- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Clear sign every post using a third-party application. Make your public keys known far and wide. Authenticity solved.
And now we’re dealing with key management instead
You always need key management if you have decentralized authentication.
You always need key management if you have decentralized authentication.