↳
In-reply-to
»
@prologic what if I copy your uuid, and use it on my feed? What happens then? Also, was the dot after the timestamp intended?
⤋ Read More
I think the only legit way of preventing this kind of “spoofing attack” would be:
Digitally Sign Twts: Each Twt could be digitally signed using a private key associated with the UUID. The signature would be calculated over the concatenation of the UUID, timestamp, and content. The public key could be published along with the feed so anyone can verify the authenticity of the Twt by checking the signature. This approach ensures that only the true owner of the UUID (and the corresponding private key) can produce valid hashes.
Which leads us to more Cryptography. Something which y’all voted against.