Content pfp
Content
@
0 reply
0 recast
0 reaction

eric siu 🐈 pfp
eric siu 🐈
@randomishwalk
TLSNotary seems cool: https://tlsnotary.org/
2 replies
0 recast
9 reactions

EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
If the MPC node and user collude they can generate arbitrary statements from the target server. The main unsolved problem to bring this data on-chain.
1 reply
0 recast
4 reactions

Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
I wish some of the big SSL terminating companies, Cloudflare, Amazon, Google, etc would run these nodes. At least that would minimize the target server+MPC collusion risk, which would be my main concern. Ideally though, it would just be built into webservers so I could request notorized responses directly.
1 reply
0 recast
2 reactions

EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
It would be easier just to change the https standard to add a signature in the response header. There have been various proposals over the years to no progress.
1 reply
0 recast
3 reactions

Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
Woah, TIL about this effort: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ It looks *not* abandoned .. would be nice to signal support for efforts like this. Web based oracles would be way more meaningful.
1 reply
0 recast
2 reactions

EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
This is a proposal by digital bazaar which is a self sovereign identity company (verifiable credentials). Google, Amazon etc are the ones who control these standards boards. Unless they support it won’t go through.
2 replies
0 recast
2 reactions

eric siu 🐈 pfp
eric siu 🐈
@randomishwalk
Hm -- wonder who else is on that list? I guess I could just look it up myself πŸ˜‚
1 reply
0 recast
1 reaction

EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
My point is this. Ask yourself is it in this big tech companies to have all https responses be portably verifiable? I have lots of arguments for why it’s not. Even if there is a standard for it doesn’t mean all companies would enable that feature. Cryptographic signatures also adds a lot of overhead to https.
1 reply
0 recast
2 reactions