search

harvard-lil / js-wacz

JavaScript module and CLI tool for working with web archive data using the WACZ format specification.
MIT License
11 stars 4 forks source link

Automatic self-signing as an option (with external timestamping ?) #27

Open matteocargnelutti opened 1 year ago

matteocargnelutti commented 1 year ago

js-wacz currently supports the "Domain-Name Identity + Timestamp Signing" portion of the WACZ Signing spec via the --signing-url and --signing-token options.

In addition to that, it could be interesting to allow for signing WACZ files using self-signed "single-use" certificates that would be generated on the fly by js-wacz directly, like archiveweb.page does for example.

This use case would fit under the "Anonymous Signing" portion of the WACZ Signing spec.

This feature would greatly benefit from the addition of a trusted timestamp, which the spec doesn't currently support: https://github.com/webrecorder/specs/issues/142

matteocargnelutti commented 1 year ago

Update: Looking into extending WACZ spec to support anonymous signing + timestamping