Greetings all, A couple of years ago, I did some limited research on signed (but not encrypted) HTTP responses. I discovered that although it had been considered briefly by a few folks in the past, it never went anywhere. This continues to be surprising to me, given the ever increasing need to mirror content for a variety of reasons. Has anyone on the list thought about this? It seems that out community has a particularly strong case for such a thing.
We sign software packages and emails. Why not http results? Ideally this would call for an IETF standard implemented in the major http servers, using certs already installed for https (if that is technically possible... I haven't thought through the crypto). Steve
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
