Presumably multiple signature headers would be valid, should the provider want to sign with multiple private keys (during key rollover or such), or if a CDN wants to cross-sign with their own key. Is there potentially a use for multiple public keys on the consumer end? (so for example allowing signed content from one of multiple providers.)
I also have concerns about the distribution of the public keys, we have the general problem of MITM attackers fooling consumers into using the wrong key. I appreciate that this is trying to be a simple solution, but wonder if we're not going to have to go to a full certificate solution eventually anyway, and maybe we should just bite that off now.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/186#issuecomment-332446375