Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
Paul Wouters <paul.wouters@aiven.io> Tue, 06 February 2024 18:48 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F8EC151088 for <auth48archive@ietfa.amsl.com>; Tue, 6 Feb 2024 10:48:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WnmvZKtxf3cL for <auth48archive@ietfa.amsl.com>; Tue, 6 Feb 2024 10:48:39 -0800 (PST)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B378C14F5EE for <auth48archive@rfc-editor.org>; Tue, 6 Feb 2024 10:48:38 -0800 (PST)
Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-5115744dfe5so1863377e87.2 for <auth48archive@rfc-editor.org>; Tue, 06 Feb 2024 10:48:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1707245316; x=1707850116; darn=rfc-editor.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wzfn6iZ1tz7GYgfBFHYilPnJded1CQCuo6dEjoGb0h0=; b=HLo/ISpAe1++ASy72PhfPePgsx6YK0XYk8vtmrf9LdR/H+teOig5G2W+vdwUrrIiEU ugMkhjqFerjDBq6Qre1815lHbDGazoqs3ebH9xN+xx3bI0o/z0I0sJbNlIYQepVtcL8T g73op9gbmgNGO72VpEpiE0yKyiWaj+MtCVEAA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707245316; x=1707850116; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wzfn6iZ1tz7GYgfBFHYilPnJded1CQCuo6dEjoGb0h0=; b=uYS/qfbWY90aACpiiJDzk1fjCNMQ38F5GV/6qEk0Xkd+QE8zSCmw2MBpxmWhwdGOJn R6F2g3xUvQXaHGrIBVI44K688uJwVtfL59MjZJKsHYKJqikUFxDp3FwSRznkl9izdcaD IEn9i7RwQBbig9ft4vC8AiU7si//5YVAdw2ajTBKf8tpv8JCTZsjDaRMBIm1Dvb1s08M mtoYiTlLXYLW9MsV7nalo26AgZJ1mhy/EiwzDc75yZNGg4OoFJB75pu90WHNqXe/D81u kfWI3U3FyjqIJzKIVEonJYWakvagtNBtyRpcFBGY5hdZGBdzLURw+OnVWModwVuzDWLC eoVw==
X-Gm-Message-State: AOJu0Yy0fDTKYfoNDItqrtfoP+E7Fk/awKG+IWCsYr2N1yALEMf1NVzC ifcV0E1Mp/YBDCb3PI5kYMaitVEzLvu6Om+8/idcXvS6zC8fowEgf/cuje79LAQLb7sxUeuXb/5 61SMvLJiRSuSPC9Y+vihTF2Zf6jrWGbQ3spXU4g==
X-Google-Smtp-Source: AGHT+IHUZr8WHPAID2T1i8puZ6A0mejWS67aiv4W8kpRY8IcMM78rS+XPDF6lyPzBr9Im+rmFkmsQQOZv/tJHoGcPeM=
X-Received: by 2002:a05:6512:1107:b0:511:6458:4c4d with SMTP id l7-20020a056512110700b0051164584c4dmr74274lfg.43.1707245316361; Tue, 06 Feb 2024 10:48:36 -0800 (PST)
MIME-Version: 1.0
References: <20240122235424.DA8495668A@rfcpa.amsl.com> <28B3E1C1-7695-4B4A-8640-E6B7A48F4D7B@mit.edu> <545597A1-9F15-43F8-A702-E1DB3A20E2F4@amsl.com> <3E666F1B-5F26-4FD3-9D2F-BDF0452BF40D@mit.edu> <70F34678-D7E9-4017-93F7-68AF99717557@amsl.com> <4B62021C-3030-4C06-9531-7BF00B2CA15C@mit.edu> <199D083B-D84A-4CD5-9D4D-3CF0940FF425@mit.edu> <3681645D-00F7-4C31-B17D-93220255EDF5@amsl.com> <BE3B1F09-6474-4F72-BBFF-5F8BED1667F4@mit.edu> <415419C0-DDDE-436D-9C97-1BD364C55E88@amsl.com> <LV8PR01MB86773D3C4577B28711821945BD7D2@LV8PR01MB8677.prod.exchangelabs.com> <C342D205-EF4B-4ED3-9D7A-67DF5FB9B4EE@amsl.com> <LV8PR01MB86771E51D995784A8DF74B17BD472@LV8PR01MB8677.prod.exchangelabs.com> <A589D0A2-775D-4414-8665-28D17F66E7C1@amsl.com> <LV8PR01MB86771474AA98E8EED5BEBB4FBD462@LV8PR01MB8677.prod.exchangelabs.com> <A486105D-B267-47B3-8862-BFD7BE0C8504@amsl.com> <1223532B-4C7B-4075-B862-FFA681BE9BD5@amsl.com>
In-Reply-To: <1223532B-4C7B-4075-B862-FFA681BE9BD5@amsl.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 06 Feb 2024 13:48:25 -0500
Message-ID: <CAGL5yWat19sEa8BEYmumA+ws4pyBLqbp-6vJ8hYkdGuyVVbbOA@mail.gmail.com>
To: Lynne Bartholomew <lbartholomew@amsl.com>
Cc: Justin Richer <jricher@mit.edu>, Manu Sporny <msporny@digitalbazaar.com>, "richanna@amazon.com" <richanna@amazon.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, "httpbis-ads@ietf.org" <httpbis-ads@ietf.org>, "httpbis-chairs@ietf.org" <httpbis-chairs@ietf.org>, Tommy Pauly <tpauly@apple.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000a0a19b0610bb062e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/lcp5JIBCy5YC65dLYAIIsHGESok>
Subject: Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <draft-ietf-httpbis-message-signatures-19> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 18:48:43 -0000
On Tue, Feb 6, 2024 at 1:16 PM Lynne Bartholomew <lbartholomew@amsl.com> wrote: > Hi, Paul. > > Per the emails below, would you please approve this document for > publication on behalf of Annabelle? > I was checking to see when we last heard from her, which seems to be October 2023. Since that's been a while, I approve publication on her behalf. Paul > > Please see <https://www.rfc-editor.org/auth48/rfc9421> for the AUTH48 > timeline for this document. > > The latest files are posted here. Please refresh your browser: > > https://www.rfc-editor.org/authors/rfc9421.txt > https://www.rfc-editor.org/authors/rfc9421.pdf > https://www.rfc-editor.org/authors/rfc9421.html > https://www.rfc-editor.org/authors/rfc9421.xml > https://www.rfc-editor.org/authors/rfc9421-diff.html > https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > > Thank you. > > RFC Editor/lb > > > On Feb 6, 2024, at 10:09 AM, Lynne Bartholomew <lbartholomew@amsl.com> > wrote: > > > > Hi, Justin and Manu. > > > > Thank you for the quick replies. We will email the AD to request AD > approval on behalf of Annabelle. > > > > RFC Editor/lb > > > >> On Feb 6, 2024, at 10:01 AM, Manu Sporny <msporny@digitalbazaar.com> > wrote: > >> > >> On Tue, Feb 6, 2024 at 12:54 PM Justin Richer <jricher@mit.edu> wrote: > >>> I strongly prefer option 3. > >> > >> Agreed. > >> > >> -- manu > > > >> On Feb 6, 2024, at 9:54 AM, Justin Richer <jricher@mit.edu> wrote: > >> > >> I strongly prefer option 3. > >> > >> Thank you, > >> -Justin > >> From: Lynne Bartholomew <lbartholomew@amsl.com> > >> Sent: Tuesday, February 6, 2024 11:26 AM > >> To: Justin Richer <jricher@mit.edu> > >> Cc: Sandy Ginoza <sginoza@amsl.com>; richanna@amazon.com < > richanna@amazon.com>; Manu Sporny <msporny@digitalbazaar.com>; > rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>; > httpbis-ads@ietf.org <httpbis-ads@ietf.org>; httpbis-chairs@ietf.org < > httpbis-chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul Wouters < > paul.wouters@aiven.io>; auth48archive@rfc-editor.org < > auth48archive@rfc-editor.org> > >> Subject: Re: AUTH48: RFC-to-be 9421 > <draft-ietf-httpbis-message-signatures-19> for your review Hi, Justin. > We have three options, as listed on < > https://www.rfc-editor.org/faq/#missingauthor>. > >> > >> It sounds like Option 3 might be best in this case, but please let us > know your preference regarding next steps. > >> > >> Thank you. > >> > >> RFC Editor/lb > >> > >>> On Feb 5, 2024, at 3:11 PM, Justin Richer <jricher@mit.edu> wrote: > >>> > >>> Hi Sandy et al, > >>> > >>> In addition to these emails, I have reached out to Annabelle on > personal channels and have not heard back from her there either in quite > some time. I am not sure what her situation is right now, but I am not sure > we can anticipate her responding soon. I hate to be in the position to ask > this, but is there a process for moving forward if we don't hear a response > from her? > >>> > >>> - Justin > >>> From: Sandy Ginoza <sginoza@amsl.com> > >>> Sent: Wednesday, January 31, 2024 11:29 AM > >>> To: richanna@amazon.com <richanna@amazon.com>; Justin Richer < > jricher@mit.edu> > >>> Cc: Lynne Bartholomew <lbartholomew@amsl.com>; Manu Sporny < > msporny@digitalbazaar.com>; RFC Editor <rfc-editor@rfc-editor.org>; > httpbis-ads@ietf.org <httpbis-ads@ietf.org>; httpbis-chairs@ietf.org < > httpbis-chairs@ietf.org>; Tommy Pauly <tpauly@apple.com>; Paul Wouters < > paul.wouters@aiven.io>; auth48archive@rfc-editor.org < > auth48archive@rfc-editor.org> > >>> Subject: Re: AUTH48: RFC-to-be 9421 > <draft-ietf-httpbis-message-signatures-19> for your review Hi Annabelle, > >>> > >>> We do not believe we have heard from you regarding this document’s > readiness for publication. Please review the files and let us know if any > updates are needed or if you approve the RFC for publication. > >>> > >>> Thank you, > >>> RFC Editor/sg > >>> > >>>> On Jan 29, 2024, at 7:54 PM, Justin Richer <jricher@mit.edu> wrote: > >>>> > >>>> Thank you! > >>>> > >>>> - Justin > >>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > >>>> Sent: Monday, January 29, 2024 7:15 PM > >>>> To: Justin Richer <jricher@mit.edu> > >>>> Cc: Manu Sporny <msporny@digitalbazaar.com>; > rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>; Annabelle Backman < > richanna@amazon.com>; httpbis-ads@ietf.org <httpbis-ads@ietf.org>; > httpbis-chairs@ietf.org <httpbis-chairs@ietf.org>; Tommy Pauly < > tpauly@apple.com>; Paul Wouters <paul.wouters@aiven.io>; > auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> > >>>> Subject: Re: AUTH48: RFC-to-be 9421 > <draft-ietf-httpbis-message-signatures-19> for your review > >>>> > >>>> Hi, Justin. > >>>> > >>>> We've made the additional updates in Sections 7.1.1 and 7.2.5 per > your notes below. The latest files are here: > >>>> > >>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > >>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > >>>> > >>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>> > >>>> We have noted your approval on the AUTH48 status page: > >>>> > >>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>> > >>>> Again, many thanks for your help with this document! > >>>> > >>>> RFC Editor/lb > >>>> > >>>>> On Jan 29, 2024, at 12:35 PM, Justin Richer <jricher@mit.edu> wrote: > >>>>> > >>>>> I think it’s fine to lowercase those items. I may have been going a > little overboard on Assuming Terms Are Proper Nouns there. :) > >>>>> > >>>>> Two small changes we need to make: > >>>>> > >>>>> - In section 7.1.1, "HTTP message without the Signature fields" > should be "HTTP message without the Signature or Signature-Input fields". > >>>>> - In section 7.2.5, "HTTP message signature field values are > identified" should be reverted to "HTTP message signature values are > identified", as I think I was over-zealous at adding "field" here. > >>>>> > >>>>> With those in place, I approve this version. Thank you so much! > >>>>> > >>>>> > >>>>> — Justin > >>>>> > >>>>>> On Jan 29, 2024, at 2:09 PM, Lynne Bartholomew < > lbartholomew@amsl.com> wrote: > >>>>>> > >>>>>> Hi, Justin. > >>>>>> > >>>>>> Thank you for the latest XML file! We made further updates as > noted below. > >>>>>> > >>>>>> * Removed the [rfced] questions again > >>>>>> * Changed "boolean" to "Boolean" (per your note that we can go with > "Boolean" for all cases) > >>>>>> * Changed "HTTP Message" to "HTTP message where used generally (per > your note that "HTTP message" is fine and seems to align with RFC 9110) > >>>>>> * Changed "HTTP Message Signature" to "HTTP message signature" in > running text (per your note below) > >>>>>> * Updated our XML comment for draft-ietf-httpbis-digest-headers > again, to point out that draft-ietf-httpbis-digest-headers is in > AUTH48-DONE as of January 2024; if draft-ietf-httpbis-digest-headers is > published first, we will update this document to list RFC 9530 instead > >>>>>> > >>>>>> Please note that we found five instances each of "HTTP Message > Component" and "HTTP message component" in running text. Apologies for > missing this earlier. Because we couldn't find a precedent for this term > in published RFCs to date (nor could we find a precedent for "HTTP Message > Signature" or "HTTP message signature"), we lowercased to "HTTP message > component", "HTTP message component name", and "HTTP message component > values" in running text. Please review, and let us know any objections. > >>>>>> > >>>>>> The latest files are posted here. Please refresh your browser: > >>>>>> > >>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421-lastdiff.