httpsig issues

hs2019 with PSS support

1

Try implementing hs2019 support (using PSS). I've been reading through both these drafts: * https://tools.ietf.org/html/draft-cavage-http-signatures-12 * https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-00 But still find it a bit confusing on how the digital signature algorithm...

fulder

Support for hs2019 algorithm

4

All of the algorithms are deprecated with exception of `hs2019` due to an attack vector specifying the algorithm.

azdagron

ECDSA-SHA256 Support

Would there be any interest in adding something like https://github.com/bjangelo/httpsig/commit/63235c7f1c0cd35a64dc1066c47c99daa924c2e3?

derekargueta

Test conformance against official test suite

There is a conformance suite for v11 at https://github.com/w3c-dvcg/http-signatures-test-suite. We should make sure we're conformant.

azdagron

Add ecdsa-sha256 support

1

bjangelo

Signature verification : Digest should be calculated upfront using the body

At the time of verification, we use the value of digest header(if required) for verifying signature. This opens a gate to the attackers. Suppose someone was able to tamper with...

Milkhaa

Escape error response

This should prevent the possibility of an XSS attack.

cj-syed-ali

httpsig
httpsig copied to clipboard

Metadata

hs2019 with PSS support

Support for hs2019 algorithm

ECDSA-SHA256 Support

Test conformance against official test suite

Add ecdsa-sha256 support

Signature verification : Digest should be calculated upfront using the body

Escape error response

← Metadata

Owner

Metadata

httpsig httpsig copied to clipboard

Metadata

hs2019 with PSS support

Support for hs2019 algorithm

ECDSA-SHA256 Support

Test conformance against official test suite

Add ecdsa-sha256 support

Signature verification : Digest should be calculated upfront using the body

Escape error response

← Metadata

Owner

Metadata

httpsig
httpsig copied to clipboard