Content
@
0 reply
0 recast
0 reaction
eric siu π
@randomishwalk
TLSNotary seems cool: https://tlsnotary.org/
2 replies
0 recast
9 reactions
EulerLagrange.eth
@eulerlagrange.eth
If the MPC node and user collude they can generate arbitrary statements from the target server. The main unsolved problem to bring this data on-chain.
1 reply
0 recast
4 reactions
Dean Pierce π¨βπ»ππ
@deanpierce.eth
I wish some of the big SSL terminating companies, Cloudflare, Amazon, Google, etc would run these nodes. At least that would minimize the target server+MPC collusion risk, which would be my main concern. Ideally though, it would just be built into webservers so I could request notorized responses directly.
1 reply
0 recast
2 reactions
EulerLagrange.eth
@eulerlagrange.eth
It would be easier just to change the https standard to add a signature in the response header. There have been various proposals over the years to no progress.
1 reply
0 recast
3 reactions
Dean Pierce π¨βπ»ππ
@deanpierce.eth
Woah, TIL about this effort: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ It looks *not* abandoned .. would be nice to signal support for efforts like this. Web based oracles would be way more meaningful.
1 reply
0 recast
2 reactions
EulerLagrange.eth
@eulerlagrange.eth
This is a proposal by digital bazaar which is a self sovereign identity company (verifiable credentials). Google, Amazon etc are the ones who control these standards boards. Unless they support it wonβt go through.
2 replies
0 recast
2 reactions
eric siu π
@randomishwalk
Hm -- wonder who else is on that list? I guess I could just look it up myself π
1 reply
0 recast
1 reaction
EulerLagrange.eth
@eulerlagrange.eth
My point is this. Ask yourself is it in this big tech companies to have all https responses be portably verifiable? I have lots of arguments for why itβs not. Even if there is a standard for it doesnβt mean all companies would enable that feature. Cryptographic signatures also adds a lot of overhead to https.
1 reply
0 recast
2 reactions
eric siu π
@randomishwalk
I am very out of my depth here but does ongoing HTTP3 (slowly ticking up per this source: https://w3techs.com/technologies/details/ce-http3) change any of this?
2 replies
0 recast
1 reaction
eric siu π
@randomishwalk
*ongoing ~adoption~ of http3
0 reply
0 recast
1 reaction
EulerLagrange.eth
@eulerlagrange.eth
Http3 is mostly about improving performance in lossy network conditions and better handling of changing networks. Http1/2 are all TCP based, and http3 uses a variant of udp. AFAIK, thereβs nothing related to cryptographic signatures.
0 reply
0 recast
2 reactions
