Yeah request-target surprised me too recently. I tried to federate an activity to Peertube, and it failed because the request-target header wasn’t included in the sig. I’d never heard of that header before, evidently it’s a synthetic thing that a recent HTTP Signatures draft invented?