Richard Crowley
Richard Crowley
Sam pointed out that by integrating http://point-at-infinity.org/ssss/, Certified could almost prevent anyone ever knowing the root CA's private key.
`WithContext` and `Context` are unnecessarily globally synchronized. I think the solution is essentially an `http.Handler` that allocates an instance of another `http.Handler` (this is the type of the per-request context)...
https://code.google.com/p/go/source/browse?repo=net
http://golang.org/pkg/encoding/csv/ is a reasonable interface that would be easy to wrap around an `http.ResponseWriter`. This would be extremely easy for GET requests but it'd be nice to reuse the `Marshaler`...
Whether a part of the core or not, there should be a handler that can verify client certificates and possibly make authorization decisions on a per-route basis.
@mihasya I'm not sure how plausible this is but it would be nice for CORS to work without assuming a `TrieServeMux`. From IRC: ``` [11:41:46] rcrowley: looking at tigertonic cors...
This would be one thing to rip off from [GoRest](https://code.google.com/p/gorest/).
It's verbose to have to define a timer for every route when they're all the same except for the metric which can be determined from the request itself.
This will give us a more structured `Redactor` than what's currently in `Logger`. Also create an embedable `NilRedactor` to satisfy the interface for types that don't need any redaction.
Holy shit, Zipkin is cool.