The original report (and initial emails sent) submitted can be viewed here. The scheduled, now-public details by the Mastodon team is available here I wanted to write sections on: The state of the broader ecosystem Even more vulnerable/shortsighted code that I found (in a library) of a different type Strong opinions on the ridiculously hypocritical implementation of HTTP Signatures and associated user keypairs (where users aren't even allowed to export their private key, for risk of the network,...