search

ietf-wg-gnap / gnap-core-protocol

141 stars 26 forks source link

Key Proofing Parameters #417

Closed jricher closed 2 years ago

jricher commented 2 years ago

Some key proofing methods have additional options that could be signaled in the GNAP protocol structure. Notable, HTTP Message Signatures has the ability to use different HTTP Signing Algorithms and different HTTP Digest Algorithms.

The proof field could be changed to an object to accomodate this kind of use, allowing each proofing method to define its own parameters:

{
  "proof": {
    "method": "httpsig",
    "alg": "rsa-pss-sha512",
    "digest-alg": "sha-512"
   }
}

Each method can also define "Default" values for missing parameters, allowing this to collapse in the simple case back to a string as it is today:

{
  "proof": "httpsig"
}

These string values would have a deterministic expansion defined in the core protocol.

yaronf commented 2 years ago

Note that the httpsig document itself wavers between Digest and Content-Digest and does not require either of them.

Though maybe this is OK if the current document makes Content-Digest mandatory for the appropriate cases.

jricher commented 2 years ago

There are some updates pending in the Digest draft -- once that's out, we'll reference using Content-Digest as that's the most appropriate for our use case, and examples will be updated.