From e438c1a29dd88faf26a36782abc5ced3903ef490 Mon Sep 17 00:00:00 2001 From: Roberto Polli Date: Sun, 25 Oct 2020 02:49:02 +0200 Subject: [PATCH 1/3] Remove redundant definitions. See #1311 --- draft-ietf-httpbis-message-signatures.md | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/draft-ietf-httpbis-message-signatures.md b/draft-ietf-httpbis-message-signatures.md index 226263d275..cb44669aba 100644 --- a/draft-ietf-httpbis-message-signatures.md +++ b/draft-ietf-httpbis-message-signatures.md @@ -142,14 +142,6 @@ For brevity, the term "signature" on its own is used in this document to refer t In addition to those listed above, this document uses the following terms: -Decimal String -: -: An Integer String optionally concatenated with a period "." followed by a second Integer String, representing a positive real number expressed in base 10. The first Integer String represents the integral portion of the number, while the optional second Integer String represents the fractional portion of the number. (( Editor's note: There's got to be a definition for this that we can reference. )) - -Integer String -: -: A US-ASCII string of one or more digits "0-9", representing a positive integer in base 10. (( Editor's note: There's got to be a definition for this that we can reference. )) - Signer : : The entity that is generating or has generated an HTTP Message Signature. @@ -258,7 +250,8 @@ The following table shows example canonicalized values for different content ide The signature's Creation Time ({{signature-metadata}}) is identified by the `*created` identifier. -Its canonicalized value is an Integer String containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. +Its canonicalized value is the `sf-integer` value of the `created` parameter (see {{params}}) +containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. > The use of seconds since the Epoch to canonicalize a timestamp simplifies processing and avoids timezone management required by specifications such as [RFC3339]. @@ -266,7 +259,8 @@ Its canonicalized value is an Integer String containing the signature's Creation The signature's Expiration Time ({{signature-metadata}}) is identified by the `*expires` identifier. -Its canonicalized value is a Decimal String containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. +Its canonicalized value is the `sf-decimal` value of the `expires` parameter (see {{params}}) +containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. ## Target Endpoint @@ -499,11 +493,13 @@ alg created : -: RECOMMENDED. The `created` parameter is a Decimal containing the signature's Creation Time, expressed as the canonicalized value of the `*created` content identifier, as defined in Section 2. If not specified, the signature's Creation Time is undefined. This parameter is useful when signers are not capable of controlling the Date HTTP Header such as when operating in certain web browser environments. +: RECOMMENDED. The `created` parameter is an `sf-integer` containing the signature's Creation Time, + expressed as the canonicalized value of the `*created` content identifier, as defined in Section 2. If not specified, the signature's Creation Time is undefined. This parameter is useful when signers are not capable of controlling the Date HTTP Header such as when operating in certain web browser environments. expires : -: OPTIONAL. The `expires` parameter is a Decimal containing the signature's Expiration Time, expressed as the canonicalized value of the `*expires` content identifier, as defined in Section 2. If the signature does not have an Expiration Time, this parameter MUST be omitted. If not specified, the signature's Expiration Time is undefined. +: OPTIONAL. The `expires` parameter is a `sf-decimal` containing the signature's Expiration Time, + expressed as the canonicalized value of the `*expires` content identifier, as defined in Section 2. If the signature does not have an Expiration Time, this parameter MUST be omitted. If not specified, the signature's Expiration Time is undefined. keyId : From 0f37286a4462c068b36d00e8951e0449eef85963 Mon Sep 17 00:00:00 2001 From: Annabelle Backman Date: Tue, 1 Dec 2020 16:06:15 -0800 Subject: [PATCH 2/3] Removing circular dependency in definitions --- draft-ietf-httpbis-message-signatures.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/draft-ietf-httpbis-message-signatures.md b/draft-ietf-httpbis-message-signatures.md index cb44669aba..9b7a8e1c8b 100644 --- a/draft-ietf-httpbis-message-signatures.md +++ b/draft-ietf-httpbis-message-signatures.md @@ -250,8 +250,7 @@ The following table shows example canonicalized values for different content ide The signature's Creation Time ({{signature-metadata}}) is identified by the `*created` identifier. -Its canonicalized value is the `sf-integer` value of the `created` parameter (see {{params}}) -containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. +Its canonicalized value is an `sf-integer` containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. > The use of seconds since the Epoch to canonicalize a timestamp simplifies processing and avoids timezone management required by specifications such as [RFC3339]. @@ -259,8 +258,7 @@ containing the signature's Creation Time expressed as the number of seconds sinc The signature's Expiration Time ({{signature-metadata}}) is identified by the `*expires` identifier. -Its canonicalized value is the `sf-decimal` value of the `expires` parameter (see {{params}}) -containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. +Its canonicalized value is an `sf-decimal` containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. ## Target Endpoint From 70d889891b440555fc383f5a3008567ce428833b Mon Sep 17 00:00:00 2001 From: Annabelle Backman Date: Tue, 1 Dec 2020 16:26:19 -0800 Subject: [PATCH 3/3] Update draft-ietf-httpbis-message-signatures.md --- draft-ietf-httpbis-message-signatures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-message-signatures.md b/draft-ietf-httpbis-message-signatures.md index b12aa398e2..3e16f203a0 100644 --- a/draft-ietf-httpbis-message-signatures.md +++ b/draft-ietf-httpbis-message-signatures.md @@ -489,10 +489,10 @@ The parameters on each `Signature-Input` member value contain metadata about the alg: : RECOMMENDED. The `alg` parameter is a Token containing the name of the signature's Algorithm, as registered in the HTTP Signature Algorithms Registry defined by this document. Verifiers MUST determine the signature's Algorithm from the `keyid` parameter rather than from `alg`. If `alg` is provided and differs from or is incompatible with the algorithm or key material identified by `keyid` (for example, `alg` has a value of `rsa-sha256` but `keyid` identifies an EdDSA key), then implementations MUST produce an error. -created: +created: : RECOMMENDED. The `created` parameter is an `sf-integer` containing the signature's Creation Time, expressed as the canonicalized value of the `*created` content identifier, as defined in Section 2. If not specified, the signature's Creation Time is undefined. This parameter is useful when signers are not capable of controlling the Date HTTP Header such as when operating in certain web browser environments. -expires: +expires: : OPTIONAL. The `expires` parameter is a `sf-decimal` containing the signature's Expiration Time, expressed as the canonicalized value of the `*expires` content identifier, as defined in Section 2. If the signature does not have an Expiration Time, this parameter MUST be omitted. If not specified, the signature's Expiration Time is undefined. keyid: