Hacker News new | ask | show | jobs
by danans 2392 days ago
> first, it breaks the URL specification, as the "host" is no longer a host.

By this definition, "host" hasn't been a host in a long time, since the time it was possible to route DNS traffic to multiple IP addresses, possibly in different datacenters.

> it breaks user's expectation of one of the VERY FEW things that everyday users understand about the internet.

How is signing content directly less authentic than signing only at the web server? Signing content directly at the time of publishing ensures that it was created using the private keys of the entity in question, regardless of the delivery mechanism for the content.

> one may manage to upload an html file to the bank's server and serve a -signed- page that google amp will cache,

Signed content exchanges specifically limit that by putting the content signing step at the content creator level, not the web server level. Unless you steal the content creator's private keys, you can't represent your content as theirs.
1 comments
buboard 2392 days ago
> "host" hasn't been a host in a long time,

Does SXG make this better or worse?

> ensures that it was created using the private keys

signing at the server ensures that it was created using the key AND served from a host they control. How is that not better?

> you can't represent your content

wouldn't the server sign all http responses by default? all you would need to do is upload a file

link
danans 2392 days ago
> wouldn't the server sign all http responses by default? all you would need to do is upload a file

No, the content has to be signed when it is created, in the content management system or similar content creation tool, not when the server sends it. The content management system itself must have strong controls on it (ACLs, controlled user accounts, protected private keys stored only on encrypted and access controlled media, regular audits, etc).

Basically the server itself is no longer trusted as the arbiter of content authenticity, the actual content creator is. Concretely, when the editor at a publication approves an article after reviewing it, it is signed for delivery at the moment of publication, not at the moment that the request is served.

link
buboard 2392 days ago
so that means i can sign a page on the editor's computer, take it with me and serve it to amp from my website? that sounds even more dangerous tbh. it delegates security from people who may know a little bit about it (web hosts) to people who likely know nothing about it (writers)

what happens if someone's key is stolen and they need to re-issue it? All the previously published copies are now invalid?

link