menu di navigazione del network

Using the `Digest` HTTP header in signatures

Many API specs use the Digest HTTP header, together with a signature, to provide an integrity proof of the exchanged items.

As many implementations on the internet didn’t implement Digest correctly,
and the relevant RFC 3230 is quite old and out-of-sync with the latest
HTTP specifications released in 2014 we decided to step in and - together with
a Cloudflare employee - refresh the old RFC 3230 and prepare a new Internet-Draft 1.

Promote specifications into the IETF is an important interoperability step:

  • Italian agencies can just rely on standard RFC and not only on national documents;
  • Technical choices get a indepth review from world-class engineers which daily work on HTTP.

This approach will help even cross-border interoperability in the European Union, because HTTP specifications are used abroad.

The Internet-Draft has been “Called for Adoption” by the HTTP WorkGroup
and has been now adopted by the Workgroup that:

  • renamed it to draft-ietf-;
  • assign it to new editors;
  • continue the work so that the future spec will be consistent with the
    rest of the HTTP specifications.

The repository is here, contributes are welcome!

The latest draft is here.