- From: Sven Neuhaus <Sven.Neuhaus@elmos.com>
- Date: Mon, 12 Nov 2018 10:33:49 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- CC: "jyasskin@chromium.org" <jyasskin@chromium.org>
Hello, I read the draft dated November 9th 2018 and there doesn't seem to be a way for a publisher to limit what intermediate parties are allowed to transfer the signed content on their behalf. Why is this necessary? - the publisher may want an agreement with intermediates to receive the access log for the signed http exchanges they are otherwise not aware of - the publisher may only trust certain intermediates with the privacy considerations as listed in section 7 There are probably more reasons why adding a mechanism to only authorize certain intermediates (for example by hostname) is desirable. Regards, -Sven Neuhaus [electronica 2018 - Munich | 11/13/ - 11/16/2018 | Hall B4 | Booth 439]
Received on Monday, 12 November 2018 10:54:03 UTC