Golang promotes the "Host" header in a server-side request by removing
it from the Header map and putting it into the Host field, which had the
effect of removing the "Host" header and failing validation.
Now, we successfully validate HTTP Signatures that contain a "Host"
header.
Note that the library includes the deprecated 'algorithm' HTTP Signature
parameter for backwards compatibility when creating a signature. However, upon
verification it ignores the 'algorithm' deprecated parameter and instead
relies on the new behavior of the application knowing which algorithm to
use.
blacktemplar