Fwd: HTTP Message Signatures is now RFC 9421

Skip to first unread message

Alan Karp

Feb 14, 2024, 9:58:26 PMFeb 14
to cap-...@googlegroups.com, <friam@googlegroups.com>
The key phrase is, "like Authorization Capabilities (ZCAPs), that make use of this specification."

Alan Karp

---------- Forwarded message ---------
From: Manu Sporny <msp...@digitalbazaar.com>
Date: Wed, Feb 14, 2024 at 3:52 PM
Subject: HTTP Message Signatures is now RFC 9421
To: W3C Credentials CG <public-cr...@w3.org>

The oldest specification incubated by the Credentials CG is now,
FINALLY, after more than 10 years, an IETF RFC!

RFC 9421 is a way to make sure that people can't mess with a message
you want to send to a server, and a way for the server to tell if the
message really came from you. You can use DIDs (or other types of
keys) to digitally sign these messages and there are other
specifications that this group is incubating, like Authorization
Capabilities (ZCAPs), that make use of this specification.


Huge shout out to Justin Richer (Bespoke Engineering) and Annabelle
Backman (Amazon) for making it happen. All credit goes to them for
getting it through the IETF process, which took 4 years; Annabelle for
bringing the spec in line with more modern HTTP features and Justin
who worked tirelessly over the last three years to take it across the
line... and by "taking it across the line", I mean, running almost the
entire length of the field AND THEN taking it across the line. :)

Congrats to all involved... that was a ridiculously long journey.

-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.

Reply all
Reply to author
0 new messages