Conversation
Notices
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 03:12:05 JST 
Alex Gleason
Why do Fediverse actors even have different keys? They should all have the same key for the whole server. Since the server controls their full identity anyway. It's dumb. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 03:12:58 JST
Alex Gleason
I'm considering patching the bridge with this. Not sure what it would break federation-wise. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 03:41:29 JST
Alex Gleason
@phnt That's unrelated because the AP ID and nickname would stay the same, just the RSA key would change.
I found that Mastodon has a re-roll function where it updates each actor with a new key and then signs an Update activity for each one using the old key. That should work.
Then there is really no downside to all actors having the same key. Gigglebytes of storage space would be freed across every server -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Saturday, 09-Mar-2024 03:41:34 JST 
Phantasm
@alex Patching in what way? Making the keys same for everyone? Haven't really dug into how they work in Pleroma, but I wouldn't be surprised if different keys for already known users is the main reason for this: https://git.pleroma.social/pleroma/pleroma/-/issues/3227 -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 03:41:44 JST
Alex Gleason
@phnt Not to mention the CPU. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 03:49:59 JST
Alex Gleason
@feld @phnt That's wonderful.
I know Pleroma will do the right thing. I wonder about other implementations. -
Embed this notice
feld (feld@bikeshed.party)'s status on Saturday, 09-Mar-2024 03:50:00 JST 
feld
@phnt @alex I made a change not long ago that fixes it so if someone's key changes (wiped and reinstalled instance, perhaps) Pleroma will be able to fetch the new key and recover
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3989 -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Saturday, 09-Mar-2024 04:16:26 JST 
silverpill
@alex You may want to keep actor keys if you plan to support FEP-ef61.
-
Embed this notice
arcanicanis (arcanicanis@were.social)'s status on Saturday, 09-Mar-2024 05:44:08 JST 
arcanicanis
It's all I routinely bitch about:
https://were.social/notice/AfHlGgRYClScNnQFiy
https://were.social/notice/AfYn3Wcauj4nkflBkO
I assume it was originally under an ambitious idea to allow users to have control over their identity by cryptography, but implemented in such a half-baked way that was conceptually flawed, to the point where users cannot export their keys for risk of the entire server: https://github.com/mastodon/mastodon/discussions/22315#discussioncomment-4423581
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:44:16 JST
Alex Gleason
@arcanicanis I did it: https://gitlab.com/soapbox-pub/mostr/-/merge_requests/103 -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:45:17 JST
Alex Gleason
@silverpill Users on Mostr already have keys. On Rebased it's still worth considering since RSA sucks anyway, FEP-ef61 should have new EC keys generated for all users. -
Embed this notice
arcanicanis (arcanicanis@were.social)'s status on Saturday, 09-Mar-2024 05:47:44 JST
arcanicanis
If you do rotate the keys to have all users be the same public key, make sure you list both the new and old key in the Update (new key first, which gets stored; old key 2nd/last, which gets discarded), as that's very specifically how the key rotation with Mastodon works (as I also noticed per: https://arcanican.is/excerpts/cve-2024-23832/ )
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:51:36 JST
Alex Gleason
@arcanicanis I didn't actually publish any Update activities yet, just hardcoded all users to the new (shared) key. Pleroma refetches the actor when the sig is wrong, so federation is already restored here. If there are long term issues with other software I'll write a script to send Update activities. I think they just need to be signed with the old key. -
Embed this notice
feld (feld@bikeshed.party)'s status on Saturday, 09-Mar-2024 06:08:32 JST
feld
@alex @phnt same. It's not so hard to deal with either. Oh the signature failed? Try fetching the key again and see if it changed. TADA done. Alex Gleason likes this.
-
Embed this notice
All GNU social JP content and data are available under the