[Openid-specs-fapi] Issue #575: Issue with http sig request/response binding (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Wed Feb 15 14:21:05 UTC 2023
New issue 575: Issue with http sig request/response binding
https://bitbucket.org/openid/fapi/issues/575/issue-with-http-sig-request-response
Joseph Heenan:
As Justin brought up on today’s call, there is an issue with the way we use http sig:
[https://lists.w3.org/Archives/Public/ietf-http-wg/2023JanMar/0063.html](https://lists.w3.org/Archives/Public/ietf-http-wg/2023JanMar/0063.html)
in particular this text from FAPI2 Message Signing:
``1. shall cryptographically link the response to the request by including the request signature in the response signature input by means of the `req` boolean flag defined in 2.4 in [@!I-D.ietf-httpbis-message-signatures] on the signature field of the request that caused the response``
More information about the Openid-specs-fapi
mailing list