Skip to content

v0.7.0
Compare
Choose a tag to compare
@voltone voltone released this 05 Aug 07:53
· 18 commits to master since this release
v0.7.0
eb55ca4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Reverts RSASSA-PSS parameter changes in v0.6.0. I believe the parameters used in the HTTP signatures compliance test suite are actually incorrect, and the draft itself does not specify any special values.

There is no reason to believe the authors of the spec intended to use a non-default hash function, especially since this would go against best practices mentioned in RFC8017 (referenced from the spec) and would hurt interoperability, as not all libraries allow the user to modify the PSS defaults.

Hopefully any ambiguity will be cleared up as the new draft-ietf-httpbis-message-signatures (see #1) matures.

Assets 2
Loading