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421-lastrfcdiff.html > >>>>>> > >>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>>>> > >>>>>> Thanks again! > >>>>>> > >>>>>> RFC Editor/lb > >>>>>> > >>>>>> > >>>>>>> On Jan 29, 2024, at 8:45 AM, Justin Richer <jricher@mit.edu> > wrote: > >>>>>>> > >>>>>>> I went through all instances of the word "string" in the text and > I believe there were only four places that needed to change. The resulting > file is attached here. > >>>>>>> > >>>>>>> — Justin > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> On Jan 26, 2024, at 5:57 PM, Justin Richer <jricher@mit.edu> > wrote: > >>>>>>>> > >>>>>>>>> > >>>>>>>>> On Jan 26, 2024, at 5:45 PM, Lynne Bartholomew < > lbartholomew@amsl.com> wrote: > >>>>>>>>> > >>>>>>>>> Hi, Justin. > >>>>>>>>> > >>>>>>>>> Apologies for not being clear. Please let us know your > preference regarding how we should update the four items below. (Question > 12)b) says "The following terms appear to be used inconsistently in this > document. Please let us know which form is preferred.") > >>>>>>>>> > >>>>>>>> > >>>>>>>> Oh, my apologies, I misunderstood — answers inline below. > >>>>>>>> > >>>>>>>>> Regarding RFC-to-be 9530: Per our standard process, even though > I updated the entry, if RFC-to-be 9530 hasn't been published before this > document is ready to go, I will revert to the previous [DIGEST]/draftstring > reference entry. > >>>>>>>> > >>>>>>>> OK, that’s fine. My question was that RFC-to-be 9530 has an > informative reference to RFC-to-be 9421 (this document). Would it be > possible to publish the two documents together and have them > cross-reference each other’s RFC number, since we’re so close? > >>>>>>>> > >>>>>>>>> > >>>>>>>>> Thank you! > >>>>>>>>> > >>>>>>>>> RFC Editor/lb > >>>>>>>>> > >>>>>>>>>> On Jan 26, 2024, at 2:17 PM, Justin Richer <jricher@mit.edu> > wrote: > >>>>>>>>>> > >>>>>>>>>> Thank you, yes please update each of those as you have > suggested. > >>>>>>>>>> > >>>>>>>>>> I believe RFC 9530 [DIGEST] is done as well, but I don’t see a > good reason to wait until it’s published. I think it references this > specification informationally as well — has that reference also been > changed? If they’re both close to complete then they should probably have > each others’ RFC numbers instead of ID names in them, I think. They weren’t > put in as a batch though, and this isn’t critical as they’re informational > references. > >>>>>>>>>> > >>>>>>>>>> — Justin > >>>>>>>>>> > >>>>>>>>>>> On Jan 26, 2024, at 5:07 PM, Lynne Bartholomew < > lbartholomew@amsl.com> wrote: > >>>>>>>>>>> > >>>>>>>>>>> Hi, Justin and Manu. > >>>>>>>>>>> > >>>>>>>>>>> Justin, thank you very much for the updated XML file, diff > file, and replies to our questions! > >>>>>>>>>>> > >>>>>>>>>>> Follow-up items for you: > >>>>>>>>>>> > >>>>>>>>>>> Regarding your side question for [DIGEST]: We have updated > this entry to reflect RFC 9530 for now. Thank you for pointing that out. > It appears that RFC 9530 might be published soon, but if not, would you > like us to hold publication of this document until RFC 9530 is published? > >>>>>>>>>>> > >>>>>>>>>>> Regarding our question 12)b) and your replies: We see that > the following four items were not addressed in the updated XML file. Would > you like us to make updates to some or all of these? If yes, please > specify which items: > >>>>>>>>>>> > >>>>>>>>>>>>> boolean / Boolean > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>> > >>>>>>>> We can go with "Boolean" for all cases. > >>>>>>>> > >>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, e.g., > >>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message can > contain", > >>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", "from the > HTTP > >>>>>>>>>>>>> Message", "from the HTTP message") > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>> > >>>>>>>> "HTTP message" is fine, and seems to align with RFC9110. > >>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message signature(s) / > >>>>>>>>>>>>> HTTP Message signature (in running text) > >>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", "an > application > >>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message Signature" > >>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section 3.1), > >>>>>>>>>>>>> "An HTTP Message signature MUST use") > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>> > >>>>>>>> With the above, let’s go with "HTTP message signature". > >>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> string value / String value > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>> > >>>>>>>> This one is more tricky — if it’s talking about the Structured > Field type of String, it should be capitalized. If it’s talking about a > "string" in general, it shouldn’t be. > >>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> = = = = = > >>>>>>>>>>> > >>>>>>>>>>> The latest files are posted here: > >>>>>>>>>>> > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-auth48diff.html > >>>>>>>>>>> > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff2.html > >>>>>>>>>>> > >>>>>>>>>>> Manu, we have noted your approval on the AUTH48 status page: > >>>>>>>>>>> > >>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>>>>>>>>> > >>>>>>>>>>> Thanks again! > >>>>>>>>>>> > >>>>>>>>>>> RFC Editor/lb > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Jan 26, 2024, at 5:58 AM, Manu Sporny < > msporny@digitalbazaar.com> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> On Thu, Jan 25, 2024 at 11:48 PM Justin Richer < > jricher@mit.edu> wrote: > >>>>>>>>>>>>> Attached please find the XML file with some small edits > applied with regard to the below, as