110. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message >>>>>>>>>>>>>>>>>>>> signature(s) / >>>>>>>>>>>>>>>>>>>> HTTP Message signature (in running text) >>>>>>>>>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", >>>>>>>>>>>>>>>>>>>> "an application >>>>>>>>>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message >>>>>>>>>>>>>>>>>>>> Signature" >>>>>>>>>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section >>>>>>>>>>>>>>>>>>>> 3.1), >>>>>>>>>>>>>>>>>>>> "An HTTP Message signature MUST use") >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> With the above, let’s go with "HTTP message signature". >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> string value / String value >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This one is more tricky — if it’s talking about the >>>>>>>>>>>>>>> Structured Field type of String, it should be >>>>>>>>>>>>>>> capitalized. If it’s talking about a "string" in general, >>>>>>>>>>>>>>> it shouldn’t be. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> = = = = = >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The latest files are posted here: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>> rfcdiff.html >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>> auth48diff.html >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>> xmldiff1.html >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>> xmldiff2.html >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Manu, we have noted your approval on the AUTH48 status >>>>>>>>>>>>>>>>>> page: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks again! >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> RFC Editor/lb >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Jan 26, 2024, at 5:58 AM, Manu Sporny >>>>>>>>>>>>>>>>>>> <msporny@digitalbazaar.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Thu, Jan 25, 2024 at 11:48 PM Justin Richer >>>>>>>>>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>>>>>>>>>> Attached please find the XML file with some small >>>>>>>>>>>>>>>>>>>> edits applied with regard to the below, as well as a >>>>>>>>>>>>>>>>>>>> diff file from the provided XML. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This email is just noting my approval of the edits >>>>>>>>>>>>>>>>>>> (thank you, >>>>>>>>>>>>>>>>>>> Justin!) as well as the publication of the RFC. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- manu >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> Manu Sporny - https://www.linkedin.com/in/manusporny/ >>>>>>>>>>>>>>>>>>> Founder/CEO - Digital Bazaar, Inc. >>>>>>>>>>>>>>>>>>> https://www.digitalbazaar.com/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Jan 25, 2024, at 8:48 PM, Justin Richer >>>>>>>>>>>>>>>>>>> <jricher@mit.edu> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi RFC Editor! >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Attached please find the XML file with some small >>>>>>>>>>>>>>>>>>> edits applied with regard to the below, as well as a >>>>>>>>>>>>>>>>>>> diff file from the provided XML. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> There were a couple of small changes to the text that >>>>>>>>>>>>>>>>>>> I caught on this read through that I fixed in the >>>>>>>>>>>>>>>>>>> XML, not covered in the sections below: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> - Section 1.3, bullet 2, "A combination" should be >>>>>>>>>>>>>>>>>>> reverted to "Combination", as we are trying to say >>>>>>>>>>>>>>>>>>> "the act and result of combining the fields with the >>>>>>>>>>>>>>>>>>> same name" which is specifically described in HTTP >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> - Section 2.1, "content identifier" should be >>>>>>>>>>>>>>>>>>> "component identifier" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> - Section B.1.1. should be named "Example RSA Key", >>>>>>>>>>>>>>>>>>> so I’ve updated the XML as appropriate. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> - Example B.2 had an incorrect digest value, this has >>>>>>>>>>>>>>>>>>> been corrected (see https://github.com/httpwg/http- >>>>>>>>>>>>>>>>>>> extensions/pull/2669) — the calculated signature >>>>>>>>>>>>>>>>>>> example that uses this value in B.2.4 had already >>>>>>>>>>>>>>>>>>> been corrected and did not need to be changed. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’ve also replied to the questions inline. