Signed Exchanges mean the publisher signs the content using their private key. A third party can provide delivery like a CDN, but they cannot modify the content, or the signature would no longer match. The useragent (browser) enforces this. This gives the secure control of the content back to the publisher, unlike the trust model of CDNs or the AMP Cache.
Chrome does enforce the matching signature. Browsers without Signed Exchange support will not likely ever get a signed exchange as they do not advertise support for it in the `Accept` request header.
@freeone3000, that's incorrect, in the case of Signed Exchanges. Chrome will verify the document's signature against the publisher's public certificate. This will be `nytimes.com` for example. It is not using Google's certificate for this verification, and Google does not possess the private key required to modify the content and update the signature.
The actual mechanism by which a signed exchange is implemented is prone to man in the middle attacks by removing the Signature field wholesale. You are not requesting info from nytimes.com, you're requesting info from amp.google.com and trusting that the backing data is accurate. There's no need for a certificate to be presented at ALL! Unless it can be determined that such a header should exist, there's no way to verify its absence.
Right, but this means proposing signed exchanges as a solution to AMP's strategies is kind of nonsense, since it's a semantic problem whether a page is acting as a proxy for another, and a technological solution doesn't work here.
Chrome enforces that the signature being served by google is the same signature as the one being served by google. It's a useless verification. If Google were so inclined, they could very well just change the <link> tag too.
I think we are talking about different things here. You, as an AMP engineer are talking about how Chrome implemented this [1], but I'm talking about how Chrome is not a user agent, because it demonstrably acts as Google's agent, not the user's.
[1] Which is unverifiable, we just have to take your word for it.
Oh well please keep checking for us, since all of us do not have access to Google Chrome source code. Thank you for taking on this responsibility, sure hope you don't get hit by a bus.
>A third party can provide delivery like a CDN, but they cannot modify the content, or the signature would no longer match.
To make sure I understand, does this mean that in principle a third party other than Google can deliver the AMP pages? Is google working to facilitate that AMP hosting is open to everyone and calibrating their searches point to any and all alternative AMP hosters?
> Can a third-party other than Google deliver an AMP page?
Yes. Examples: Bing runs their own AMP cache and also delivers AMP pages. LinkedIn and Twitter also link to AMP pages, but they don't currently run a cache. IIRC, Twitter links to the Google AMP cache and LinkedIn links directly to the AMP variant on the publisher origin. They could run an AMP Cache. Cloudflare ran one for some time, but shut theirs down recently.
> Can a third-party other than Google deliver a Signed-Exchange?
Yes. Cloudflare generates them for their customers who opt-in via their "AMP Real URL" product. "Generates" in this context implies delivering them. To date, I'm unaware of any large scale implementation that is delivering Signed Exchanges for third-party origins other than the Google Cache though this may change. The tech stack absolutely supports this.
Interesting. Are there examples I can search for right now? For instance, are there searches I could do for a news article, that will show an AMP for a CNN article that's on a non-google url? Do you have a ballpark estimate of what percentage of total amps are delivered by non Google domains?
Also how would you reconcile your comment with that of madeofpalk who appears to be treating that possibility as a hypothetical idea that hasn't happened, and which would be unpraticable due to needing to trust third parties?
> an AMP for a CNN article that's on a non-google url?
All AMP pages exist at non-Google URLs. They are just cached by the link aggregator (typically a search engine), so the link aggregator can prerender them without deanonymizing the user to the publisher until the user clicks the link.
> Do you have a ballpark estimate of what percentage of total amps are delivered by non Google domains?
All of them (100%) are delivered by non-Google domains to Google, Bing, and other caches.
> Also how would you reconcile your comment with that of madeofpalk who appears to be treating that possibility as a hypothetical idea that hasn't happened, and which would be unpraticable due to needing to trust third parties?
madeofpalk's comment makes perfect sense if you understood what I wrote above. Why should CNN or Bing be told that you have searched for a particular news article on Google before you have clicked it? The page has to be served from the link aggregator the user is browsing to maintain the user's privacy when prerendering results.
You appear to have reinterpreted my questions and translated them into terms that were different than I intended, so I guess I have to take care to go back to the start and restate my original question in a way that uses the appropriate magic words correctly.
I don't intend to ask whether AMPs (hard to resist calling them 'AMP pages') exist somewhere on non Google servers. Obviously third party content that Google is presenting exists somewhere off Google. And obviously it has to be formatted in a way that's compatible with AMP, and it makes sense that that is going to be done off Google domains. I at least knew the gist of that already, and I regard the detour into that explanation to have been a non sequitur. The point is that Google presents AMPs and it serves it's cached version of them from Google servers, on a Google domain. The beginning, middle, and end of the experience of searching for finding and consuming that news never has to involve leaving a Google domain. It's not open in the sense of involving interaction between servers that aren't controlled by Google, until you make that extra click to go from a cached Google version of an AMP to the version that sits on the domain controlled by a third party, at which point going to the third party has been rendered optional and largely unnecessary from the point of view of the user.
This next part is super important: the fact that I'm asking about openness and interoperability, or the lack thereof, in this sense doesn't mean that I'm failing understand the technical advantages with caching and optimization. I regard those as derails that don't wrestle with the issue of openness that's being raised. The point is that the connection between consumers of content who start on Google, and the third party content provider, increasingly depends on Google in a way that shifts nearly the entire experience of consuming content onto Google's infrastructure.
>All of them (100%) are delivered by non-Google domains to Google, Bing, and other caches.
This is the starkest example of a question not being answered but replaced with a different question. I asked 'what percentage of total amps are delivered by non Google domains' and you replied by answering a different question, what percent of non-Google amps were delivered TO Google and other caches, noting that it was 100%. Which of course it is, but that's because that's a tautology.
By contrast, it is helpful to note that there are caches other than Google, like Bing and 'others', which, in contrast to much of the rest of your comment, I feel actually is a pertinent and fair response to the question I'm actually asking. But those aren't content providers, so unless Bing or Google are content creators that were delivering content to themselves, it's tautologically true that 100% of that is going to be delivered to them by third parties, which has absolutely nothing to do with openness. If I'm using magic words correctly, I guess what I want to ask is what percentage of AMP traffic to cached pages is served to users by Bing and others that aren't Google.
An AMP is a page (expand the acronym). I answered your question very precisely, and your response shows that you still don't understand it.
> If I'm using magic words correctly, I guess what I want to ask is what percentage of AMP traffic to cached pages is served to users by Bing and others that aren't Google.
If I search on Bing, the results will be prerendered from Bing's AMP cache. Reread the GP comment, and see if you can understand why that is so.
How is this reconciled with lern_to_spel's reply to my comment, where they claim this is already implemented and there already are such third parties? Are Google searches right now that use AMP exposing users to risks because they are currently requesting assets from potentially untrustworthy third parties?
Signed Exchanges mean the publisher signs the content using their private key. A third party can provide delivery like a CDN, but they cannot modify the content, or the signature would no longer match. The useragent (browser) enforces this. This gives the secure control of the content back to the publisher, unlike the trust model of CDNs or the AMP Cache.