I want to add a new requirement to FEP-8b32:
The identifier of the verification method MUST have the same origin as the identifier of the secured document, or have a different origin, but with an established cross-origin trust relationship to the identifier of the secured document.
What do you think? This is probably already true in all existing implementations, but I don’t want to introduce new requirements at this stage without consulting with implementers.
WIP pull request: #527 - WIP: FEP-8b32: Update proposal - fediverse/fep - Forgejo: Beyond coding. We Forge.
Also, there is a new implementation: apsig.