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Jan 22, 2024, at 6:54 PM, rfc-editor@rfc- >>>>>>>>>>>>>>>>>>>> editor.org wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Authors, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> While reviewing this document during AUTH48, please >>>>>>>>>>>>>>>>>>>> resolve (as necessary) >>>>>>>>>>>>>>>>>>>> the following questions, which are also in the XML >>>>>>>>>>>>>>>>>>>> file. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 1) <!-- [rfced] Note that we have removed the URI >>>>>>>>>>>>>>>>>>>> <https://manu.sporny.org/>. We checked its >>>>>>>>>>>>>>>>>>>> availability many times (including today) and were >>>>>>>>>>>>>>>>>>>> unable to connect. >>>>>>>>>>>>>>>>>>>> <uri>https://manu.sporny.org/</uri> --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> That’s fine with me. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2) <!-- [rfced] Sections 1 and subsequent: Because >>>>>>>>>>>>>>>>>>>> many changes were >>>>>>>>>>>>>>>>>>>> made to this document during the EDIT and AUTH >>>>>>>>>>>>>>>>>>>> states, please review >>>>>>>>>>>>>>>>>>>> all updates in this document carefully, and let us >>>>>>>>>>>>>>>>>>>> know if anything >>>>>>>>>>>>>>>>>>>> is incorrect. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’ve reviewed and, apart from the edits noted above, >>>>>>>>>>>>>>>>>>> this section is good. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Also, a follow-on to December 2023 email discussions >>>>>>>>>>>>>>>>>>>> regarding the >>>>>>>>>>>>>>>>>>>> use of <tt>: Please (1) review current instances of >>>>>>>>>>>>>>>>>>>> <tt> and >>>>>>>>>>>>>>>>>>>> (2) review changes from "header" to "header field" >>>>>>>>>>>>>>>>>>>> as instructed >>>>>>>>>>>>>>>>>>>> during the AUTH state (not applied to all >>>>>>>>>>>>>>>>>>>> parameters). Let us know >>>>>>>>>>>>>>>>>>>> if further updates are needed. --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’ve gone through the document and have checked >>>>>>>>>>>>>>>>>>> instances of <tt> and "header/header field" and these >>>>>>>>>>>>>>>>>>> seem to be OK with the suggested edits. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 3) <!-- [rfced] Please review the "type" attribute >>>>>>>>>>>>>>>>>>>> of each sourcecode >>>>>>>>>>>>>>>>>>>> element in the XML file to ensure correctness. If >>>>>>>>>>>>>>>>>>>> the current list >>>>>>>>>>>>>>>>>>>> of preferred values for "type" >>>>>>>>>>>>>>>>>>>> (https://www.rfc-editor.org/materials/sourcecode- >>>>>>>>>>>>>>>>>>>> types.txt) does not >>>>>>>>>>>>>>>>>>>> contain an applicable type, please let us know. >>>>>>>>>>>>>>>>>>>> Also, it is >>>>>>>>>>>>>>>>>>>> acceptable to leave the "type" attribute not set. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> In addition, review each artwork element. >>>>>>>>>>>>>>>>>>>> Specifically, should any >>>>>>>>>>>>>>>>>>>> artwork element be tagged as sourcecode? --> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’ve gone through all of these, and they look >>>>>>>>>>>>>>>>>>> correct. I made not changes in the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 4) <!-- [rfced] Sections 2.2.8 and subsequent: >>>>>>>>>>>>>>>>>>>> Please review the links >>>>>>>>>>>>>>>>>>>> that we provided when we made updates to the >>>>>>>>>>>>>>>>>>>> citations to [HTMLURL] >>>>>>>>>>>>>>>>>>>> (best viewed in the HTML and PDF output files), and >>>>>>>>>>>>>>>>>>>> let us know if >>>>>>>>>>>>>>>>>>>> there are any issues. For example, it appears to us >>>>>>>>>>>>>>>>>>>> that these links >>>>>>>>>>>>>>>>>>>> would be stable, but please let us know if this is >>>>>>>>>>>>>>>>>>>> incorrect: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#application/x-www- >>>>>>>>>>>>>>>>>>>> form-urlencoded> >>>>>>>>>>>>>>>>>>>> for Section 5 >>>>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded-parsing> >>>>>>>>>>>>>>>>>>>> for Section 5.1 >>>>>>>>>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded- >>>>>>>>>>>>>>>>>>>> serializing> >>>>>>>>>>>>>>>>>>>> for Section 5.2 --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> These all seem to be correct. I made no changes in >>>>>>>>>>>>>>>>>>> the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 5) <!-- [rfced] For alignment with the IANA >>>>>>>>>>>>>>>>>>>> registry, would it be appropriate to change >>>>>>>>>>>>>>>>>>>> "Specification document(s)" to "Reference(s)" in the >>>>>>>>>>>>>>>>>>>> descriptions and the column headers throughout >>>>>>>>>>>>>>>>>>>> Section 6? