@darius Who validates the rel=me status? It seems to...

@darius Who validates the rel=me status?
It seems to be the server hosting the account, which is hardly independent :-) and means I have to validate the server the account is on as well as the account itself - that works well for some places, but not so well for others ...

It might be my own instance server doing the validation when it constructs the Profile page for me to see, which is a little better ...

But I can't see any reason that the browser shouldn't be doing the validation checking instead ... ?

Obviously we still have to agree on what standard we'll trust, and oh so many things seem to be falling back to "well, the DNS says ..." which is really not designed to make these types of statements (DNS rebinding attacks notwithstanding).

Like 21 Nov 2022 at 22:08 | Wall-to-wall | Open on hackers.town