- From: Marcus Rohrmoser <me.swicg@mro.name>
- Date: Tue, 8 Oct 2024 21:55:19 +0200
- To: public-swicg@w3.org
Hi perillamint. On Wed, 9 Oct 2024 02:43:08 +0900 perillamint <perillamint@silicon.moe> wrote: > M sends an Activity to server B's inbox with an object that claims it originated from server A's actor a So you mean http signature is the simplest way to validate the pretending sending actor's domain not being a lie. And TLS being organisational overhead so that it's more feasible to do this in the application layer and take control. This may be it. However it feels odd to solve the same problem in multiple layers over again and TLS sounds (to me) like promising origin domain authenticity. I don't understand the relevance of CDNs here - that may be my blind spot as a single user server creator. Marcus P.S.: attacker M, what a coincidence, lol.
Received on Tuesday, 8 October 2024 19:55:26 UTC