Replies: 2 comments 2 replies
-
Hello! This functionality certainly seems like something that would be suitable for curl to support. I assume that as soon as there is server support and some clients start to use HTTP message signatures, people will come to realize and think of use cases for when curl should as well. After all, having a clear use case is often a good driver for how to implement features. |
Beta Was this translation helpful? Give feedback.
-
Hi, editor for RFC9421 here! Support for this spec in curl is a great idea, especially as there is precedent with SigV4. On the server side, we're more likely to see support up at the application/framework layer as opposed to, say, apache and nginx. For developers, I also want to point out the resource https://httpsig.org/ for both testing and library support. The spec itself also has a lot of test vectors in it that have been confirmed by multiple independent implementations. |
Beta Was this translation helpful? Give feedback.
-
Hello,
Is there any interest to add support for RFC 9421 - HTTP Message Signatures to curl ? I saw that curl already support AWS Signature v4 (with --aws-sigv4), and I feel this RFC is a generalization / standardisation of such signature (I notice participation of amazon to the RFC, which I take as a sign it could be a successor to SIGv4). Is there any past discussion on this topic?
The RFC seems super wide and flexible, so I think an interesting first step on this would be to define a subset that realistically usable from the CLI curl, and clearly define that subset so server people could implement the subset RFC that's usable from curl (or maybe define "profiles" which define what is signed, or something like this, to avoid having to list all the headers, etc)
(we have our own old home made signature system, which means we currently cannot use curl for our API, but with this one being standardize, I feel this is an opportunity to open this discussion, so people who sign their requests can finally do curl --rfc9421 -u "user:key" https://... :D )
Beta Was this translation helpful? Give feedback.
All reactions