Ask HN: Signing HTTP Messages

2 points

8 years ago

I've been working on caching some game assets for lounges in Lebanon where the connection is not that great. Some gaming platforms deliver their data using HTTP, others with HTTPS. Each has its problems.

The two dimensions I am concerned with here are privacy and integrity. HTTPS provides both, but privacy hinders optimal delivery and caching.

I recently found this, but was wondering if there's a place for a totally new scheme, something like httpi (i for integrity). The cross-links between content (in a browser) should be figured out, but I imagine http sites should be able to load data from both. httpv should be able to load data from httpv & https links; https only loads https links.

The PKI infrastructure for https could be used as is for something like httpi

Wouldn't this be better than depending on header fields like in [0]?

[0]: https://tools.ietf.org/html/draft-cavage-http-signatures-10