简体繁体中英

HTTP Request/Response signing standards

原文 2023-01-12 13:16:12 1 1 http/ jwt/ http-headers/ digital-signature

I want to sign the payload of HTTP Requests and Responses. The signature should reside in the header. The signing mechanism should not require any change in existing payload structure.

The main use case is non-repudiation.

There are many custom ways of doing it but I am looking for a standard.

If possible there should be support for signature verification without having to manually seed each application with other applications' public keys (the way Public Key Infrastructure it works with SSL certs)

Is there an existing standard that does this?

1 answers

Yes, there is an IETF draft for signing HTTP.

https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/

To the question about PKI, you can do certificate distribution in the signed headers so if you do have a root of trust for the keys you don't need to copy the individual public keys around.

HTTP request/response flow

HTTP Request to IceCast and Response

Intercept http request/response

Http request response debugging

Android HTTP request and response

Http response with out http request

HTTP request and response messages

HTTP request and response parameters

HTTP Response before Request

HTTP Request/Response PHP

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP request/response flow HTTP Request to IceCast and Response Intercept http request/response Http request response debugging Android HTTP request and response Http response with out http request HTTP request and response messages HTTP request and response parameters HTTP Response before Request HTTP Request/Response PHP

Related Tags

HTTP Request/Response signing standards

Question

1 answers

solution1 0 2023-01-14 21:54:47

solution1
0 2023-01-14 21:54:47