well as a diff file from the provided > XML. > >>>>>>>>>>>> > >>>>>>>>>>>> This email is just noting my approval of the edits (thank you, > >>>>>>>>>>>> Justin!) as well as the publication of the RFC. > >>>>>>>>>>>> > >>>>>>>>>>>> -- manu > >>>>>>>>>>>> > >>>>>>>>>>>> -- > >>>>>>>>>>>> Manu Sporny - https://www.linkedin.com/in/manusporny/ > >>>>>>>>>>>> Founder/CEO - Digital Bazaar, Inc. > >>>>>>>>>>>> https://www.digitalbazaar.com/ > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Jan 25, 2024, at 8:48 PM, Justin Richer <jricher@mit.edu> > wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> Hi RFC Editor! > >>>>>>>>>>>> > >>>>>>>>>>>> Attached please find the XML file with some small edits > applied with regard to the below, as well as a diff file from the provided > XML. > >>>>>>>>>>>> > >>>>>>>>>>>> There were a couple of small changes to the text that I > caught on this read through that I fixed in the XML, not covered in the > sections below: > >>>>>>>>>>>> > >>>>>>>>>>>> - Section 1.3, bullet 2, "A combination" should be reverted > to "Combination", as we are trying to say "the act and result of combining > the fields with the same name" which is specifically described in HTTP > >>>>>>>>>>>> > >>>>>>>>>>>> - Section 2.1, "content identifier" should be "component > identifier" > >>>>>>>>>>>> > >>>>>>>>>>>> - Section B.1.1. should be named "Example RSA Key", so I’ve > updated the XML as appropriate. > >>>>>>>>>>>> > >>>>>>>>>>>> - Example B.2 had an incorrect digest value, this has been > corrected (see https://github.com/httpwg/http-extensions/pull/2669) — the > calculated signature example that uses this value in B.2.4 had already been > corrected and did not need to be changed. > >>>>>>>>>>>> > >>>>>>>>>>>> I’ve also replied to the questions inline. > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> On Jan 22, 2024, at 6:54 PM, rfc-editor@rfc-editor.org > wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> Authors, > >>>>>>>>>>>>> > >>>>>>>>>>>>> While reviewing this document during AUTH48, please resolve > (as necessary) > >>>>>>>>>>>>> the following questions, which are also in the XML file. > >>>>>>>>>>>>> > >>>>>>>>>>>>> 1) <!-- [rfced] Note that we have removed the URI < > https://manu.sporny.org/>. We checked its availability many times > (including today) and were unable to connect. > >>>>>>>>>>>>> <uri>https://manu.sporny.org/</uri> --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> That’s fine with me. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2) <!-- [rfced] Sections 1 and subsequent: Because many > changes were > >>>>>>>>>>>>> made to this document during the EDIT and AUTH states, > please review > >>>>>>>>>>>>> all updates in this document carefully, and let us know if > anything > >>>>>>>>>>>>> is incorrect. > >>>>>>>>>>>> > >>>>>>>>>>>> I’ve reviewed and, apart from the edits noted above, this > section is good. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Also, a follow-on to December 2023 email discussions > regarding the > >>>>>>>>>>>>> use of <tt>: Please (1) review current instances of <tt> and > >>>>>>>>>>>>> (2) review changes from "header" to "header field" as > instructed > >>>>>>>>>>>>> during the AUTH state (not applied to all parameters). Let > us know > >>>>>>>>>>>>> if further updates are needed. --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> I’ve gone through the document and have checked instances of > <tt> and "header/header field" and these seem to be OK with the suggested > edits. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 3) <!-- [rfced] Please review the "type" attribute of each > sourcecode > >>>>>>>>>>>>> element in the XML file to ensure correctness. If the > current list > >>>>>>>>>>>>> of preferred values for "type" > >>>>>>>>>>>>> (https://www.rfc-editor.org/materials/sourcecode-types.txt) > does not > >>>>>>>>>>>>> contain an applicable type, please let us know. Also, it is > >>>>>>>>>>>>> acceptable to leave the "type" attribute not set. > >>>>>>>>>>>>> > >>>>>>>>>>>>> In addition, review each artwork element. Specifically, > should any > >>>>>>>>>>>>> artwork element be tagged as sourcecode? --> > >>>>>>>>>>>> > >>>>>>>>>>>> I’ve gone through all of these, and they look correct. I made > not changes in the attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 4) <!-- [rfced] Sections 2.2.8 and subsequent: Please > review the links > >>>>>>>>>>>>> that we provided when we made updates to the citations to > [HTMLURL] > >>>>>>>>>>>>> (best viewed in the HTML and PDF output files), and let us > know if > >>>>>>>>>>>>> there are any issues. For example, it appears to us that > these links > >>>>>>>>>>>>> would be stable, but please let us know if this is incorrect: > >>>>>>>>>>>>> > >>>>>>>>>>>>> < > https://url.spec.whatwg.org/#application/x-www-form-urlencoded> > >>>>>>>>>>>>> for Section 5 > >>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded-parsing> > >>>>>>>>>>>>> for Section 5.1 > >>>>>>>>>>>>> <https://url.spec.whatwg.org/#urlencoded-serializing> > >>>>>>>>>>>>> for Section 5.2 --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> These all seem to be correct. I made no changes in the > attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 5) <!-- [rfced] For alignment with the IANA registry, would > it be appropriate to change "Specification document(s)" to "Reference(s)" > in the descriptions and the column headers throughout Section 6? > >>>>>>>>>>>>> > >>>>>>>>>>>>> Example from Section 6.2.1: > >>>>>>>>>>>>> Specification document(s): > >>>>>>>>>>>>> Reference to the document(s) that specify the algorithm, > >>>>>>>>>>>>> preferably including a URI that can be used to retrieve a > copy of > >>>>>>>>>>>>> the document(s). An indication of the relevant sections may > also > >>>>>>>>>>>>> be included but is not required. > >>>>>>>>>>>>> --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> I’m OK with this change. I have changed the attached file to > use "Reference" (with no (s) attached) for both the description and column > name to match the created IANA registry. