Publish (hashes of) historic Onionoo details documents
Nusenu writes on tor-dev@: "I might want to prove to third parties that I'm indeed processing/providing authentic historic onionoo documents from onionoo.tpo. What do you think of signing them?"
Let's consider signing responses. What would we gain, and how would we do it?
Pros:
- We already provide Onionoo via https. I guess including a signature in the response would enable people to archive that signature and verify it later, which is not possible with https. That's what Nusenu has in mind, I think.
Cons:
- Signing responses causes some computation overhead, and it makes responses larger.
- Where in the JSON document would we add the signature? Are there standards for this, and are there tools supporting them that can be found in Debian stable? This is a con, because it's probably non-trivial to do.
Similar to #15845 (moved), I'm leading towards no, but maybe I'm overlooking something.