2 comments

[ 5.7 ms ] story [ 24.4 ms ] thread
Uh, is that not already possible with TLS? Design bloat?
> These signatures can be verified against an origin's certificate to establish that the exchange is authoritative for an origin even if it was transferred over a connection that isn't.

So not possible with TLS (unless you tunnel TLS inside TLS). I can't think of any killer use cases that would (IMO) justify the complexity, but Appendix A does list use cases.