2019-01-14 UTC
# 
fr33domlover In HTTP Signatures, it's possible to use the Date header to prevent replay, make the sig valid only for a short time frame. Is there a recommended time frame size? Mastodon was using 30 seconds, switched to 12 hours, and other projects seem not to check at all (or at least I couldn't find the check in their source code)