Fair points. So perhaps a solution should instead:
- Create new keys since the security vocabulary doesn’t actually cover this situation
- Be specific to HTTP Signatures so it’s not confused with any other uses of the key
Maybe something like this?
"publicKey": {
/* ...normal fields */,
"httpSignaturesConfig": {
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"minimalHeaders": "(request-target) host digest"
}
}