
HTTP Signatures - amingilani
https://tools.ietf.org/html/draft-cavage-http-signatures-05
======
XtalJ
HTTPS is often overkill because it encrypts everything, which isn't always
necessary for websites/pages with non-personal data. Then it is sufficient
enough to just sign it.

Maybe the key could be distributed through DNS, like DKIM.

------
amingilani
This is certainly one API authentication scheme that doesn't get much
coverage.

Over JWTs: this allows individual token revocation, data integrity checks and
is resistant to replay attacks. I wish more APIs used this.

------
brudgers
The draft expired in April.