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 6) <!-- [rfced] The description for ed25519 is slightly > different than the other entries. Is this intentional, or perhaps the > description could be updated as follows: > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original: > >>>>>>>>>>>>> Edwards Curve DSA using curve edwards25519 > >>>>>>>>>>>>> > >>>>>>>>>>>>> Perhaps: > >>>>>>>>>>>>> ECDSA using curve edwards25519 > >>>>>>>>>>>>> --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> The existing text is correct as per rfc8032, no changes > should be made. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 7) <!-- [rfced] We were unable to verify this statement. > Please confirm that the reference is correct. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original: > >>>>>>>>>>>>> As discussed in [DIGEST], the value of the Content-Digest > field is > >>>>>>>>>>>>> dependent on the content encoding of the message. > >>>>>>>>>>>>> --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Yes, this is discussed at length in sections 2 and 3 of > DIGEST. > >>>>>>>>>>>> > >>>>>>>>>>>> An aside from the authors - we will need to update this > reference to the digest RFC number, right? > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 8) <!-- [rfced] Section 7.3.3: As it appears that "its" > actually refers > >>>>>>>>>>>>> to the symmetric cryptographic methods, we changed "its" to > "their". > >>>>>>>>>>>>> If this is incorrect, please clarify what "its" refers to. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original (the previous sentence is included for context): > >>>>>>>>>>>>> The HTTP Message Signatures specification allows for both > asymmetric > >>>>>>>>>>>>> and symmetric cryptography to be applied to HTTP messages. > By its > >>>>>>>>>>>>> nature, symmetric cryptographic methods require the same key > material > >>>>>>>>>>>>> to be known by both the signer and verifier. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Currently: > >>>>>>>>>>>>> By their > >>>>>>>>>>>>> nature, symmetric cryptographic methods require the same key > material > >>>>>>>>>>>>> to be known by both the signer and verifier. --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Yes, this change is OK. > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> 9) <!-- [rfced] For clarity, may we update "other historical > drafts" to "other Internet-Drafts"? Is mention of "historical" important? > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original: > >>>>>>>>>>>>> It is recommended > >>>>>>>>>>>>> that developers wishing to support both this specification > and other > >>>>>>>>>>>>> historical drafts do so carefully and deliberately, as > >>>>>>>>>>>>> incompatibilities between this specification and various > versions of > >>>>>>>>>>>>> other drafts could lead to unexpected problems. > >>>>>>>>>>>>> --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> I think "historical" is reasonable to keep as it is. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 10) <!-- [rfced] Because this document is a Proposed > Standard, may we update the following text? > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original: > >>>>>>>>>>>>> It is recommended that implementers first detect and > validate the > >>>>>>>>>>>>> Signature-Input field defined in this specification to > detect that > >>>>>>>>>>>>> this standard is in use and not an alternative. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Perhaps: > >>>>>>>>>>>>> It is recommended that implementers first detect and > validate the > >>>>>>>>>>>>> Signature-Input field defined in this specification to > detect that > >>>>>>>>>>>>> the mechanism described in this document is in use and not > an > >>>>>>>>>>>>> alternative. > >>>>>>>>>>>>> --> > >>>>>>>>>>>> > >>>>>>>>>>>> Yes, this change is fine. I have updated the text as > proposed. The sentence also ends with "this specification", is this OK to > keep? > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 11) <!-- [rfced] Please review the "Inclusive Language" > portion of the > >>>>>>>>>>>>> online Style Guide at > >>>>>>>>>>>>> < > https://www.rfc-editor.org/styleguide/part2/#inclusive_language>, > >>>>>>>>>>>>> and let us know if any changes are needed. > >>>>>>>>>>>>> > >>>>>>>>>>>>> For example, please consider whether the following should be > updated: > >>>>>>>>>>>>> > >>>>>>>>>>>>> whitespace --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This is the specific term used in [HTTP] so I believe we > shouldn’t vary from it. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 12) <!-- [rfced] Please let us know if any changes are > needed for the > >>>>>>>>>>>>> following: > >>>>>>>>>>>>> > >>>>>>>>>>>>> a) The following terms were used inconsistently in this > document. > >>>>>>>>>>>>> We chose to use the latter forms. Please let us know any > objections. > >>>>>>>>>>>>> > >>>>>>>>>>>>> "@authority" derived component (last paragraph of Section > 7.2.4) / > >>>>>>>>>>>>> @authority derived component (per unquoted names of derived > >>>>>>>>>>>>> components in the rest of this document) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> I have changed this to be wrapped in <tt> tags as in other > places in the document, removing the quotes. > >>>>>>>>>>>> > >>>>>>>>>>>>> dictionary / Dictionary (per [STRUCTURED-FIELDS]; we see that > >>>>>>>>>>>>> [STRUCTURED-FIELDS] uses the term "Dictionary".) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> dictionary structured field / Dictionary structured field / > >>>>>>>>>>>>> Dictionary Structured Field > >>>>>>>>>>>>> (per [STRUCTURED-FIELDS]; we see that [STRUCTURED-FIELDS] > uses > >>>>>>>>>>>>> the terms "Dictionary" and "Structured Field".) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> Note: We also changed instances of "structured field" where > used > >>>>>>>>>>>>> more generally to "Structured Field", also per usage in > >>>>>>>>>>>>> [STRUCTURED-FIELDS]. Please let us know any concerns. > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> ed25519 algorithm / Ed25519 algorithm (per RFC 8032) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> encoded in big-endian unsigned integers / > >>>>>>>>>>>>> encoded as big-endian unsigned integers > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Host field (1 instance) / Host header field > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. I believe I found a few other places > that were not using "field" and have updated them in the attached text. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> host name (2 instances in original) / > >>>>>>>>>>>>> hostname (5 instances in original) > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> HTTP Signature Algorithm(s) (used generally in Sections 6.2 > >>>>>>>>>>>>> and 6.2.1) / HTTP signature algorithm(s) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> key id (Section 4.3) / keyid > >>>>>>>>>>>> > >>>>>>>>>>>> I changed this to "key" to be consistent with other uses of > identifying keys directly in examples. "keyid" on its own is used as > "<tt>keyid</tt> parameter" or similar, and "key identifier" is used when > speaking of the term generically. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> line-folding / line folding (per RFC 9112) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> RSA PSS / RSA-PSS (per post-6000 published RFCs, including > >>>>>>>>>>>>> RFC 8017) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> signature field / Signature field > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> Unix timestamp / UNIX timestamp > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> b) The following terms appear to be used inconsistently in > this > >>>>>>>>>>>>> document. Please let us know which form is preferred. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Accept header (noun) (4 instances) / > >>>>>>>>>>>>> Accept-Header (adj.) ("Accept-Header signature") (1 instance) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This should be "Accept header field", I have changed this in > the attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> boolean / Boolean > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> "host" header field ('"host" header field is specific to > HTTP/1.1') / > >>>>>>>>>>>>> Host header ('the Host header field in HTTP/1.1') > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This should be Host header field, I have changed this in the > attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> HTTP Message / HTTP message (used generally in text, e.g., > >>>>>>>>>>>>> "of an HTTP message. Note that a given HTTP Message can > contain", > >>>>>>>>>>>>> "the HTTP message and", "the HTTP Message and", "from the > HTTP > >>>>>>>>>>>>> Message", "from the HTTP message") > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> HTTP Message Signature(s) / HTTP message signature(s) / > >>>>>>>>>>>>> HTTP Message signature (in running text) > >>>>>>>>>>>>> (e.g., "Applications of HTTP Message Signatures", "an > application > >>>>>>>>>>>>> of HTTP message signatures", "An HTTP Message Signature" > >>>>>>>>>>>>> (Section 3), "an HTTP message signature" (Section 3.1), > >>>>>>>>>>>>> "An HTTP Message signature MUST use") > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> Referer / Referrer (Appendix B.4) > >>>>>>>>>>>>> We see both spellings used in post-6000 published RFCs. > Google > >>>>>>>>>>>>> searches for "what is a referer header?" and "what is a > referrer > >>>>>>>>>>>>> header?" both seem to indicate that "Referer" is technically > >>>>>>>>>>>>> correct but that it is "a misspelling of Referrer". > >>>>>>>>>>>>> > >>>>>>>>>>>>> Because RFC 9110 uses "Referer", it might be best to use that > >>>>>>>>>>>>> form, but we defer to your choice. Please advise. > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This should be "Referer header field", I have updated the > text in the attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> signature value(s) (37 instances in text) / > >>>>>>>>>>>>> Signature value(s) (6 instances in text) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> The distinction is correct, but was unclear in the text. When > used uppercase as "Signature value" it is referring specifically to the > Signature field value, so I have changed those instances to "Signature > field value" to be precise. I’ve made the same change to Signature-Input > field value here. The lowercase instances all refer to the value of the > HTTP message signature itself, not specifically the field. > >>>>>>>>>>>> > >>>>>>>>>>>>> status code derived component / @status code / > >>>>>>>>>>>>> @status derived component > >>>>>>>>>>>>> (We suggest the latter, as @status is defined as "The status > code > >>>>>>>>>>>>> for a response" in Section 2.2.) > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This should be left as is. > >>>>>>>>>>>> > >>>>>>>>>>>>> string value / String value > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This change is fine. > >>>>>>>>>>>> > >>>>>>>>>>>>> The