Update the bundle format (#450)

Add: * An invariant fallback URL, like signed exchanges have. * A version number, so we can easily know to fall back to a redirect. * Some infrastructure to identify what kind of error broke the parse, which can feed into both Network Error Logging and #397’s discussion of when to fall back. * The index maps URLs to a Variants value + a list of the responses for each possible Variant-Key, instead of using a set of request headers. * A new signatures section allows authorities to vouch for particular subsets of the bundle. This document doesn't describe how a user agent would decide to trust cross-origin resources based on which authority vouches for them.
WICG · Jul 8, 2019 · 744dffc · 744dffc
1 parent 812b981
commit 744dffc
Show file tree

Hide file tree

Showing 2 changed files with 248 additions and 91 deletions.
diff --git a/draft-yasskin-http-origin-signed-responses.md b/draft-yasskin-http-origin-signed-responses.md
@@ -376,13 +376,14 @@ The resource at a signature's `cert-url` MUST have the
 ~~~cddl
 cert-chain = [
   "📜⛓", ; U+1F4DC U+26D3
-  + {
-    cert: bytes,
-    ? ocsp: bytes,
-    ? sct: bytes,
-    * tstr => any,
-  }
+  + augmented-certificate
 ]
+augmented-certificate = {
+  cert: bytes,
+  ? ocsp: bytes,
+  ? sct: bytes,
+  * tstr => any,
+}
 ~~~
 
 The first map (second item) in the CBOR array is treated as the end-entity