# HTTP signatures ###### tags: `httpsig` `gnap` ## :memo: Inputs [Intro video](https://identiverse.gallery.video/detail/videos/standards/video/6184748408001/beyond-bearer-tokens-with-http-message-signatures?autoStart=true) [Spec HTTP message signature](https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-01.html) [Github](https://github.com/httpwg/http-extensions#signing-http-messages) [Github issues](https://github.com/httpwg/http-extensions/issues?q=is%3Aopen+is%3Aissue+label%3Asignatures) [Interim](https://httpwg.org/wg-materials/interim-20-10/minutes.html) - some criticisms to check, slides missing https://www.rfc-editor.org/rfc/rfc8941.html https://github.com/httpwg/http-extensions/pull/1411 https://github.com/httpwg/http-extensions/pull/1438 https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-03.html https://github.com/bspk/oauth.xyz-java/blob/master/lib/src/main/java/io/bspk/oauth/xyz/crypto/SignatureVerifier.java https://github.com/bspk/oauth.xyz-java/blob/master/rc/src/main/java/io/bspk/oauth/xyz/http/SigningRestTemplateService.java (signer side) ## Next steps - what are the next steps for this spec? There are some open issues (32), not sure what the plan is - how confident are we that it will be finalized? (important) - mostly usable as is already for the purpose of GNAP, but: will people implement it? ## Go ### sfv - https://go-review.googlesource.com/c/go/+/250837 - structured headers https://github.com/golang/go/issues/41046 The main difference is that SFV's maps (Dictionary and Params) are ordered while Go's map isn't https://github.com/hyperium/http/issues/475 through extensions https://github.com/algesten/hreq/blob/b0e6f6c9ac6e806f85b686a21ca7556e247caa51/src/head_ext.rs https://github.com/algesten/hreq/blob/b0e6f6c9ac6e806f85b686a21ca7556e247caa51/src/client/req_ext.rs JWS ring est utilisé par ex dans biscuit https://npmccallum.gitlab.io/post/do-not-use-ring-or-rustls/ mais pas vraiment d'alternative https://github.com/libp2p/rust-libp2p/discussions/1975 https://www.reddit.com/r/rust/comments/lcsg0u/ownership_and_maintenance_struggles_in/ https://github.com/hyperium/headers/ https://docs.rs/headers/0.3.4/headers/#traits https://github.com/SergioBenitez/Rocket/issues/1498 https://github.com/hwchen/tophat/blob/main/NOTES.md https://github.com/http-rs/async-h1/issues/95