- From: Michael Vogel <heluecht@pirati.ca>
- Date: Mon, 4 Jan 2016 18:40:05 +0100
- To: public-socialweb-comments@w3.org, Jason Robinson <mail@jasonrobinson.me>
Hi! Am 20.12.2015 um 16:53 schrieb Jason Robinson: > I think any good standard for a federated web protocol should contain at > least a SHOULD to signature verification. Ideally, to provide > reliability to content ownership, received content (server to server) > SHOULD be 1) signature verified and 2) presence verified (for content > type messages). Both checks are important for different reasons. > > At least when looking at diaspora*, redmatriz/hubzilla and AFAICT GNU > Social and Friendica, signature verification is *THE* way to verify > content. Diaspora is working in the following way: * If a comment is send to us directly from the sender then we verify the author signature against it * If a comment was relayed by a relay then we verify the content against the relay This is a check that is essential. Optionally the relayed content could be signed with the original author's key. If we do this then the key has to be obtained via webfinger or hcard or something similar. (Diaspora is currently storing the key in the webfinger and will move it to the hcard) This check should be optional since there could be situations where the original sender isn't available at the moment when the relayed comment arrives. (implementers should cache these keys to avoid such a problem) I personally think that the first method is sufficient. There is a possibility of a misuse. But since we trusted the relay system we should trust that they don't do something bad with the relayed content. If we had these two signatures then the implementers could decide what to do. Michael
Received on Monday, 4 January 2016 17:41:09 UTC