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Example from Section 6.2.1: >>>>>>>>>>>>>>>>>>>> Specification document(s): >>>>>>>>>>>>>>>>>>>> Reference to the document(s) that specify the >>>>>>>>>>>>>>>>>>>> algorithm, >>>>>>>>>>>>>>>>>>>> preferably including a URI that can be used to >>>>>>>>>>>>>>>>>>>> retrieve a copy of >>>>>>>>>>>>>>>>>>>> the document(s). An indication of the relevant >>>>>>>>>>>>>>>>>>>> sections may also >>>>>>>>>>>>>>>>>>>> be included but is not required. >>>>>>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’m OK with this change. I have changed the attached >>>>>>>>>>>>>>>>>>> file to use "Reference" (with no (s) attached) for >>>>>>>>>>>>>>>>>>> both the description and column name to match the >>>>>>>>>>>>>>>>>>> created IANA registry. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 6) <!-- [rfced] The description for ed25519 is >>>>>>>>>>>>>>>>>>>> slightly different than the other entries. Is this >>>>>>>>>>>>>>>>>>>> intentional, or perhaps the description could be >>>>>>>>>>>>>>>>>>>> updated as follows: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>>>>>>> Edwards Curve DSA using curve edwards25519 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>>>>>>>>> ECDSA using curve edwards25519 >>>>>>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The existing text is correct as per rfc8032, no >>>>>>>>>>>>>>>>>>> changes should be made. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 7) <!-- [rfced] We were unable to verify this >>>>>>>>>>>>>>>>>>>> statement. Please confirm that the reference is >>>>>>>>>>>>>>>>>>>> correct. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>>>>>>> As discussed in [DIGEST], the value of the Content- >>>>>>>>>>>>>>>>>>>> Digest field is >>>>>>>>>>>>>>>>>>>> dependent on the content encoding of the message. >>>>>>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Yes, this is discussed at length in sections 2 and 3 >>>>>>>>>>>>>>>>>>> of DIGEST. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> An aside from the authors - we will need to update >>>>>>>>>>>>>>>>>>> this reference to the digest RFC number, right? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 8) <!-- [rfced] Section 7.3.3: As it appears that >>>>>>>>>>>>>>>>>>>> "its" actually refers >>>>>>>>>>>>>>>>>>>> to the symmetric cryptographic methods, we changed >>>>>>>>>>>>>>>>>>>> "its" to "their". >>>>>>>>>>>>>>>>>>>> If this is incorrect, please clarify what "its" >>>>>>>>>>>>>>>>>>>> refers to. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original (the previous sentence is included for >>>>>>>>>>>>>>>>>>>> context): >>>>>>>>>>>>>>>>>>>> The HTTP Message Signatures specification allows for >>>>>>>>>>>>>>>>>>>> both asymmetric >>>>>>>>>>>>>>>>>>>> and symmetric cryptography to be applied to HTTP >>>>>>>>>>>>>>>>>>>> messages. By its >>>>>>>>>>>>>>>>>>>> nature, symmetric cryptographic methods require the >>>>>>>>>>>>>>>>>>>> same key material >>>>>>>>>>>>>>>>>>>> to be known by both the signer and verifier. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Currently: >>>>>>>>>>>>>>>>>>>> By their >>>>>>>>>>>>>>>>>>>> nature, symmetric cryptographic methods require the >>>>>>>>>>>>>>>>>>>> same key material >>>>>>>>>>>>>>>>>>>> to be known by both the signer and verifier. --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Yes, this change is OK. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 9) <!-- [rfced] For clarity, may we update "other >>>>>>>>>>>>>>>>>>>> historical drafts" to "other Internet-Drafts"? Is >>>>>>>>>>>>>>>>>>>> mention of "historical" important? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>>>>>>> It is recommended >>>>>>>>>>>>>>>>>>>> that developers wishing to support both this >>>>>>>>>>>>>>>>>>>> specification and other >>>>>>>>>>>>>>>>>>>> historical drafts do so carefully and deliberately, >>>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>>> incompatibilities between this specification and >>>>>>>>>>>>>>>>>>>> various versions of >>>>>>>>>>>>>>>>>>>> other drafts could lead to unexpected problems. >>>>>>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I think "historical" is reasonable to keep as it is. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 10) <!-- [rfced] Because this document is a Proposed >>>>>>>>>>>>>>>>>>>> Standard, may we update the following text? