- From: Evan Prodromou <evan@prodromou.name>
- Date: Wed, 13 Mar 2024 15:53:45 -0400
- To: "public-swicg@w3.org" <public-swicg@w3.org>
The use of digital signature technologies, like Linked Data Signatures or JSON-LD signatures, in the body of ActivityPub documents, came up in the issue triage today. (This is distinct from HTTP Signatures, the server-to-server authentication mechanism which happens at the HTTP protocol level.) The use of digital signatures is a wide-spread practice that is not well-documented in the ActivityPub or Activity Streams 2.0 specs or elsewhere. The primary use case of digitally-signed bodies is to allow server A to reliably pass along content from server B to server C, without server C needing to validate the data by re-fetching it from server B. It is a protocol optimization that saves origin servers from getting stampeded by remote servers confirming ActivityPub object content. I propose that it would be useful for this community group to create a report documenting the use of digital signatures on the fediverse today, and recommending potential improvements for the future. This would be similar to our current report teams working on Webfinger and HTTP Signature. Chairs, can we add this item to the agenda for our next meeting? Evan
Received on Wednesday, 13 March 2024 19:53:57 UTC