Conversation

Notices

1. Embed this notice
   Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 09-Mar-2024 09:19:33 JST Erin 💽✨

   Gleason walked into the SocialHub to drop his latest innovation and I’m sitting here trying to work out whether he just proudly announced that he introduced a security bug into his own software or not

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 09:19:30 JST Evan Prodromou

     in reply to

     @erincandescent highjacking your thread to ask: what do you think about using mutual TLS instead of HTTP Signature? It authenticates the server only, but it saves time and effort.

   • Embed this notice
     Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 09-Mar-2024 09:19:32 JST Erin 💽✨

     in reply to

     Specifically the key ID isn’t signed so if you’re sharing private keys, someone who captures a signed message can just swap key IDs

     Capturing a signed message sounds hard but if you do manage to do it you can probably e.g. read private posts accessible to anyone on your instance

     So its probably not an issue for mostr because that’s a bridge to libertarian hellscape where everything is public all the time but in general I dunno the security calculus is nontrivial

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:02:14 JST Evan Prodromou

     in reply to

     • infinite love ⴳ

     @erincandescent @trwnh I think the trick with terminators is they can add the CN as a custom HTTP header. There are a half-dozen Medium posts on how to do this on Google. I might need to do a POC for this.

   • Embed this notice
     Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 09-Mar-2024 14:02:15 JST Erin 💽✨

     in reply to

     • infinite love ⴳ
     • Evan Prodromou

     @trwnh @evan anyway I like mutual TLS in theory but in practice there’s the problem that most instances are running behind TLS terminators so they don’t necessarily have access to their own TLS keys

   • Embed this notice
     Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 09-Mar-2024 14:02:17 JST Erin 💽✨

     in reply to

     • infinite love ⴳ
     • Evan Prodromou

     @trwnh @evan i believe they also authenticate the user because otherwise how do you know who should have access to a post?

   • Embed this notice
     infinite love ⴳ (trwnh@mastodon.social)'s status on Saturday, 09-Mar-2024 14:02:18 JST infinite love ⴳ

     in reply to

     • Evan Prodromou

     @evan @erincandescent aren't most softwares rn only authenticating the server already anyway? it's a core assumption of the "instance" model

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:06:46 JST Evan Prodromou

     in reply to

     • infinite love ⴳ

     @erincandescent @trwnh the way to win every AP argument is to bring up BCC and BTO

   • Embed this notice
     Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 09-Mar-2024 14:06:47 JST Erin 💽✨

     in reply to

     • infinite love ⴳ
     • Evan Prodromou

     @trwnh @evan (In the fully general case ActivityPub’s bcc/bto fields mean that you can’t assume you know the full audience of a post from the post object)

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:07:44 JST Evan Prodromou

     in reply to

     • infinite love ⴳ

     @trwnh @erincandescent yes.

   • Embed this notice
     bumblefudge (by_caballero@mastodon.social)'s status on Saturday, 09-Mar-2024 14:09:38 JST bumblefudge

     in reply to

     • infinite love ⴳ
     • Evan Prodromou

     @trwnh @evan @erincandescent i know i'm a broken record and everyone thinks it's because i have a dayjob in the "at your own risk" factory but self-managed keys would definitely make feature-parity (and interoperability) with nostr and bluesky a lot easier, which seem more popular goals than "authenticate me with my crypto wallet/Hooli wallet/microsoft authenticator" per se

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:09:38 JST Evan Prodromou

     in reply to

     • infinite love ⴳ
     • bumblefudge

     @by_caballero @trwnh @erincandescent *eyeroll* the reason we're winning is because of our basis in the web, domains, and URLs, not despite it.

   • Embed this notice
     bumblefudge (by_caballero@mastodon.social)'s status on Saturday, 09-Mar-2024 14:09:39 JST bumblefudge

     in reply to

     • infinite love ⴳ
     • Evan Prodromou

     @trwnh @evan @erincandescent do we want to pour even more cement around the instance model? if we at least enable per-user keys (even if only potentially/annoying/complexly) some instances have the option of decentralizing themselves, or at least giving individual users the choice to self-manage at their own risk...

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:11:17 JST Evan Prodromou

     in reply to

     @erincandescent another benefit is that it's not dependent on an idea that Cavage wrote out on a McDonald's napkin in 2015 or whatever

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:19:57 JST Evan Prodromou

     in reply to

     • infinite love ⴳ

     @erincandescent @trwnh regardless, I think we're stuck with draft-cavage for the near term but I think we can get along fine without the HTTP signature layer entirely if we just use the certs we already had to get from letsencrypt

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Saturday, 09-Mar-2024 14:28:36 JST Evan Prodromou

     in reply to

     • infinite love ⴳ

     @erincandescent @trwnh it was the right decision btw