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>>>>>>> It is recommended that implementers first detect and >>>>>>>>>>>>>>>>>>>> validate the >>>>>>>>>>>>>>>>>>>> Signature-Input field defined in this specification >>>>>>>>>>>>>>>>>>>> to detect that >>>>>>>>>>>>>>>>>>>> this standard is in use and not an alternative. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>>>>>>>>> It is recommended that implementers first detect and >>>>>>>>>>>>>>>>>>>> validate the >>>>>>>>>>>>>>>>>>>> Signature-Input field defined in this specification >>>>>>>>>>>>>>>>>>>> to detect that >>>>>>>>>>>>>>>>>>>> the mechanism described in this document is in use >>>>>>>>>>>>>>>>>>>> and not an >>>>>>>>>>>>>>>>>>>> alternative. >>>>>>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Yes, this change is fine. I have updated the text as >>>>>>>>>>>>>>>>>>> proposed. The sentence also ends with "this >>>>>>>>>>>>>>>>>>> specification", is this OK to keep? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 11) <!-- [rfced] Please review the "Inclusive >>>>>>>>>>>>>>>>>>>> Language" portion of the >>>>>>>>>>>>>>>>>>>> online Style Guide at >>>>>>>>>>>>>>>>>>>> <https://www.rfc- >>>>>>>>>>>>>>>>>>>> editor.org/styleguide/part2/#inclusive_language>, >>>>>>>>>>>>>>>>>>>> and let us know if any changes are needed. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> For example, please consider whether the following >>>>>>>>>>>>>>>>>>>> should be updated: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> whitespace --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This is the specific term used in [HTTP] so I believe >>>>>>>>>>>>>>>>>>> we shouldn’t vary from it. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 12) <!-- [rfced] Please let us know if any changes >>>>>>>>>>>>>>>>>>>> are needed for the >>>>>>>>>>>>>>>>>>>> following: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> a) The following terms were used inconsistently in >>>>>>>>>>>>>>>>>>>> this document. >>>>>>>>>>>>>>>>>>>> We chose to use the latter forms. Please let us >>>>>>>>>>>>>>>>>>>> know any objections. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> "@authority" derived component (last paragraph of >>>>>>>>>>>>>>>>>>>> Section 7.2.4) / >>>>>>>>>>>>>>>>>>>> @authority derived component (per unquoted names of >>>>>>>>>>>>>>>>>>>> derived >>>>>>>>>>>>>>>>>>>> components in the rest of this document) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I have changed this to be wrapped in <tt> tags as in >>>>>>>>>>>>>>>>>>> other places in the document, removing the quotes. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> dictionary / Dictionary (per [STRUCTURED-FIELDS]; we >>>>>>>>>>>>>>>>>>>> see that >>>>>>>>>>>>>>>>>>>> [STRUCTURED-FIELDS] uses the term "Dictionary".) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> dictionary structured field / Dictionary structured >>>>>>>>>>>>>>>>>>>> field / >>>>>>>>>>>>>>>>>>>> Dictionary Structured Field >>>>>>>>>>>>>>>>>>>> (per [STRUCTURED-FIELDS]; we see that [STRUCTURED- >>>>>>>>>>>>>>>>>>>> FIELDS] uses >>>>>>>>>>>>>>>>>>>> the terms "Dictionary" and "Structured Field".) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Note: We also changed instances of "structured >>>>>>>>>>>>>>>>>>>> field" where used >>>>>>>>>>>>>>>>>>>> more generally to "Structured Field", also per usage >>>>>>>>>>>>>>>>>>>> in >>>>>>>>>>>>>>>>>>>> [STRUCTURED-FIELDS]. Please let us know any >>>>>>>>>>>>>>>>>>>> concerns. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ed25519 algorithm / Ed25519 algorithm (per RFC 8032) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> encoded in big-endian unsigned integers / >>>>>>>>>>>>>>>>>>>> encoded as big-endian unsigned integers >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Host field (1 instance) / Host header field >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. I believe I found a few other >>>>>>>>>>>>>>>>>>> places that were not using "field" and have updated >>>>>>>>>>>>>>>>>>> them in the attached text. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> host name (2 instances in original) / >>>>>>>>>>>>>>>>>>>> hostname (5 instances in original) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> HTTP Signature Algorithm(s) (used generally in >>>>>>>>>>>>>>>>>>>> Sections 6.2 >>>>>>>>>>>>>>>>>>>> and 6.2.1) / HTTP signature algorithm(s) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> key id (Section 4.3) / keyid >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I changed this to "key" to be consistent with other >>>>>>>>>>>>>>>>>>> uses of identifying keys directly in examples. >>>>>>>>>>>>>>>>>>> "keyid" on its own is used as "<tt>keyid</tt> >>>>>>>>>>>>>>>>>>> parameter" or similar, and "key identifier" is used >>>>>>>>>>>>>>>>>>> when speaking of the term generically. