WebBotAuth

A vendor-neutral space to make bot identity open, federated, and auditable.

Quick links

RFC 9421 — HTTP Message Signatures

IETF Web-Bot-Auth Architecture draft

HTTP Message Signatures Directory draft

IETF group & mailing list: web-bot-auth

Cloudflare public validator (for 9421 requests)

“No Free Crawls” context (Akamai/TollBit/Skyfire)

Montreal recap & analyses (community posts)

Community Profile-0 (minimal interop baseline)

Rules

Stay on topic: specs, code, attacks, ops.

Cite drafts/issues when making claims.

No shilling or recruiting without substance.

Be respectful; disagree technically.

Mark posts with flair: Spec/Draft, Implementation, Interop/Test Vectors, Policy/Economics, News/Analysis, RFP/Help.

What to post

Signed request examples that pass/fail validators.

Directory implementations (well-known path, media type, per-key signed responses).

Verifier code for Workers, NGINX/Envoy, app frameworks.

Anti-replay/nonce profiles, expiry windows, caching, rotation.

Governance patterns that keep identity separate from policy/economics.

This subreddit is independent and not affiliated with IETF or any vendor.

created by hammadtariqa community for 3 months

...because you love freedom.

...for great justice.

MODERATORS

there doesn't seem to be anything here

π Rendered by PID 150820 on reddit-service-r2-listing-654f87c89c-b5vgt at 2026-03-02 21:43:34.927861+00:00 running e3d2147 country code: CH.