GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

https://p.helene.moe/media/54dc808fbbe67d315562204bc6343e6503c0323774e7724a45c7670c84830353.png

Notices where this attachment appears

  1. Embed this notice
    Hélène (helene@p.helene.moe)'s status on Wednesday, 17-Aug-2022 01:40:20 JST Hélène Hélène
    in reply to

    @trwnh well, to some extent, i’d agree, but i’m not sure that would apply here, considering: https://w3c-ccg.github.io/security-vocab/#publicKey

    and even looking at Mastodon’s ActivityPub::FetchRemoteKeyService (noting the fact that Mastodon code tends to be the most accurate, along with Honk, when it comes to ActivityStreams/ActivityPub/etc) it seems like that only works by accident because that /main-key endpoint returns a Person with the id being the actor’s ID (and that too can be a big problem, the data returned is not the same between the two endpoints!!) and no owner/controller associated with the public key

    HTTP requests are signed with the user’s main-key in GoToSocial, and using the key ID (which seems good to do), but I am fairly certain it should not return a Person but a Key instead if they wish to not use a fragment!

    In conversation Wednesday, 17-Aug-2022 01:40:20 JST from p.helene.moe permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.