Anti-phishing idea: - Require HTTPS + HSTS + HPKP + CT verification - Require domains > 365 days old - Block everything else
-
-
I have another idea in this vein: Ed25519-signed CSP headers checked into a CT-like universal audit log.
-
These aren't serious ideas, I'm mostly just being silly and throwing usability out the window.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.