0.2.0

This release contains a lot of brand-new features related to HTTP message signatures (RFC9421) for Mutualized Oblivious DNS over HTTPS.

• Support DH Key-exchange based HMAC signature and public key based signature for HTTP message signatures
  • DHKex (X25519 and ECDH-P256) based HMAC-SHA256 signature
  • Public key based signature (EdDSA and ECDSA-P256)
• Wire protocol and wire format for exposed public keys.
• New features called "httpsig transition margin": This allows us to solve problems related to key updates. In particular, even if new public keys are published for DHKex at a sender and the latest keys are not yet fetched by a receiver (i.e., the receiver still have stale public keys of the sender), the receiver can still verify the request dispatched from the sender securely. This is really demanded in the async key exchange situations like our httpsig public key rotation scenario.
• Support online registry hosting a list of HTTP message signatures enabled domains, much like the dnscrypt/dnscrypt-resolvers. Unlike the list fetched by clients, the registry for http message signatures enabled domains is referred to by relays and target resolvers.

What's Changed

• docs: docker documatations by @junkurihara in #12
• feat: implement transitional signing and verifying by @junkurihara in #25
• support httpsig pk registry by @junkurihara in #27
• feat: Add http message signature (RFC9421) based request authentication for allowed sources by @junkurihara in #24

Full Changelog: 0.1.0...0.2.0