Closed liamdennehy closed 4 years ago
https://github.com/w3c-dvcg/http-signatures/issues/3 https://github.com/w3c-dvcg/http-signatures/issues/4 https://github.com/w3c-dvcg/http-signatures/issues/6 https://github.com/w3c-dvcg/http-signatures/issues/25 all stem from a similar source: Should this protocol permit negotiation of parameters between client and server prior to transmission, and should we formally specify a way for a recipient to reject a signed message?
If so, this specification would need to describe how these elements are presented, negotiated and agreed adding a lot more complexity to the document.
As captured in https://github.com/w3c-dvcg/http-signatures/pull/87 and as discussed in the comments of some of those issues, this may not serve the core purpose of this project and may be better suited to an extension.
A project principle has been proposed under "Simple & Compatible":
The specification should avoid wherever possible any aspects requiring negotiation or agreement between parties. Out-of-band specification of permissible parameters, keys etc should be relied upon unless critical to security or functionality.
Two months seems a good time to close this, hopefully the related issues can now also be closed as this principle has not been challenged.
https://github.com/w3c-dvcg/http-signatures/issues/3 https://github.com/w3c-dvcg/http-signatures/issues/4 https://github.com/w3c-dvcg/http-signatures/issues/6 https://github.com/w3c-dvcg/http-signatures/issues/25 all stem from a similar source: Should this protocol permit negotiation of parameters between client and server prior to transmission, and should we formally specify a way for a recipient to reject a signed message?
If so, this specification would need to describe how these elements are presented, negotiated and agreed adding a lot more complexity to the document.
As captured in https://github.com/w3c-dvcg/http-signatures/pull/87 and as discussed in the comments of some of those issues, this may not serve the core purpose of this project and may be better suited to an extension.
A project principle has been proposed under "Simple & Compatible":