@oddevan HTTP signatures are one of the least-specific parts. I'm sure you've seen it, but Mastodon's own security docs are a good starting place.
Replying to: 
@oddevan
@oddevan
@oddevan
@oddevan HTTP signatures are one of the least-specific parts. I'm sure you've seen it, but Mastodon's own security docs are a good starting place.