[zythyx]

I'm not going to pretend I know all about IP routing and networking. I understand enough of it to have a home server all appropriately set up with IPv4.

But what makes this quote a problem? I mean, it seems a bit excessive, but I don't understand why...

[vasachi]

IP is what, four layers of protocols lower than OAUTH?

[conorcleary]

and they might as well earmark oauth3

[anilakar]

OAuth8, you surely meant.

[bnjms]

Just a gut check but it feels ugly to put auth in an L3 proposal.

[justsomehnguy]

Even skipping the hard parts:

to make a request you need to receive a token

to receive a token you need to make a request

This is pure Catch-22.

[red-iron-pine]

hell, before we get and send the token how do we get a list of authorized users and systems over?

and if we're going to use IPv4 / 6 to get set up, why switch to IPv8? we're already talking, and it's working so use certs and tokens over those protocols

[dns_snek]

It's a collection of words that don't actually say anything. What's being protected by these tokens and how? How is trust established? How do you bootstrap L3 authentication when you first need to reach a remote server over the internet?

Like most AI slop it might sound reasonable at first glance but there's no substance behind it. Usually there's some (deeply flawed) substance but here it's just completely absent.

[Alifatisk]

I feel the same, I guess using JWT is the joke here?