Skip to main content

Appendix A. Detecting HTTP Message Signatures

Appendix A. Detecting HTTP Message Signatures

There have been many attempts to create signed HTTP messages in the past, including other non-standardized definitions of the Signature field that is used within this specification. It is recommended that developers wishing to support this specification, other published documents, or other historical drafts do so carefully and deliberately, as incompatibilities between this specification and other documents or various versions of other drafts could lead to unexpected problems.

It is recommended that implementors first detect and validate the Signature-Input field defined in this specification to detect that the mechanism described in this document is in use and not an alternative. If the Signature-Input field is present, all Signature fields can be parsed and interpreted in the context of this specification.

Last updated on