research: analyze about http signed responses

[philips]

A.4. Binary Transparency So-called "Binary Transparency" may eventually allow users to verify that a program they've been delivered is one that's available to the public, and not a specially-built version intended to attack just them. Binary transparency systems don't exist yet, but they're likely to work similarly to the successful Certificate Transparency logs described by [RFC6962].

Certificate Transparency depends on Signed Certificate Timestamps that prove a log contained a particular certificate at a particular time. To build the same thing for Binary Transparency logs containing HTTP resources or full websites, we'll need a way to provide signatures of those resources, which signed exchanges provides.

https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#uc-transparency

[philips]

My guess is that we would want to run a separate log for signed requests. Interested to learn what web servers support this.