You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Redemption uses the "Sec-Private-State-Token" header to convey a base64-encoded token. This raises a couple of questions:
Why not use the HTTP authentication mechanism defined by Privacy Pass rather than provide a new header? Is the idea that one would want to do HTTP authentication alongside a redemption request, or something?
Why not use the Token format from Privacy Pass, using a new token type to distinguish PST issuance from other existing Privacy Pass issuance protocols? Converging on the format would make it much simpler for origins adopting this technology, as they wouldn't need two significantly different code paths -- one for PST and one for Privacy Pass.
The text was updated successfully, but these errors were encountered:
This is somewhat the same as HTTP usage is ... #229. From the Origin Trial and discussions with potential issuers, tying in redemption/issuance flows to existing requests was much easier than having to have a new sequenced request to trigger the authentication flow. It might be possible to migrate to the request-based flow.
Redemption uses the "Sec-Private-State-Token" header to convey a base64-encoded token. This raises a couple of questions:
The text was updated successfully, but these errors were encountered: