You are reading content from Scuttlebutt
@andrestaltz %S/ADFSekasYV4IA/FtZ8ZY0/JZmzYTS8W3X1xUhsU6s=.sha256
Re: %ZqSf2KPzj

I updated the document now to address the token exposure problem. Turns out we don't need query params, there would be just two cases:

  • https://{alias}.{domain}#{token}
  • https://{alias}.{domain} plus permissions sent via muxrpc

No need to put the permissions in the query params. I also added encryption and signatures to the muxrpc arguments, so that the room cannot pluck some argument and replace it. If it tampers them, then the alias owner will notice it.

Join Scuttlebutt now