I am little confused. It is write-only from vendor side seems like vendor will s... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

bluesign on March 6, 2021 | parent | context | favorite | on: Zero Data App

I am little confused.

It is write-only from vendor side seems like vendor will sign something for authenticity. Something like token signature.

So it has to have my "pod ID", otherwise I can replay this data, with another "pod ID".

Ofc netflix or your pod, can rotate this ID, but that also requires netflix etc to constantly sign new IDs.

jefftk on March 6, 2021 [–]

I think you could do something like this with web.dev/trust-tokens (same idea as PrivacyPass), where the server can vouch for you without saying who you are.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact