Mike West

The thread is at https://chromium-review.googlesource.com/c/chromium/src/+/6373001/comments/4d10e46a_22e9de4c. And, for completeness, I'll paste the rest in here: >>> @mikewest: Experimenting with this is totally reasonable. That said, I'm interested in understanding how y'all...

A reasonable question. I'd imagined the page defining the nonce, but it'd certainly be possible for the UA to define one on the page's behalf. That might simplify the story...

> I think the answer here depends on what security goal we're trying to achieve with nonces? Traditionally, nonces are "numbers used once", so having them be statically defined in...

> Got it, that all makes sense. IMO, I don't see too much utility in having the nonce be user-controlled, so I'd lean towards having the browser control the nonce....

1. I agree that we should not require expiration (and the current draft doesn't). 2. We included support for `expires` as a potential defense against rollback attacks. You're correct that...

For algorithms, we dropped the `alg` parameter in #33. Yoav asked: > Does that mean we're forever locked into a single algorithm? Or is there an alternative means of changing...

I agree with you that shifting the `type` (a la #34) is likely to be the simplest way of addressing algorithmic changes. So we're back to naming... :)

We've dealt with this by allowing (and ignoring) arbitrary parameters. Closing out the issue.

> HTTP signatures deal with a single exchange, so you wouldn't be able to bind to a pre-redirect URL (which might be on a different host even). > > In...

a) The `accept-signature` header can only be sent when the client asserts integrity metadata. In that case, it's reasonable to expect it to be sent to each server along the...