|
|
|
|
|
|
by lwf
4468 days ago
|
|
|
If you trust Twitter/Facebook/Github, you can verify assertions about account ownership by retrieving the signed message from those services and verifying they encode the correct data and that the signatures verify. However, this does not protect against a malicious service provider from modifying the message to replace it with a different user. |
|
|