4.1. The Signature-Input HTTP Field

4.1. The Signature-Input HTTP Field

The Signature-Input field is a Dictionary Structured Field (defined in Section 3.2 of [STRUCTURED-FIELDS]) containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature. The member's key is the label that uniquely identifies the message signature within the HTTP message. The member's value is the covered components ordered set serialized as an Inner List, including all signature metadata parameters identified by the label:

NOTE: '' line wrapping per RFC 8792

Signature-Input: sig1=("@method" "@target-uri" "@authority"
"content-digest" "cache-control");
created=1618884475;keyid="test-key-rsa-pss"

To facilitate signature validation, the Signature-Input field value MUST contain the same serialized value used in generating the signature base's @signature-params value defined in Section 2.3. Note that in a Structured Field value, list order and parameter order have to be preserved.

The signer MAY include the Signature-Input field as a trailer to facilitate signing a message after its content has been processed by the signer. However, since intermediaries are allowed to drop trailers as per [HTTP], it is RECOMMENDED that the Signature-Input field be included only as a header field to avoid signatures being inadvertently stripped from a message.

Multiple Signature-Input fields MAY be included in a single HTTP message. The signature labels MUST be unique across all field values.