7.2.7. Collision of Application-Specific Signature Tag

7.2.7. Collision of Application-Specific Signature Tag

Multiple applications and protocols could apply HTTP signatures on the same message simultaneously. In fact, this is a desired feature in many circumstances; see Section 4.3. A naive verifier could become confused while processing multiple signatures, either accepting or rejecting a message based on an unrelated or irrelevant signature. In order to help an application select which signatures apply to its own processing, the application can declare a specific value for the tag signature parameter as defined in Section 2.3. For example, a signature targeting an application gateway could require tag="app-gateway" as part of the signature parameters for that application.

The use of the tag parameter does not prevent an attacker from also using the same value as a target application, since the parameter's value is public and otherwise unrestricted. As a consequence, a verifier should only use a value of the tag parameter to limit which signatures to check. Each signature still needs to be examined by the verifier to ensure that sufficient coverage is provided, as discussed in Section 7.2.1.