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> line-folding / line folding (per RFC 9112) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> RSA PSS / RSA-PSS (per post-6000 published RFCs, >>>>>>>>>>>>>>>>>>>> including >>>>>>>>>>>>>>>>>>>> RFC 8017) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> signature field / Signature field >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Unix timestamp / UNIX timestamp >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> b) The following terms appear to be used >>>>>>>>>>>>>>>>>>>> inconsistently in this >>>>>>>>>>>>>>>>>>>> document. Please let us know which form is >>>>>>>>>>>>>>>>>>>> preferred. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Accept header (noun) (4 instances) / >>>>>>>>>>>>>>>>>>>> Accept-Header (adj.) ("Accept-Header signature") (1 >>>>>>>>>>>>>>>>>>>> instance) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This should be "Accept header field", I have changed >>>>>>>>>>>>>>>>>>> this in the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> boolean / Boolean >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> "host" header field ('"host" header field is >>>>>>>>>>>>>>>>>>>> specific to HTTP/1.1') / >>>>>>>>>>>>>>>>>>>> Host header ('the Host header field in HTTP/1.1') >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This should be Host header field, I have changed this >>>>>>>>>>>>>>>>>>> in the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, >>>>>>>>>>>>>>>>>>>> e.g., >>>>>>>>>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message >>>>>>>>>>>>>>>>>>>> can contain", >>>>>>>>>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", >>>>>>>>>>>>>>>>>>>> "from the HTTP >>>>>>>>>>>>>>>>>>>> Message", "from the HTTP message") >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message >>>>>>>>>>>>>>>>>>>> signature(s) / >>>>>>>>>>>>>>>>>>>> HTTP Message signature (in running text) >>>>>>>>>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", >>>>>>>>>>>>>>>>>>>> "an application >>>>>>>>>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message >>>>>>>>>>>>>>>>>>>> Signature" >>>>>>>>>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section >>>>>>>>>>>>>>>>>>>> 3.1), >>>>>>>>>>>>>>>>>>>> "An HTTP Message signature MUST use") >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Referer / Referrer (Appendix B.4) >>>>>>>>>>>>>>>>>>>> We see both spellings used in post-6000 published >>>>>>>>>>>>>>>>>>>> RFCs. Google >>>>>>>>>>>>>>>>>>>> searches for "what is a referer header?" and "what >>>>>>>>>>>>>>>>>>>> is a referrer >>>>>>>>>>>>>>>>>>>> header?" both seem to indicate that "Referer" is >>>>>>>>>>>>>>>>>>>> technically >>>>>>>>>>>>>>>>>>>> correct but that it is "a misspelling of Referrer". >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Because RFC 9110 uses "Referer", it might be best to >>>>>>>>>>>>>>>>>>>> use that >>>>>>>>>>>>>>>>>>>> form, but we defer to your choice. Please advise. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This should be "Referer header field", I have updated >>>>>>>>>>>>>>>>>>> the text in the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> signature value(s) (37 instances in text) / >>>>>>>>>>>>>>>>>>>> Signature value(s) (6 instances in text) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The distinction is correct, but was unclear in the >>>>>>>>>>>>>>>>>>> text. When used uppercase as "Signature value" it is >>>>>>>>>>>>>>>>>>> referring specifically to the Signature field value, >>>>>>>>>>>>>>>>>>> so I have changed those instances to "Signature field >>>>>>>>>>>>>>>>>>> value" to be precise. I’ve made the same change to >>>>>>>>>>>>>>>>>>> Signature-Input field value here. The lowercase >>>>>>>>>>>>>>>>>>> instances all refer to the value of the HTTP message >>>>>>>>>>>>>>>>>>> signature itself, not specifically the field. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> status code derived component / @status code / >>>>>>>>>>>>>>>>>>>> @status derived component >>>>>>>>>>>>>>>>>>>> (We suggest the latter, as @status is defined as >>>>>>>>>>>>>>>>>>>> "The status code >>>>>>>>>>>>>>>>>>>> for a response" in Section 2.2.) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This should be left as is. