zlacker

[return to "So this guy is now S3. All of S3"]
1. arianv+53[view] [source] 2023-05-04 19:07:02
>>aendru+(OP)
This is why mastodon , webfinger and ACME uss .well-known uri prefix. .well-known is reserved and you can't e.g. make a bucket named .well-known

It's funny the bluesky devs say they implemented "something like webfinger" but left out the only important part of webfinger that protects against these attacks in the first place. Weird oversight and something something don't come up with your own standards

◧◩
2. benatk+Ej[view] [source] 2023-05-04 20:25:41
>>arianv+53
.well-known seems unintuitive

Also the penalty isn't very high here. Someone impersonated a domain on a burgeoning protocol for a short while. So what?

[go to top]