@raphael what do you mean by "self authenticating"?
Uncategorized
8
Posts
3
Posters
2
Views
-
@raphael what do you mean by "self authenticating"?
-
@raphael what do you mean by "self authenticating"?
I mean "using something like Linked Data signatures, so that anyone can verify the authenticity of the message even if it server is not around anymore"
-
I mean "using something like Linked Data signatures, so that anyone can verify the authenticity of the message even if it server is not around anymore"
@raphael I think that by default if the server is not around any more the activity is no longer resolvable. As far as I know there's no plans for dropping identifying ActivityPub objects strictly by their IRI. :)
-
identifying != authenticating.
Anyone can generate a document that looks like it came from your server, but if the document has a signature embedded in the document, we can verify its authenticity just by having your public key.
-
@raphael I understand that, but in the model that ActivityPub follows, where you get the canonical representation of an object by fetching its IRI (which is what I thought you referenced with your first point in the grand parent), you don't really need a signature in my humble opinion, unless your threat vector is a malicious originating server, which frankly ActivityPub has no means to mitigate as things are.
-
@raphael I understand that, but in the model that ActivityPub follows, where you get the canonical representation of an object by fetching its IRI (which is what I thought you referenced with your first point in the grand parent), you don't really need a signature in my humble opinion, unless your threat vector is a malicious originating server, which frankly ActivityPub has no means to mitigate as things are.
-
> You can't use abbreviated versions of the object.
Why not? I would expect the signature in a document only to authenticate the document, not as an intrument to validated the objects referenced in the document.
Depends on your definition of "malicious", but there are servers offering "community migration" that works by taking all the objects from one actor and rewriting as their own and changing the to/audience fields. Somehow this rubs me the wrong way.
-
> You can't use abbreviated versions of the object.
Why not? I would expect the signature in a document only to authenticate the document, not as an intrument to validated the objects referenced in the document.
Depends on your definition of "malicious", but there are servers offering "community migration" that works by taking all the objects from one actor and rewriting as their own and changing the to/audience fields. Somehow this rubs me the wrong way.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
This is what a tweet looks like in my twitter-like blogging system
-
-
How long has it been since you last used a meal kit service?
-
-
@raphael @mariusor I should have been clearer. The signature is useless if you abbreviate the object.
-
@quephird oh cool, apparently the PS5 version has a VR mode.
-
@quephird yup! I played the demo on my steamdeck, and it is very fancy :) idk what plans they may or may not have for porting to other consoles
-
Going back to AMD on my desktop machine because this proprietary nvidia driver shit is just a mess. My screen goes blank every now and then, the system locks up about once a day, it can't use kernel modesetting for the boot console. Just a subpar experience all around. I don't do enough gaming or 3D rendering to justify this.