hash function (Hash) SHA-<###> / The hash SHA-<###> / > >>>>>>>>>>>>> The hash function SHA-<###> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> This should be left as -is since <tt>Hash</tt> is defined as > an algorithm variable in the associated RFC8017. > >>>>>>>>>>>> > >>>>>>>>>>>>> c) Spacing after colons in message examples: Should there > be only > >>>>>>>>>>>>> one space after the colons for the following? > >>>>>>>>>>>>> > >>>>>>>>>>>>> X-OWS-Header: Leading and trailing whitespace. > >>>>>>>>>>>>> Cache-Control: must-revalidate > >>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) > >>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c) > >>>>>>>>>>>>> Example-Dict: a=1, b=2;x=1;y=2, c=(a b c), d > >>>>>>>>>>>>> > >>>>>>>>>>>>> For example, in post-6000 published RFCs, we see entries for > >>>>>>>>>>>>> "Cache-Control:" (e.g., RFCs 9126, 9205, and 9449) and > >>>>>>>>>>>>> "Example-Dict:" (RFC 8941) with only one space between the > colon > >>>>>>>>>>>>> and the parameter(s) in question. > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> The extra spaces here are specifically for an aberrant > example of what to do with non-conforming text on the wire, and they should > be left in. > >>>>>>>>>>>> > >>>>>>>>>>>>> d) Should "Digest" in this sentence be "Content-Digest"? We > ask > >>>>>>>>>>>>> because of "Content-Digest field defined in [DIGEST]" in > Section 1.4. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Original: > >>>>>>>>>>>>> * Requiring a specific set of header fields to be signed > (e.g., > >>>>>>>>>>>>> Authorization, Digest). --> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Yes, this can change to "Content-Digest", I have updated the > attached file. > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Thank you. > >>>>>>>>>>>>> > >>>>>>>>>>>>> RFC Editor > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Jan 22, 2024, at 3:47 PM, rfc-editor@rfc-editor.org > wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> *****IMPORTANT***** > >>>>>>>>>>>>> > >>>>>>>>>>>>> Updated 2024/01/22 > >>>>>>>>>>>>> > >>>>>>>>>>>>> RFC Author(s): > >>>>>>>>>>>>> -------------- > >>>>>>>>>>>>> > >>>>>>>>>>>>> Instructions for Completing AUTH48 > >>>>>>>>>>>>> > >>>>>>>>>>>>> Your document has now entered AUTH48. Once it has been > reviewed and > >>>>>>>>>>>>> approved by you and all coauthors, it will be published as > an RFC. > >>>>>>>>>>>>> If an author is no longer available, there are several > remedies > >>>>>>>>>>>>> available as listed in the FAQ ( > https://www.rfc-editor.org/faq/). > >>>>>>>>>>>>> > >>>>>>>>>>>>> You and you coauthors are responsible for engaging other > parties > >>>>>>>>>>>>> (e.g., Contributors or Working Group) as necessary before > providing > >>>>>>>>>>>>> your approval. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Planning your review > >>>>>>>>>>>>> --------------------- > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review the following aspects of your document: > >>>>>>>>>>>>> > >>>>>>>>>>>>> * RFC Editor questions > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review and resolve any questions raised by the RFC > Editor > >>>>>>>>>>>>> that have been included in the XML file as comments marked > as > >>>>>>>>>>>>> follows: > >>>>>>>>>>>>> > >>>>>>>>>>>>> <!-- [rfced] ... --> > >>>>>>>>>>>>> > >>>>>>>>>>>>> These questions will also be sent in a subsequent email. > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Changes submitted by coauthors > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please ensure that you review any changes submitted by your > >>>>>>>>>>>>> coauthors. We assume that if you do not speak up that you > >>>>>>>>>>>>> agree to changes submitted by your coauthors. > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Content > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review the full content of the document, as this > cannot > >>>>>>>>>>>>> change once the RFC is published. Please pay particular > attention to: > >>>>>>>>>>>>> - IANA considerations updates (if applicable) > >>>>>>>>>>>>> - contact information > >>>>>>>>>>>>> - references > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Copyright notices and legends > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review the copyright notice and legends as defined in > >>>>>>>>>>>>> RFC 5378 and the Trust Legal Provisions > >>>>>>>>>>>>> (TLP – https://trustee.ietf.org/license-info/). > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Semantic markup > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review the markup in the XML file to ensure that > elements of > >>>>>>>>>>>>> content are correctly tagged. For example, ensure that > <sourcecode> > >>>>>>>>>>>>> and <artwork> are set correctly. See details at > >>>>>>>>>>>>> <https://authors.ietf.org/rfcxml-vocabulary>. > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Formatted output > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please review the PDF, HTML, and TXT files to ensure that > the > >>>>>>>>>>>>> formatted output, as generated from the markup in the XML > file, is > >>>>>>>>>>>>> reasonable. Please note that the TXT will have formatting > >>>>>>>>>>>>> limitations compared to the PDF and HTML. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Submitting changes > >>>>>>>>>>>>> ------------------ > >>>>>>>>>>>>> > >>>>>>>>>>>>> To submit changes, please reply to this email using ‘REPLY > ALL’ as all > >>>>>>>>>>>>> the parties CCed on this message need to see your changes. > The parties > >>>>>>>>>>>>> include: > >>>>>>>>>>>>> > >>>>>>>>>>>>> * your coauthors > >>>>>>>>>>>>> > >>>>>>>>>>>>> * rfc-editor@rfc-editor.org (the RPC team) > >>>>>>>>>>>>> > >>>>>>>>>>>>> * other document participants, depending on the stream > (e.g., > >>>>>>>>>>>>> IETF Stream participants are your working group chairs, the > >>>>>>>>>>>>> responsible ADs, and the document shepherd). > >>>>>>>>>>>>> > >>>>>>>>>>>>> * auth48archive@rfc-editor.org, which is a new archival > mailing list > >>>>>>>>>>>>> to preserve AUTH48 conversations; it is not an active > discussion > >>>>>>>>>>>>> list: > >>>>>>>>>>>>> > >>>>>>>>>>>>> * More info: > >>>>>>>>>>>>> > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > >>>>>>>>>>>>> > >>>>>>>>>>>>> * The archive itself: > >>>>>>>>>>>>> https://mailarchive.ietf.org/arch/browse/auth48archive/ > >>>>>>>>>>>>> > >>>>>>>>>>>>> * Note: If only absolutely necessary, you may temporarily > opt out > >>>>>>>>>>>>> of the archiving of messages (e.g., to discuss a sensitive > matter). > >>>>>>>>>>>>> If needed, please add a note at the top of the message that > you > >>>>>>>>>>>>> have dropped the address. When the discussion is concluded, > >>>>>>>>>>>>> auth48archive@rfc-editor.org will be re-added to the CC > list and > >>>>>>>>>>>>> its addition will be noted at the top of the message. > >>>>>>>>>>>>> > >>>>>>>>>>>>> You may submit your changes in one of two ways: > >>>>>>>>>>>>> > >>>>>>>>>>>>> An update to the provided XML file > >>>>>>>>>>>>> — OR — > >>>>>>>>>>>>> An explicit list of changes in this format > >>>>>>>>>>>>> > >>>>>>>>>>>>> Section # (or indicate Global) > >>>>>>>>>>>>> > >>>>>>>>>>>>> OLD: > >>>>>>>>>>>>> old text > >>>>>>>>>>>>> > >>>>>>>>>>>>> NEW: > >>>>>>>>>>>>> new text > >>>>>>>>>>>>> > >>>>>>>>>>>>> You do not need to reply with both an updated XML file and > an explicit > >>>>>>>>>>>>> list of changes, as either form is sufficient. > >>>>>>>>>>>>> > >>>>>>>>>>>>> We will ask a stream manager to review and approve any > changes that seem > >>>>>>>>>>>>> beyond editorial in nature, e.g., addition of new text, > deletion of text, > >>>>>>>>>>>>> and technical changes. Information about stream managers > can be found in > >>>>>>>>>>>>> the FAQ. Editorial changes do not require approval from a > stream manager. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Approving for publication > >>>>>>>>>>>>> -------------------------- > >>>>>>>>>>>>> > >>>>>>>>>>>>> To approve your RFC for publication, please reply to this > email stating > >>>>>>>>>>>>> that you approve this RFC for publication. Please use > ‘REPLY ALL’, > >>>>>>>>>>>>> as all the parties CCed on this message need to see your > approval. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Files > >>>>>>>>>>>>> ----- > >>>>>>>>>>>>> > >>>>>>>>>>>>> The files are available here: > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.xml > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.html > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.pdf > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.txt > >>>>>>>>>>>>> > >>>>>>>>>>>>> Diff file of the text: > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-diff.html > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-rfcdiff.html > (side by side) > >>>>>>>>>>>>> > >>>>>>>>>>>>> Diff of the XML: > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421-xmldiff1.html > >>>>>>>>>>>>> > >>>>>>>>>>>>> The following files are provided to facilitate creation of > your own > >>>>>>>>>>>>> diff files of the XML. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Initial XMLv3 created using XMLv2 as input: > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.original.v2v3.xml > >>>>>>>>>>>>> > >>>>>>>>>>>>> XMLv3 file that is a best effort to capture v3-related > format updates > >>>>>>>>>>>>> only: > >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9421.form.xml > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Tracking progress > >>>>>>>>>>>>> ----------------- > >>>>>>>>>>>>> > >>>>>>>>>>>>> The details of the AUTH48 status of your document are here: > >>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9421 > >>>>>>>>>>>>> > >>>>>>>>>>>>> Please let us know if you have any questions. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Thank you for your cooperation, > >>>>>>>>>>>>> > >>>>>>>>>>>>> RFC Editor > >>>>>>>>>>>>> > >>>>>>>>>>>>> -------------------------------------- > >>>>>>>>>>>>> RFC9421 (draft-ietf-httpbis-message-signatures-19) > >>>>>>>>>>>>> > >>>>>>>>>>>>> Title : HTTP Message Signatures > >>>>>>>>>>>>> Author(s) : A. Backman, Ed., J. Richer, Ed., M. Sporny > >>>>>>>>>>>>> WG Chair(s) : Mark Nottingham, Tommy Pauly > >>>>>>>>>>>>> Area Director(s) : Murray Kucherawy, Francesca Palombini > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> <rfc9421-jricher.xml><rfc9421-jricher.diff> > >>>>>>> > >>>>>>> <rfc9421-jricher2.xml> > >>>>>> > >>>>> > >>>> > >>> > >>> > >> > >> > > > > > > > > > > >
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… rfc-editor
- [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-httpb… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Sandy Ginoza
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Justin Richer
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Manu Sporny
- Re: [auth48] AUTH48: RFC-to-be 9421 <draft-ietf-h… Lynne Bartholomew
- [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9421 <dra… Paul Wouters
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Justin Richer
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Manu Sporny
- Re: [auth48] [AD] AUTH48: RFC-to-be 9421 <draft-i… Lynne Bartholomew
- [auth48] [IANA] AUTH48: RFC-to-be 9421 <draft-iet… Lynne Bartholomew
- [auth48] [IANA #1358618] [IANA] AUTH48: RFC-to-be… David Dong via RT
- Re: [auth48] [IANA #1358618] [IANA] AUTH48: RFC-t… Lynne Bartholomew