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> string value / String value >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This change is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The hash function (Hash) SHA-<###> / The hash SHA- >>>>>>>>>>>>>>>>>>>> <###> / >>>>>>>>>>>>>>>>>>>> The hash function SHA-<###> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This should be left as -is since <tt>Hash</tt> is >>>>>>>>>>>>>>>>>>> defined as an algorithm variable in the associated >>>>>>>>>>>>>>>>>>> RFC8017. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> c) Spacing after colons in message examples: Should >>>>>>>>>>>>>>>>>>>> there be only >>>>>>>>>>>>>>>>>>>> one space after the colons for the following? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> X-OWS-Header: Leading and trailing whitespace. >>>>>>>>>>>>>>>>>>>> Cache-Control: must-revalidate >>>>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) >>>>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) >>>>>>>>>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c), d >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> For example, in post-6000 published RFCs, we see >>>>>>>>>>>>>>>>>>>> entries for >>>>>>>>>>>>>>>>>>>> "Cache-Control:" (e.g., RFCs 9126, 9205, and 9449) >>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>> "Example-Dict:" (RFC 8941) with only one space >>>>>>>>>>>>>>>>>>>> between the colon >>>>>>>>>>>>>>>>>>>> and the parameter(s) in question. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The extra spaces here are specifically for an >>>>>>>>>>>>>>>>>>> aberrant example of what to do with non-conforming >>>>>>>>>>>>>>>>>>> text on the wire, and they should be left in. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> d) Should "Digest" in this sentence be "Content- >>>>>>>>>>>>>>>>>>>> Digest"? We ask >>>>>>>>>>>>>>>>>>>> because of "Content-Digest field defined in >>>>>>>>>>>>>>>>>>>> [DIGEST]" in Section 1.4. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>>>>>>> * Requiring a specific set of header fields to be >>>>>>>>>>>>>>>>>>>> signed (e.g., >>>>>>>>>>>>>>>>>>>> Authorization, Digest). --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Yes, this can change to "Content-Digest", I have >>>>>>>>>>>>>>>>>>> updated the attached file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thank you. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> RFC Editor >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Jan 22, 2024, at 3:47 PM, rfc-editor@rfc- >>>>>>>>>>>>>>>>>>>> editor.org wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *****IMPORTANT***** >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Updated 2024/01/22 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> RFC Author(s): >>>>>>>>>>>>>>>>>>>> -------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Instructions for Completing AUTH48 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Your document has now entered AUTH48. Once it has >>>>>>>>>>>>>>>>>>>> been reviewed and >>>>>>>>>>>>>>>>>>>> approved by you and all coauthors, it will be >>>>>>>>>>>>>>>>>>>> published as an RFC. >>>>>>>>>>>>>>>>>>>> If an author is no longer available, there are >>>>>>>>>>>>>>>>>>>> several remedies >>>>>>>>>>>>>>>>>>>> available as listed in the FAQ (https://www.rfc- >>>>>>>>>>>>>>>>>>>> editor.org/faq/). >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> You and you coauthors are responsible for engaging >>>>>>>>>>>>>>>>>>>> other parties >>>>>>>>>>>>>>>>>>>> (e.g., Contributors or Working Group) as necessary >>>>>>>>>>>>>>>>>>>> before providing >>>>>>>>>>>>>>>>>>>> your approval. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Planning your review >>>>>>>>>>>>>>>>>>>> --------------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review the following aspects of your >>>>>>>>>>>>>>>>>>>> document: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * RFC Editor questions >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review and resolve any questions raised by >>>>>>>>>>>>>>>>>>>> the RFC Editor >>>>>>>>>>>>>>>>>>>> that have been included in the XML file as comments >>>>>>>>>>>>>>>>>>>> marked as >>>>>>>>>>>>>>>>>>>> follows: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <!-- [rfced] ... --> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> These questions will also be sent in a subsequent >>>>>>>>>>>>>>>>>>>> email. