You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wojtek answered:
We needed something stable and ready to be implemented in production, so we had to choose either case sensitive, or case insensitive, because the specification did not do it. Probably before I made a choice, I looked through various sources, to see which option seems more standard, and has a better chance of being chosen for the final standard. Anyway, it does not really matter anymore, because even if I chose wrong then, everyone agreed that case insensitive is OK.
By the way, the draft-10 should not be looked at, because we base our specification on the draft-7 version.
According to specifications, the identifier rsa-sha256 given in the Accept-Signature header should be case insensitive. Why is that? The draft specifications https://datatracker.ietf.org/doc/draft-cavage-http-signatures/, https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html and https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-10 don't seem to mention this.
The text was updated successfully, but these errors were encountered: