⁂

@mro @julian @fedify for server-to-server authentication, I think there are other mechanisms that could be simpler.

My friend @blaine says that if you get to PKI, you've gone too far, and you need to look for other options.

For pump.io, I used two-legged OAuth, which was pretty nice. I kick-started it with a dialback mechanism:

https://datatracker.ietf.org/doc/html/draft-prodromou-dialback-00

I also think mutual TLS would be a good option.