Email or username:

Password:

Forgot your password?
Darius's posts Post Back to profile
Top-level
Malle Yeno 🦝

@darius I'm interested in this idea, could you elaborate on it?

- What stops a malicious actor from spoofing a trust.txt and using that as validation in a similar way to phishing? ("verified by 'nytines' dot com", etc.) Would sites needs a whitelist of valid trust.txt sources?

- On a related topic to the harassment vector point you had: how would you sell trust.txt to orgs that are interested in verification but do not normally want contact exposure for some personnel? (ex. directors and exec)

15 Nov 2022 at 22:36 | Wall-to-wall | Open on tech.lgbt
2 comments
Darius Kazemi

@malle_yeno

(1/2)

- you're right, spoofing is simply always going to be a threat where DNS is involved, but also anyone could spoof the service that I mention in the original post too the same way. "fedifeid" or whatnot. solutions that get around that are huge crypto-based things that are unlikely to play nice with IT infrastructure at say, news orgs

15 Nov 2022 at 22:39 | Open on friend.camp
Darius Kazemi

@malle_yeno

(2/2)

- it's a necessary tradeoff. if an exec wants to say "I am truly CEO of CorpX on LinkedIn" then the point there is to publicly broadcast that that is who they are. This is about linking public profile information to public institutions (at least in the journalism context here)

15 Nov 2022 at 22:40 | Open on friend.camp
Go Up