HTTP Message Signatures
RFC 9421, “HTTP Message Signatures”, is a Proposed Standard document published in February 2024 by A. Backman, J. Richer, M. Sporny. The canonical text is published by the RFC Editor.
Abstract
This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over components of an HTTP message. This mechanism supports use cases where the full HTTP message may not be known to the signer and where the message may be transformed (e.g., by intermediaries) before reaching the verifier. This document also describes a means for requesting that a signature be applied to a subsequent HTTP message in an ongoing HTTP exchange.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9421 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9422 The LIMITS SMTP Service Extension
- RFC 9423 Constrained RESTful Environments Target Attributes Registry
- RFC 9429 JavaScript Session Establishment Protocol
- RFC 9458 Oblivious HTTP
- RFC 9467 Relaxed Packet Counter Verification for Babel MAC Authentication
- RFC 9490 Report from the IAB Workshop on Management Techniques in Encrypted Networks
- RFC 9499 DNS Terminology
- RFC 9507 Information-Centric Networking Traceroute Protocol Specification