Support draft-directory-04 with sf-dictionary signature-agent#63
Merged
thibmeu merged 4 commits intoMay 26, 2026
Merged
Conversation
28a3d83 to
5afdf96
Compare
Collaborator
Author
|
@AkshataDM ping |
This was referenced Nov 17, 2025
Closed
AkshatM
approved these changes
Nov 17, 2025
AkshatM
left a comment
Contributor
There was a problem hiding this comment.
I think the implementation works, just left a minor comment for supporting more liberal input to the verifier.
This commits adds support for sf-dioctionary headers in http-message-sig, and paired signature-agent as a dictionary format. This is made to be backward compatible: old test vectors still pass. The implementation of sf-dictionary is primitive, and likely does not pass all tests for [RFC 8941](https://www.rfc-editor.org/rfc/rfc8941.html). This is acceptable for now. We _could_ publish this as an alpha. The new test vectors are added in thibmeu/http-message-signatures-directory#79, and have a corresponding json [web_bot_auth_architecture_v2.json](./packages/web-bot-auth/test/test_data/web_bot_auth_architecture_v2.json). They can be imported by other implementations.
5afdf96 to
4e5285d
Compare
f80d9ab to
2b5d0b9
Compare
Collaborator
Author
|
updated the PR so support is actually closer to RFC 8941. i also reuse directory parsing instead of reimplementing it. some more test about directory normalisation as well this should especially help to validate the latest version of arechitecture draft |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commits adds support for sf-dioctionary headers in http-message-sig, and paired signature-agent as a dictionary format.
This is made to be backward compatible: old test vectors still pass.
The implementation of sf-dictionary is primitive, and likely does not pass all tests for RFC 8941.
This is acceptable for now. We could publish this as an alpha.
The new test vectors are added in
thibmeu/http-message-signatures-directory#79, and have a corresponding json
web_bot_auth_architecture_v2.json. They can be imported by other implementations.