H Torsten
I agree that use use of draft-erdtman-jose-cleartext-jws doesn't support
non-repudiation for JSON HTTP requests or responses alone.
There was a reference made earlier in the email chain to ACME which
requires `url` to be added to the JWT payload, and mention was made that
some header par
Thank you for asking Torsten,
If method or URL contains additional information not contained in the
request body then it would have to be duplicated into the request to be
signed. This may also aplie to headers.
I do not necessarily think it would be bad to duplicate this information
into the req
Hi Samuel,
thanks for preparing this draft. I‘ve got one question: how would one use it
for non-reputation? I assume non-reputation would require not only to sign the
request body but also (at least) data about the target of the request,
typically a URL + HTTP method. Would one need to include
