2019-02-28 UTC
# 
fr33domlover cjslep[m], Nope they really are helpful :) I guess if I use public tokens, (1) avoid the need to protect them, if token leaks then no harm (2) if the issuer remembers to which user@host it gave the token and uses HTTP signatures to verify activities, this is secure, except for that weird domain-reuse scenario I described. So maybe instead of using secret tokens, I can use public ones in ForgeFed, and