Re: Implementing Federation, Part I from Emelia Smith on 2023-12-20 (public-swicg@w3.org from December 2023)

From: Emelia Smith <emelia@brandedcode.com>
Date: Wed, 20 Dec 2023 20:57:11 +0100
To: a <a@trwnh.com>
Cc: Jason Culverhouse <jason@mischievous.org>, Marcus Rohrmoser <me.swicg@mro.name>, public-swicg@w3.org
Message-Id: <955DEBCD-FC80-4D42-B118-7944ACDB340D@brandedcode.com>

This page in the documentation for Mastodon talks about what they use: https://docs.joinmastodon.org/spec/security/

There's only two cases where Linked Data Signatures are used.

> On 19 Dec 2023, at 23:30, a <a@trwnh.com> wrote:
> 
> > I think there is an issue with the linked data signatures that are used in Mastodon.
> Probably a huge lift to move this forward?
> > 
> > https://github.com/mastodon/mastodon/blob/main/app/lib/activitypub/linked_data_signature.rb/#L6-L7
> 
> More problematic is the non-existent "RsaSignature2017" which is hardcoded into Mastodon shortly below the line you cited. By the time the v1 came around, it was finalized as "RsaSignature2018" instead.
> 
> > When you create the signature context you need to use  CONTEXT = 'https://w3id.org/identity/v1'
> 
> This is only relevant for LDSigs generated by Mastodon, not for validation.

Received on Wednesday, 20 December 2023 19:57:29 UTC