Read the actual IETF (Internet Engineering Task Force) Network Working Group Internet-Draft of Signed HTTP Exchanges [tools.ietf.org].
Note: it is a published draft by a Google employee dated 23-January-2019 although it has been in discussion/development for over a year prior.

Note: that currently only Google Chrome on Android supports it. MSFT BlinkEdge is supposed to shortly. That is definitely jumping on the draft wagon quickly... Google wants to push this hard and fast... one might be inclined to ask why?

Mozilla (FireFox) has taken the position that it is 'harmful' in it's current state.

Description
This document specifies how a server can send an HTTP request/ response pair, known as an exchange, with signatures that vouch for that exchange's authenticity. These signatures can be verified against an origin's certificate to establish that the exchange is authoritative for an origin even if it was transferred over a connection that isn't. The signatures can also be used in other ways described in the appendices. These signatures contain countermeasures against downgrade and protocol-confusion attacks.

Mozilla's Position
Mozilla has concerns about the shift in the web security model required for handling web-packaged information. Specifically, the ability for an origin to act on behalf of another without a client ever contacting the authoritative server is worrisome, as is the removal of a guarantee of confidentiality from the web security model (the host serving the web package has access to plain text). We recognise that the use cases satisfied by web packaging are useful, and would be likely to support an approach that enabled such use cases so long as the foregoing concerns could be addressed.

---Maciej Stachowiak (a leader of the Safari/Webkit dev team) on Twitter in January 2018: The Security Considerations describe some bad things that can happen even if the spec is properly implemented. Unsurprisingly, I think those things are bad.

Also read, and follow back the January 2018 discussion [lists.w3.org] on lists.w3.org:

One question we might ask, then, is whether a method which provides confidentiality to one host and data integrity to another is really the same "scheme" as one which provides confidentiality and data integrity to the same provider. In a standard HTTP proxy, the confidentiality and data integrity are both guaranteed by the proxy; in an HTTPS connection, they are both guaranteed by the server. While this draft's approach seems better than a standard HTTP proxy in its ability to guarantee data integrity, the protocol mechanisms don't actually to be the same as either of those two current choices. I'm not sure, given that, whether it actually meets the bar set by RFC 6454.

Fortunately, for the nonce, it doesn't work with shared hosts... Oh, do I see another enterprise site advantge on the horizon?

Currently only DigiCert actually supports necessary AMP CanSignHttpExchanges extension .

Note: Daniel (aka CPU) Let's Encrypt engineer 08-April-2019 on LE community forum:
---I think it’s likely too early in this draft’s development for Let’s Encrypt to prioritize implementation. It looks like it has a ways to go within the IETF before it would be an internet standard.
---this would require development work in Boulder (software that runs LE) to process the "cansignhttpexchanges" CAA property that the draft introduces.

My concerns at the moment, in no particular order:
* it solves a 'problem' created by AMP (and Google's referrer TLS handling); the solution SHOULD be to adapt AMP (and/or Google's TLS referrer handling) rather than current web (security) standards.
* it adds unnecessary complexity to SSL identity validation; we do NOT need another potential MitM access point.
* I detest prefetching/preloading links, especially off site links, which is the xSite point of this. Preloading increases 'speed' by blowing up bandwidth, not a good mobile tradeoff.
* it removes the last AMP UI aka the URL address that while it may be exampledotcom's content it isn't exampledotcom delivering it. Will this 'allow' Google to remove the 'lightning bolt' AMP indicator and merge AMP with 'organic' results? AKA an invisibly walled garden?

Following is a RANT:
I detest AMP and consider it an abomination forced upon many webdevs, particularly via preferential (exclusive) search results carousel treatment and find the latest extension inclusions, email and signed exchanges, indications of desperate attempts to regain/retain ad revenue/streams going, going...

Not infrequently AMP pages are slower rendering than their 'real' page doppelgängers such that only preferential search consideration keep the AMP version viable. Also AMP ads are often lower to lowest value available such that no few sites have reversed AMP participation as failed ROI experiments.
End RANT.

Ah well, the popcorn is ready for another day, another tale, in the continuing saga of Google in As My SERPs Churn the web's most addictive soap opera.

@iamlost thanks for the analysis and info.

It is a huge problem that Google is both so strong on the server side of the web (dominant in search, huge in caching thanks to AMP, and a lot more) and the client side (i.e. Chrome's dominance, together with its derivatives).

The actual Network Working Group Internet-Draft: Web Packaging [wicg.github.io] dated 25-May-2019. Submitted by J. (Jeffrey) Yasskin, Senior Software Engineer at Google.

Abstract

Web Packages provide a way to bundle up groups of web resources to transmit them together. These bundles can be signed to establish their authenticity.

Concerns voiced: Mozilla’s Position on Web Packaging [docs.google.com]

Web packaging proposes a significant change to the web platform in the way that content is delivered and authenticated.

From a technical standpoint, the changes are thorough and well-considered. There are some technical costs around security, operations, and complexity, but the specifications take steps to limit most of these costs.

The most disruptive feature of the proposal, origin substitution, describes a fundamental change to the security architecture of the web.

...

The main concern is web packaging might be employed to alter power dynamics between aggregators and publishers.

...

As a whole, and for origin substitution in particular, until more information is available on the effect on the web ecosystem, Mozilla concludes that it would not be good for the web to deploy web packaging.

The proponents originally claimed that this is primarily to enable offline sharing of online content. That is, people would be able to download web pages (or progressive web apps) and share them offline in a peer-to-peer fashion. Recipients of these packages could then use them without going online, with an expectation that if they did go online, the content would seamlessly transition to a fully connected experience.

...

The second use case is “content distribution”. This is a far more difficult use case to understand, because it involves the complex relationship between entities that serve pages that link out to content (aggregators, like search engines and social networks), and those that publish that content (publishers, like journalism sites). Google’s Accelerated Mobile Pages (AMP), Facebook’s Instant Articles, Baidu’s MIP, and Apple’s News Format are all examples of aggregators that use similar techniques. All of these services aggregate content published by others.

...

Web packaging aims to provide the performance and privacy benefits without shifting the origin of content to that of the aggregator.

...

This improvement in navigation speed is seen as one of the primary benefits of packaging. The publisher sees few other benefits, other than a reduction in bandwidth costs, though the speed benefit might be significant enough to justify their costs. The costs to the publisher are somewhat harder to understand

...

The question remains about whether this fundamental change to the way that content is delivered on the web represents a problematic shift in the power balance between actors. We have to consider whether aggregators could use this technology to impose their will on publishers.

Web packaging certainly has the effect of applying pressure toward consolidation of market share in a few worrying ways. It provides an incentive to support majority client populations at the expense of minorities. It increases the cost for an aggregator to provide optimal outbound links since the state-of-the-art that now requires package-based links and click prediction, and smaller sites may not be able to afford to do that.

Sites are being given significant incentive to deploy the technology. However, this incentive downplays the accompanying costs and increased exposure to new security problems that comes with deployment.

Big changes need strong justification and support. This particular change is bigger than most and presents a number of challenges. The increased exposure to security problems and the unknown effects of this on power dynamics is significant enough that we have to regard this as harmful until more information is available.