2019-02-28 UTC
#
fr33domlover while pretending to be him. And if this token *isn't* secret, then we need some *other* way to trust joe@doe.com, such as servers having per-server secret tokens, or using permanent non-rotating signing keys. This too, sorry if my wording is confusing, I'll write in more detail soon I hope