@indiewebcamp San Francisco had a really good first day. Got a chance to talk about design, #Vouch https://indieweb.org/Vouch and more processes around helping people connect to one another with safety in mind.
> Another approach would be to allow cross-signing - an entity with good reputation can temporarily countersign mail to give it a reputational boost and trigger cross-propagation of reputations. That entity could employ whatever techniques they liked to verify the senders legitimacy.
An interesting experiment of generating Vouch URLs based on Hashcash proof-of-work. I'm posting this note so that http://hash-for-vouch.herokuapp.com can be used as a Vouch URL when sending webmentions to my site.
@BarnabyWalters I was actually thinking about doing exactly that, treating twitter.com/aaronpk as aaronpk.twitter.com and running the approval algorithm as normal. That said, it's not the highest priority because the main goal of vouch is to stop automated spam and that happens relatively less frequently on silos like twitter
• Step 1: create an approval algorithm • Step 2: when accepting webmentions, check against the approval algorithm ** if the source passes your initial approval algorithm, accept the webmention as normal ** if the source does not pass, return HTTP 449 to indicate the sender should re-try sending with a vouch parameter • Step 3: when a webmention comes in with a vouch, check webmention as normal, then verify the vouch: ** check if I approve the vouching domain (it passed my approval algorithm) ** fetch the vouch URL, verify that it actually does link to the source's domain without rel=nofollow ** if vouch verification fails, return HTTP 400