Skip to content

Make invite acceptance resonse and request for share use http-sig always#384

Open
mickenordin wants to merge 7 commits into
developfrom
kano-sig-norm
Open

Make invite acceptance resonse and request for share use http-sig always#384
mickenordin wants to merge 7 commits into
developfrom
kano-sig-norm

Conversation

@mickenordin

Copy link
Copy Markdown
Member

No description provided.

Comment thread IETF-OCM.md
Comment thread IETF-OCM.md Outdated
Comment thread IETF-OCM.md Outdated
Comment thread IETF-OCM.md Outdated
Comment thread IETF-OCM.md
the Receiving Server would not be able to verify the signature without
having access to the shared secret in advance.

## Verification Requirements

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adding a short mention of Accept-Signature (Section 5.1 of RFC 9421) as a wayn for verifier to state which parameters they require and support seems relevant in this section

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this needed since we have the http-sig capability in the discovery, already negotiating this? Do you know if it is usually is used by software libraries to prepare signatures, or if it would be redundant in this context given our discovery mechanism?

The tag is part of the signature, where as a label is only a dictionary
key that MAY be rewritten by intermediaries.
Make ed25519 recommended for signatures and sha256 mandatory for hash algorithms.
We want signatures to always be used when they can be
@mickenordin mickenordin marked this pull request as ready for review July 13, 2026 10:05
@mickenordin

Copy link
Copy Markdown
Member Author

I have now tried to describe the consensus about signature applicability and backwards compatibility in such a way that the spec allows incremental adoption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants