- From: Bumblefudge <bumblefudge@learningproof.xyz>
- Date: Wed, 07 Feb 2024 16:40:03 +0000
- To: public-swicg@w3.org
- Message-ID: <4ecdc48f-9c9d-4f96-866a-df0ba5ce806f@learningproof.xyz>
Client-side signing of [Activities](https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md) and other content seems less controversial (and generally helpful to bridging with client-signed networks like BlueSky, Nostr, etc). Client-side signing of [HTTP?] REQUESTs, however, is probably a pretty distinct topic, and I would love links and context about what security issues arise when mixing client-signing and more traditional TLS-centric trust models. The actual scope and substance of the disagreement here is hard to grok without more context, and I'm hoping that context will help me clear the fog around the details of "authenticated fetch" and that whole Threads Spanish-Prisoner AuthN mishap a few months back. Thanks, __bumble On 2/7/2024 8:19 AM, Dmitri Zagidulin wrote: >> The approach you present (Allowing the client application to sign requests) has well known security flaws > > Yeah, I agree with Cristiano, it's only a security flaw if implemented wrongly on the server side. Client-side signing is what we should try and move the whole ecosystem to. > > On Wed, Feb 7, 2024 at 10:11 AM Cristiano Longo <cristianolongo@opendatahacklab.org> wrote: > >> Hi nightpool, may you provide some reference about this security faults? However I consider sharing my private key with a server a security fault as well. >> >> On 07/02/24 15:55, nightpool wrote: >> >>> Hi Christine, >>> >>> The approach you present (Allowing the client application to sign requests) has well known security flaws and allows for any attacker to DOS and prevent posts from being created for any other user on their server due to ID exhaustion. Therefore I do not recommend this scheme be used for any multiuser server (where multiple users share one domain name). >>> >>> (And obviously, for single user servers the client and the server are probably in the same trust boundary) >>> >>> On Wed, Feb 7, 2024, 8:29 AM Cristiano Longo <cristianolongo@opendatahacklab.org> wrote: >>> >>>> On 06/02/24 11:04, Marcus Rohrmoser wrote: >>>> >>>>> Hi Ryan and nightpool, >>>>> >>>>> thanks for taking initiative to improve the specifications mandaratorily used in today's fediverse. The previous word of mouth culture is IMO a big obstacle to interoperability. >>>>> >>>>> On Mon, 5 Feb 2024 11:34:07 -0800 >>>>> Ryan Barrett >>>>> [<public@ryanb.org>](mailto:public@ryanb.org) >>>>> wrote: >>>>> >>>>>> We've started collecting candidate requirements in >>>>>> https://github.com/swicg/activitypub-webfinger/issues >>>>>> . Feel free to >>>>>> comment or add your own proposals! >>>>> >>>>> While I somehow feel the appeal of cryptography, I miss the hard facts about it's benefits here. >>>>> >>>>> We have the tls umbrella, so there should be a certain trust in that the other side is who they pretend to be. Like in "the same private key as last time", right? >>>>> >>>>> Introducing mechanisms (in application layer) where the communicating party (the user) has no hold of the private key, still requires full trust to the holder i.e. the server application and the underlying storage system and their operators. >>>>> >>>>> What do we gain? We still have to trust the application. >>>> >>>> Please writing this report take into consideration that the signature may be produced client-side. I produced a proof of concept of an activity pub server where signature is performed client side: https://www.opendatahacklab.org/lap_src, sources at https://github.com/cristianolongoodhl/LittleActivityPub. >>>> >>>>> Given that, we just could block based on self-declared incoming actor id + ssl validity, save complexity and not have to resort on volatile standard drafts. >>>>> >>>>> What am I missing? >>>>> >>>>> Marcus
Received on Wednesday, 7 February 2024 16:40:25 UTC