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Changes submitted by coauthors >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please ensure that you review any changes submitted >>>>>>>>>>>>>>>>>>>> by your >>>>>>>>>>>>>>>>>>>> coauthors. We assume that if you do not speak up >>>>>>>>>>>>>>>>>>>> that you >>>>>>>>>>>>>>>>>>>> agree to changes submitted by your coauthors. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Content >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review the full content of the document, as >>>>>>>>>>>>>>>>>>>> this cannot >>>>>>>>>>>>>>>>>>>> change once the RFC is published. Please pay >>>>>>>>>>>>>>>>>>>> particular attention to: >>>>>>>>>>>>>>>>>>>> - IANA considerations updates (if applicable) >>>>>>>>>>>>>>>>>>>> - contact information >>>>>>>>>>>>>>>>>>>> - references >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Copyright notices and legends >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review the copyright notice and legends as >>>>>>>>>>>>>>>>>>>> defined in >>>>>>>>>>>>>>>>>>>> RFC 5378 and the Trust Legal Provisions >>>>>>>>>>>>>>>>>>>> (TLP – https://trustee.ietf.org/license-info/). >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Semantic markup >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review the markup in the XML file to ensure >>>>>>>>>>>>>>>>>>>> that elements of >>>>>>>>>>>>>>>>>>>> content are correctly tagged. For example, ensure >>>>>>>>>>>>>>>>>>>> that <sourcecode> >>>>>>>>>>>>>>>>>>>> and <artwork> are set correctly. See details at >>>>>>>>>>>>>>>>>>>> <https://authors.ietf.org/rfcxml-vocabulary>. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Formatted output >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please review the PDF, HTML, and TXT files to ensure >>>>>>>>>>>>>>>>>>>> that the >>>>>>>>>>>>>>>>>>>> formatted output, as generated from the markup in >>>>>>>>>>>>>>>>>>>> the XML file, is >>>>>>>>>>>>>>>>>>>> reasonable. Please note that the TXT will have >>>>>>>>>>>>>>>>>>>> formatting >>>>>>>>>>>>>>>>>>>> limitations compared to the PDF and HTML. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Submitting changes >>>>>>>>>>>>>>>>>>>> ------------------ >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> To submit changes, please reply to this email using >>>>>>>>>>>>>>>>>>>> ‘REPLY ALL’ as all >>>>>>>>>>>>>>>>>>>> the parties CCed on this message need to see your >>>>>>>>>>>>>>>>>>>> changes. The parties >>>>>>>>>>>>>>>>>>>> include: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * your coauthors >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * rfc-editor@rfc-editor.org (the RPC team) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * other document participants, depending on the >>>>>>>>>>>>>>>>>>>> stream (e.g., >>>>>>>>>>>>>>>>>>>> IETF Stream participants are your working group >>>>>>>>>>>>>>>>>>>> chairs, the >>>>>>>>>>>>>>>>>>>> responsible ADs, and the document shepherd). >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * auth48archive@rfc-editor.org, which is a new >>>>>>>>>>>>>>>>>>>> archival mailing list >>>>>>>>>>>>>>>>>>>> to preserve AUTH48 conversations; it is not an >>>>>>>>>>>>>>>>>>>> active discussion >>>>>>>>>>>>>>>>>>>> list: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * More info: >>>>>>>>>>>>>>>>>>>> https://mailarchive.ietf.org/arch/msg/ietf- >>>>>>>>>>>>>>>>>>>> announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * The archive itself: >>>>>>>>>>>>>>>>>>>> https://mailarchive.ietf.org/arch/browse/auth48archive/ >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> * Note: If only absolutely necessary, you may >>>>>>>>>>>>>>>>>>>> temporarily opt out >>>>>>>>>>>>>>>>>>>> of the archiving of messages (e.g., to discuss a >>>>>>>>>>>>>>>>>>>> sensitive matter). >>>>>>>>>>>>>>>>>>>> If needed, please add a note at the top of the >>>>>>>>>>>>>>>>>>>> message that you >>>>>>>>>>>>>>>>>>>> have dropped the address. When the discussion is >>>>>>>>>>>>>>>>>>>> concluded, >>>>>>>>>>>>>>>>>>>> auth48archive@rfc-editor.org will be re-added to the >>>>>>>>>>>>>>>>>>>> CC list and >>>>>>>>>>>>>>>>>>>> its addition will be noted at the top of the >>>>>>>>>>>>>>>>>>>> message. