Closed jricher closed 2 years ago
Note that the httpsig document itself wavers between Digest
and Content-Digest
and does not require either of them.
Though maybe this is OK if the current document makes Content-Digest
mandatory for the appropriate cases.
There are some updates pending in the Digest draft -- once that's out, we'll reference using Content-Digest
as that's the most appropriate for our use case, and examples will be updated.
Some key proofing methods have additional options that could be signaled in the GNAP protocol structure. Notable, HTTP Message Signatures has the ability to use different HTTP Signing Algorithms and different HTTP Digest Algorithms.
The
proof
field could be changed to an object to accomodate this kind of use, allowing each proofing method to define its own parameters:Each method can also define "Default" values for missing parameters, allowing this to collapse in the simple case back to a string as it is today:
These string values would have a deterministic expansion defined in the core protocol.