99designs
Update to latest HTTP Working Group spec
The latest version of the spec is quite a bit different:
- https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-08.html
- https://httpsig.org/
I'm trying to use this with a js library (https://github.com/dhensby/node-http-message-signatures/), but can't since the specs don't agree.
I can try to work on a PR if I have time, but wanted to check in and see if this project was still maintained and if you'd be open to supporting the newer spec.
+1 to upgrading to the latest spec, which is now an official IETF RFC:
https://www.rfc-editor.org/rfc/rfc9421.html
It'll be up to @pda if he wants to accept a new PR (and what it should entail), there is quite a bit that's new in the RFC (and it's a good idea to implement the "new stuff").
Thanks for volunteering to attempt an update PR @timkelty. I suggest it should be done as a breaking major change (v5.0.0) with a complete shift over to RFC 9421 (no need to provide backwards-compatability since everything up to the v4.0.0 release supported the older specs)... but again, defer to @pda on the right way to do this.
/cc @jricher
@pda let me know what you think, and if this project is still considered "active" on your end. Hasn't had a commit in quite a few years.
👋🏼 Hi! I moved on from 99designs and PHP about seven years ago, so I'm afraid there won't be any input from myself. Based on the five years since last commit, I suspect there's no internal usage of this anymore within 99designs. Best hope is probably somebody else forking it.
+1 to upgrading to the latest spec, which is now an official IETF RFC: https://www.rfc-editor.org/rfc/rfc9421.html
Wow, I had missed that. Congratulations @msporny, epic work over many years 👌🏼
I think an open standard for signing HTTP is really important, so it's great to see it out there.