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> You may submit your changes in one of two ways: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> An update to the provided XML file >>>>>>>>>>>>>>>>>>>> — OR — >>>>>>>>>>>>>>>>>>>> An explicit list of changes in this format >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Section # (or indicate Global) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> OLD: >>>>>>>>>>>>>>>>>>>> old text >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> NEW: >>>>>>>>>>>>>>>>>>>> new text >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> You do not need to reply with both an updated XML >>>>>>>>>>>>>>>>>>>> file and an explicit >>>>>>>>>>>>>>>>>>>> list of changes, as either form is sufficient. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> We will ask a stream manager to review and approve >>>>>>>>>>>>>>>>>>>> any changes that seem >>>>>>>>>>>>>>>>>>>> beyond editorial in nature, e.g., addition of new >>>>>>>>>>>>>>>>>>>> text, deletion of text, >>>>>>>>>>>>>>>>>>>> and technical changes. Information about stream >>>>>>>>>>>>>>>>>>>> managers can be found in >>>>>>>>>>>>>>>>>>>> the FAQ. Editorial changes do not require approval >>>>>>>>>>>>>>>>>>>> from a stream manager. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Approving for publication >>>>>>>>>>>>>>>>>>>> -------------------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> To approve your RFC for publication, please reply to >>>>>>>>>>>>>>>>>>>> this email stating >>>>>>>>>>>>>>>>>>>> that you approve this RFC for publication. Please >>>>>>>>>>>>>>>>>>>> use ‘REPLY ALL’, >>>>>>>>>>>>>>>>>>>> as all the parties CCed on this message need to see >>>>>>>>>>>>>>>>>>>> your approval. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Files >>>>>>>>>>>>>>>>>>>> ----- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The files are available here: >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Diff file of the text: >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>>>> rfcdiff.html (side by side) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Diff of the XML: >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421- >>>>>>>>>>>>>>>>>>>> xmldiff1.html >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The following files are provided to facilitate >>>>>>>>>>>>>>>>>>>> creation of your own >>>>>>>>>>>>>>>>>>>> diff files of the XML. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Initial XMLv3 created using XMLv2 as input: >>>>>>>>>>>>>>>>>>>> https://www.rfc- >>>>>>>>>>>>>>>>>>>> editor.org/authors/rfc9421.original.v2v3.xml >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> XMLv3 file that is a best effort to capture v3- >>>>>>>>>>>>>>>>>>>> related format updates >>>>>>>>>>>>>>>>>>>> only: >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.form.xml >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Tracking progress >>>>>>>>>>>>>>>>>>>> ----------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The details of the AUTH48 status of your document >>>>>>>>>>>>>>>>>>>> are here: >>>>>>>>>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please let us know if you have any questions. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thank you for your cooperation, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> RFC Editor >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -------------------------------------- >>>>>>>>>>>>>>>>>>>> RFC9421 (draft-ietf-httpbis-message-signatures-19) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Title : HTTP Message Signatures >>>>>>>>>>>>>>>>>>>> Author(s) : A. Backman, Ed., J. Richer, Ed., >>>>>>>>>>>>>>>>>>>> M. Sporny >>>>>>>>>>>>>>>>>>>> WG Chair(s) : Mark Nottingham, Tommy Pauly >>>>>>>>>>>>>>>>>>>> Area Director(s) : Murray Kucherawy, Francesca >>>>>>>>>>>>>>>>>>>> Palombini >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> <rfc9421-jricher.xml><rfc9421-jricher.diff> >>>>>>>>>>>>>> >>>>>>>>>>>>>> <rfc9421-jricher2.xml> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>> >
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… rfc-editor
- [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-httpb… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Sandy Ginoza
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <dra… Paul Wouters
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Justin Richer
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Manu Sporny
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- [auth48] [IANA] AUTH48: RFC-to-be 9421 <draft-iet… Lynne Bartholomew
- [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be… David Dong via RT
- Re: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-t… Lynne Bartholomew