- From: Cristiano Longo <cristianolongo@opendatahacklab.org>
- Date: Wed, 20 Dec 2023 12:32:42 +0100
- To: public-swicg@w3.org
From an operational point of view I prefer JSON-LD signature for the following reason: HTTP Message Signature must occur server side, this implies that the server must know your private key. In the actual fediverse implementation we have the paradox that the server owns your keypair and the users doesn't knows their own private keys. On 19/12/23 23:30, a wrote: > > I think there is an issue with the linked data signatures that are > used in Mastodon. > Probably a huge lift to move this forward? > > > > > https://github.com/mastodon/mastodon/blob/main/app/lib/activitypub/linked_data_signature.rb/#L6-L7 > > More problematic is the non-existent "RsaSignature2017" which is > hardcoded into Mastodon shortly below the line you cited. By the time > the v1 came around, it was finalized as "RsaSignature2018" instead. > > > When you create the signature context you need to use CONTEXT = > 'https://w3id.org/identity/v1' > > This is only relevant for LDSigs generated by Mastodon, not for > validation.
Received on Wednesday, 20 December 2023 11:32:51 UTC