2018-11-06 UTC
# 
zzo38 I found HTTP Signatures and that look like OK. If a server requires authentication for messages it receives due to Follow (and doesn't verify by DNS lookup), though, how to indicate this? If a standard HTTP username and password are needed, that seems like easily enough to do: When the server copies the Follow message elsewhere, it can strip the username and password from the URL, using them only to send messages to the server that sent the Follow message.