Is "signing as an origin" sufficient?

[BigBlueHat]

From #23:

o  Signing as an origin: So that readers can be sure their copy is
   authentic and so that copying the package preserves the URLs of
   the content inside it.

This enables cross-origin/domain distribution (which is what AMP wants this for) -- i.e. Chrome (in the future) will display the URL from the package, not the CDN (aka Google's AMP cache).

Signatures are based upon origin certification. This means that if your origin (i.e. your domain) expires and/or your domain certificate is expired or otherwise no-longer valid there may be implications to the future use of the contents (essentially a bundle of "old" HTTP requests). This concern is being explored in the context of archiving a WebPackage.

[BigBlueHat]

More abstractly:

Longevity of a (Packaged) Web Publication should be a key concern for publishers who want their publications to live beyond domain name rental, certificate renewals, and to survive anything like the paper-based mediums...let alone vellum.

We need to think through the failure/risk scenarios around providing longevity balanced against the failure/risk scenarios of broken or eventually-insecure code which may (or may not) be included.

[iherman]

I wonder what effect this would have on archival. Is the mechanism such that the signatures remain valid even if, say, the corresponding URL is a 404? (Yes, this should not happen in an ideal world, but we do not live in such a world...)

AMP is for short-lived items; I do not believe they really care about their publication being accepted and valid in, say, 20 years.