|
|
|
|
|
|
by sarcasmic
2934 days ago
|
|
|
If you're like me and are wondering what Macaroons are, some searching revealed to me that this is the 2014 paper [1] that introduced them to the public. It's a nested, chained HMAC construction that's useful for delegation, and here's a library and some code examples [2] that one can play with to get a feel for what they do and how. No wonder it's not well known: it hasn't been picked up by the blog treadmill where dudes on Medium post half-baked info they just found out about, and isn't being pushed by commercial auth proxies. On that note, posts by Latacora or affiliated persons, there and here, seem to mix well-researched opinions and advice with in-jokes that are lost on all but other experts, assumptions of an inconsistent amount of domain expertise, and quips that muddy some topics more than a bystander would reasonably expect. Why not be more dry and less wry, include links, and morph the FUD around JWT to something real? [1] https://static.googleusercontent.com/media/research.google.c... [2] https://github.com/rescrv/libmacaroons |
|
|
I'm fucking around, but really the answer is: if we didn't have the presumptive informality of a "blog" or some-such, we just wouldn't write; we'd get 20% of the way through a draft and just pick at it, hoping to make it more correct and authoritative, until our will to keep going evaporated. I have a whole folder full of things I started doing that with.
The in-jokes and snark are what trick us into writing in the first place. There's no getting rid of it.
I'm hopeful that people can at least appreciate that we aren't confining this stuff to Twitter threads anymore.