-
Notifications
You must be signed in to change notification settings - Fork 173
Remove redundant definitions. See #1311 #1312
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -142,14 +142,6 @@ For brevity, the term "signature" on its own is used in this document to refer t | |||||
|
|
||||||
| In addition to those listed above, this document uses the following terms: | ||||||
|
|
||||||
| Decimal String | ||||||
| : | ||||||
| : An Integer String optionally concatenated with a period "." followed by a second Integer String, representing a positive real number expressed in base 10. The first Integer String represents the integral portion of the number, while the optional second Integer String represents the fractional portion of the number. (( Editor's note: There's got to be a definition for this that we can reference. )) | ||||||
|
|
||||||
| Integer String | ||||||
| : | ||||||
| : A US-ASCII string of one or more digits "0-9", representing a positive integer in base 10. (( Editor's note: There's got to be a definition for this that we can reference. )) | ||||||
|
|
||||||
| Signer | ||||||
| : | ||||||
| : The entity that is generating or has generated an HTTP Message Signature. | ||||||
|
|
@@ -258,15 +250,17 @@ The following table shows example canonicalized values for different content ide | |||||
|
|
||||||
| The signature's Creation Time ({{signature-metadata}}) is identified by the `*created` identifier. | ||||||
|
|
||||||
| Its canonicalized value is an Integer String containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. | ||||||
| Its canonicalized value is the `sf-integer` value of the `created` parameter (see {{params}}) | ||||||
| containing the signature's Creation Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. | ||||||
|
|
||||||
| > The use of seconds since the Epoch to canonicalize a timestamp simplifies processing and avoids timezone management required by specifications such as [RFC3339]. | ||||||
|
|
||||||
| ## Signature Expiration Time | ||||||
|
|
||||||
| The signature's Expiration Time ({{signature-metadata}}) is identified by the `*expires` identifier. | ||||||
|
|
||||||
| Its canonicalized value is a Decimal String containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. | ||||||
| Its canonicalized value is the `sf-decimal` value of the `expires` parameter (see {{params}}) | ||||||
| containing the signature's Expiration Time expressed as the number of seconds since the Epoch, as defined in [Section 4.16](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_16) of {{POSIX.1}}. | ||||||
|
richanna marked this conversation as resolved.
Outdated
|
||||||
|
|
||||||
| ## Target Endpoint | ||||||
|
|
||||||
|
|
@@ -499,11 +493,13 @@ alg | |||||
|
|
||||||
| created | ||||||
| : | ||||||
| : RECOMMENDED. The `created` parameter is a Decimal containing the signature's Creation Time, expressed as the canonicalized value of the `*created` content identifier, as defined in Section 2. If not specified, the signature's Creation Time is undefined. This parameter is useful when signers are not capable of controlling the Date HTTP Header such as when operating in certain web browser environments. | ||||||
| : RECOMMENDED. The `created` parameter is an `sf-integer` containing the signature's Creation Time, | ||||||
| expressed as the canonicalized value of the `*created` content identifier, as defined in Section 2. If not specified, the signature's Creation Time is undefined. This parameter is useful when signers are not capable of controlling the Date HTTP Header such as when operating in certain web browser environments. | ||||||
|
|
||||||
| expires | ||||||
| : | ||||||
| : OPTIONAL. The `expires` parameter is a Decimal containing the signature's Expiration Time, expressed as the canonicalized value of the `*expires` content identifier, as defined in Section 2. If the signature does not have an Expiration Time, this parameter MUST be omitted. If not specified, the signature's Expiration Time is undefined. | ||||||
| : OPTIONAL. The `expires` parameter is a `sf-decimal` containing the signature's Expiration Time, | ||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
I believe this was a decimal initially because I wanted to support millisecond and nanosecond precision... the use case was high frequency trading. In time, it became evident that if people want that sort of resolution, they can create their own X-Header (or the like... High-Precision-Expiration: 234.3342).
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @msporny thanks! we are discussing create/expires here #1280 In this PR I just wanted to get rid of duplicate definitions leaving the semantic discussion to other issues. Specifically, there are other parts defining expires as a decimal. Probably we should - in other PRs - address the definition of those parameters in a one-and-only place. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Thanks for sharing the historic reasons behind this!
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A non-standard If we want to eliminate decimals, let's express both
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm amazed. Is the implication here that signers and verifiers have clocks synchronized with sub-second precision?
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 1- I agree with your consideration this PR is mostly an editorial one which just removes redundant definitions. Once we agree we can delegate definitions There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @martinthomson wrote:
Yes, this is true in high-frequency trading systems (for example)... some of which have highly tuned HTTP stacks and are looking at QUIC + HTTP/3 with interest. The legal implications here are that, in some of those systems, that you're supposed to execute orders as you receive them and sometimes the digital signature time matters (from a contractual basis). Here's what a couple of hundred milliseconds in a high-frequency trading system looked like back in 2013 (when we started on this spec): https://youtu.be/B_k_elbBz8c?t=103 Things move much more quickly now, which is why we might want to drop this use case and get them to create and sign over their own header that has nanosecond (or better) precision. All that to say, we could probably back off on the millisecond precision and go to second-based precision if we wanted to support constrained devices that may not be able to do 64-bit integers? Also, agree with @ioggstream -- all of this is for another PR. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @richanna wrote:
Hmm, I wish things worked like that. :) For example, the high frequency traders won't create a profiling spec, they'll do whatever they want to with this spec as it's base. Notably, they won't sign over That's not necessarily a bad thing, per se... and I admit that this is a corner case... but we should be careful to not prevent this sort of usage of the specification.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Yes. In addition to @msporny's high-frequency trading example, this level of clock synchronization is not uncommon within distributed systems.
Yes, and that results in a non-standard, non-interoperable implementation. That's what I want to avoid by including support for sub-second expiration times in the spec. |
||||||
| expressed as the canonicalized value of the `*expires` content identifier, as defined in Section 2. If the signature does not have an Expiration Time, this parameter MUST be omitted. If not specified, the signature's Expiration Time is undefined. | ||||||
|
|
||||||
| keyId | ||||||
| : | ||||||
|
|
||||||
Uh oh!
There was an error while loading. Please reload this page.