-
Notifications
You must be signed in to change notification settings - Fork 29
/
draft-cavage-http-signatures.xml
8 lines (8 loc) · 1.23 KB
/
draft-cavage-http-signatures.xml
1
2
3
4
5
6
7
8
<?xml version="1.0" encoding="UTF-8" ?>
<service primary="IETF" secondary="I-D" id="cavage-http-signatures">
<title>Signing HTTP Messages</title>
<documentation source="https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures">When communicating over the Internet using the HTTP protocol, it can be desirable for a server or client to authenticate the sender of a particular message. It can also be desirable to ensure that the message was not tampered with during transit. This document describes a way for servers and clients to simultaneously add authentication and message integrity to HTTP messages by using a digital signature.</documentation>
<http-header def="Signature">
<documentation source="https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-4">The "signature" HTTP Header is based on the model that the sender must authenticate itself with a digital signature produced by either a private asymmetric key (e.g., RSA) or a shared symmetric key (e.g., HMAC). The scheme is parameterized enough such that it is not bound to any particular key type or signing algorithm. However, it does explicitly assume that senders can send an HTTP 'Date' header.</documentation>
</http-header>
</service>