RE: Origin-signed responses

Hi Jeffrey,

I spotted this yesterday and found it an interesting read, so thanks for starting a discussion.

Your draft references draft-cavage-http-signatures, which we have been using on a project to add some authenticity to HTTP/2 pushed content. I'm still processing your draft but can see how it might complement our approach or help satisfy the higher goal.

Meanwhile, web packaging is beyond the scope of my needs.

Therefore I support the split because it's provides a more compelling document to consider, in my particular use case.

Kind regards
From: Jeffrey Yasskin []
Sent: 01 September 2017 17:35
To: HTTP Working Group
Subject: Origin-signed responses

Hi all,

When I brought web packaging to IETF99 DISPATCH
(, several
people said they wanted to see what it would look like split into
discusses use cases and an outline of what the signing layer needs to
look like, but doesn't include an actual proposal for signatures yet.

What do you think? Is splitting the packaging proposal still the right approach?

I've also started a thread in art@ to talk about the packaging use
cases overall:


This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to

Received on Friday, 1 September 2017 17:04:27 UTC