[OAUTH-WG] Fwd: [http-auth] Review Request for third draft of "Signing HTTP Messages"
Phil Hunt <phil.hunt@oracle.com> Thu, 08 May 2014 23:22 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444A41A0185 for <oauth@ietfa.amsl.com>; Thu, 8 May 2014 16:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.85
X-Spam-Level:
X-Spam-Status: No, score=-4.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60D2qnqxeo58 for <oauth@ietfa.amsl.com>; Thu, 8 May 2014 16:22:29 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 74C081A0173 for <oauth@ietf.org>; Thu, 8 May 2014 16:22:29 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s48NMOZV008212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Thu, 8 May 2014 23:22:24 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s48NMNI5008053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <oauth@ietf.org>; Thu, 8 May 2014 23:22:23 GMT
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s48NMN4l015827 for <oauth@ietf.org>; Thu, 8 May 2014 23:22:23 GMT
Received: from [25.32.11.42] (/24.114.89.30) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 08 May 2014 16:22:22 -0700
References: <536BFA23.9020900@digitalbazaar.com>
From: Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-FE2B3422-7A58-4D33-B697-F4E6C200EB9C"
X-Mailer: iPhone Mail (11D167)
Message-Id: <DBFBB4EC-B16E-4911-9BC4-3443BAA44704@oracle.com>
Date: Thu, 08 May 2014 16:22:16 -0700
To: OAuth WG <oauth@ietf.org>
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/AfzGiIbL0fzD7793E41niS2oX9s
Subject: [OAUTH-WG] Fwd: [http-auth] Review Request for third draft of "Signing HTTP Messages"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2014 23:22:31 -0000
How does this compare with justin's draft? Phil Begin forwarded message: > From: Manu Sporny <msporny@digitalbazaar.com> > Date: May 8, 2014 at 14:41:55 PDT > To: IETF HTTP Auth <http-auth@ietf.org> > Cc: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, Web Payments CG <public-webpayments@w3.org> > Subject: [http-auth] Review Request for third draft of "Signing HTTP Messages" > > After feedback from Mark Nottingham[1], Julian Reschke[2], folks in the > HTTP Auth WG, and people in the Web Payments CG, we've modified the HTTP > Signatures specification in the following ways: > > 1. The specification has been renamed to "Signing HTTP Messages". > 2. The specification now covers both a signature-based Authorization > mechanism (client-to-server) as well as a general mechanism to sign > HTTP messages (client-to-server and server-to-client). > 3. A new "Signature" header has been introduced. > 4. The layout has been modified heavily to streamline the information > conveyed in the spec. > 5. New registries have been created for the algorithms referred to in > the specification. > 6. We're now more specific in the way certain canonicalizations are > performed. > 7. More examples have been added, including how to digitally sign > the body of an HTTP message. > > The basic mechanism of generating the signatures has not changed (and > has been stable for over a year). > > The newest spec can be found here: > > http://tools.ietf.org/html/draft-cavage-http-signatures-02 > > The diff is here: > > http://tools.ietf.org/rfcdiff?url2=draft-cavage-http-signatures-02.txt > > Matt, Yoav, Kathleen, if there are no show stopping review comments, I'd > like to push this spec onto the RFC track in the HTTP Auth WG, or > HTTPbis/2 WG. It'll be ready for a LC in a month or two. I realize that > HTTP Auth may be shutting down next month, so what's the next step to > get the HTTP Signatures spec further down the IETF RFC track? > > -- manu > > [1] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0038.html > [2] http://lists.w3.org/Archives/Public/public-webpayments/2014Feb/0036.html > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: The Marathonic Dawn of Web Payments > http://manu.sporny.org/2014/dawn-of-web-payments/ > > _______________________________________________ > http-auth mailing list > http-auth@ietf.org > https://www.ietf.org/mailman/listinfo/http-auth
- [OAUTH-WG] Fwd: [http-auth] Review Request for th… Phil Hunt
- Re: [OAUTH-WG] Fwd: [http-auth] Review Request fo… Hannes Tschofenig
- Re: [OAUTH-WG] [http-auth] Review Request for thi… Justin Richer
- Re: [OAUTH-WG] [http-auth] Review Request for thi… Bill Mills