That's an interesting idea... instead of storing the bearer tokens associated with your internally-pointing ocaps (held by external users), salt and hash them. That way if your server is compromised the ocaps that other people hold to you internally can still be valid.


The ocaps *you* hold to *external* servers however... well... those will still be hosed. But it doesn't look like that can be solved without a certificate-style ocap approach, which doesn't work in the case of simple-linkable-ocaps like we need for protocols like ActivityPub.

· · Web · 0 · 1 · 1
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!