Changes to introduction of http signing section

https://openid.bitbucket.io/fapi/fapi-2_0-message-signing.html#name-http-message-signing

currently says:

To support non-repudiation for NR5 and NR6, HTTP requests and responses can be signed.

A future version of this profile expects to support HTTP Message Signing using the _HTTP Message Signatures_specification being developed by the IETF HTTP Working Group.

I think the second paragraph should have been removed.

I suggest to change the first sentence to:

To support non-repudiation for NR5 and NR6, HTTP requests, or responses, or both can be signed.

to make it clearer that it is possible to only have one of them signed.

Comments (4)