Signatures: hs2019 algorithm gone from spec v3

[bblfish]

I just noticed that the only supported algorithm hs2019 present in message-signatures-02 §5.1.2.1 has gone in message-signatures-03 replaced by the old style of algorithm specification.

Was this discussed somewhere? Is it permanent or an oversight?

[jricher]

Dropping this is an intentional change. The hs2019 algorithm identifier definition (itself a late addition to one of the input I-D's) was an artifact of the alg parameter being required by the spec, so it was a placeholder that said "ignore the algorithm and go find something else". In other words, it was functionally vestigial. This parameter is no longer required, meaning the behavior of hs2019 of determining the algorithm from the key, context, configuration, or environment is now the default behavior. The explicit algorithm identifier of alg is also allowable in circumstances that require it, but it's overridden by the context (ie: they have to match if both specified). Also the parameters are now signed, which wasn't the case before. This discussion happened over the course of a few different issues and pull requests on here. The discussion is expanded in #1455 and will hopefully be more clear in the next draft being published soon.

[jricher]

New draft is published with additional discussion on algorithm selection: https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-04.html