> for the purposes of this exercise I want to be able to do it for any web server as it is deployed today, rather than requiring support for a new protocol.
We want the server to attest that the content I'm signing is valid, and you can't introduce PGP into a normal HTTPS browsing session without a new protocol.
We want the server to attest that the content I'm signing is valid, and you can't introduce PGP into a normal HTTPS browsing session without a new protocol.