|
|
|
|
|
|
by nyx_land
1461 days ago
|
|
|
I was considering trying to implement this in an imageboard engine project, with the idea being that instead of relying on IP addresses as a way to curb abuse without requiring users to make accounts, every user would instead cryptographically sign their posts and that would serve as a form of identity while still practically speaking being more anonymous than having to log IPs. But the reliance on Microsoft and Apple, and there being no documentation I could find about how this would work on Linux or a BSD, made it a no go for me. I wish it were possible to authenticate to web services as easily as just sharing a GPG or SSH public key to a server and signing a challenge to prove your identity, but there would probably be security and usability concerns with doing something like that. |
|
|
and "Rate Limited Tokens" extension https://datatracker.ietf.org/doc/draft-privacypass-rate-limi...
(authors are from Google, Fastly, Apple, Cloudflare)
I thought I saw this on HN before, but apparently not - submitted for discussion now at https://news.ycombinator.com/item?id=31852145