Conversation

Notices

1. Embed this notice
   Evan Prodromou (evan@cosocial.ca)'s status on Sunday, 24-Dec-2023 05:17:17 JST Evan Prodromou

   Are there any ActivityPub servers that support making API requests with a client SSL cert for authentication?

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Sunday, 24-Dec-2023 05:20:48 JST Evan Prodromou

     in reply to

     I mean, given that every single AP server has to have an SSL cert for serving https URLs, it seems like we could just reuse it for client-side authentication. Or, if you're fancy, use different certs for server and client, with the same domain name.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Sunday, 24-Dec-2023 05:21:31 JST Evan Prodromou

     in reply to

     It's a little hard, but a lot less hard than using HTTP Signature, and it saves a Web hit or two.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Sunday, 24-Dec-2023 05:29:22 JST Evan Prodromou

     in reply to

     • ahoy, fancy pants

     @squinky yes, although I have never heard that term before.

   • Embed this notice
     ahoy, fancy pants (squinky@teh.entar.net)'s status on Sunday, 24-Dec-2023 05:29:23 JST ahoy, fancy pants

     in reply to

     @evan like mTLS? trouble with doing that from what I understand is load balancing. A lot of the more sophisticated load balancers need to terminate TLS, so you’re stuck needing a dumb TCP passthrough.

     We’re dealing with this problem at $EMPLOYER and it sucks miserably.