Open matteocargnelutti opened 1 year ago
js-wacz currently supports the "Domain-Name Identity + Timestamp Signing" portion of the WACZ Signing spec via the --signing-url and --signing-token options.
--signing-url
--signing-token
In addition to that, it could be interesting to allow for signing WACZ files using self-signed "single-use" certificates that would be generated on the fly by js-wacz directly, like archiveweb.page does for example.
This use case would fit under the "Anonymous Signing" portion of the WACZ Signing spec.
This feature would greatly benefit from the addition of a trusted timestamp, which the spec doesn't currently support: https://github.com/webrecorder/specs/issues/142
Update: Looking into extending WACZ spec to support anonymous signing + timestamping
js-wacz currently supports the "Domain-Name Identity + Timestamp Signing" portion of the WACZ Signing spec via the
--signing-url
and--signing-token
options.In addition to that, it could be interesting to allow for signing WACZ files using self-signed "single-use" certificates that would be generated on the fly by js-wacz directly, like archiveweb.page does for example.
This use case would fit under the "Anonymous Signing" portion of the WACZ Signing spec.
This feature would greatly benefit from the addition of a trusted timestamp, which the spec doesn't currently support: https://github.com/webrecorder/specs/issues/142