I realize there's a lot of back and forth on this, and so just to
restate my own position so that it doesn't get lost in the bustle.
The approach standardizes behavior that would ease transmission of
malware to end users without the ability of the server to scan content
by providing a protocol element automated systems could use that does
not already exist today.
While somewhat analogous to an encrypted zip file, we don't specify
behavior in that case, and unknown zip files themselves are well known
to to pose risks such that automated processing is generally
discouraged. Certainly
That to me is *not* a show stopper so long as we acknowledge it in the
Security Considerations and discuss mitigations as we do with other new
vectors. Although I gave as an example a single means to demonstrate
that it is possible to mitigate risks from such a vector, unless there
is a clear approach that requires very little work, I'm not suggesting
that the mitigation or any other be fully specified in this document.
By the way: draft-thomson-http-signature lays a good foundation for any
attestation approach.
Eliot