- cross-posted to:
- privacy@lemmy.ml
- fediverse@kbin.social
- fediverse@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
- fediverse@kbin.social
- fediverse@lemmy.ml
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
And now we’re dealing with key management instead
You always need key management if you have decentralized authentication.
You always need key management if you have decentralized authentication.