Conversation

Notices

1. Embed this notice
   洪 民憙 (Hong Minhee) (hongminhee@fosstodon.org)'s status on Friday, 28-Jun-2024 15:49:09 JST 洪 民憙 (Hong Minhee)

   • Fedify: an ActivityPub server framework

   #Fedify now has the official #Hollo account! Please follow @fedify!

   https://hollo.social/@fedify/01905d6a-5d70-75bc-881e-d6c155a5051c

   #fedidev

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Friday, 28-Jun-2024 15:49:08 JST silverpill

     in reply to

     • Fedify: an ActivityPub server framework

     @hongminhee @fedify I can't verify FEP-8b32 proofs on activities coming from Hollo.

     Also, Accept(Follow) activity looks weird. It embeds the whole Follow activity, its actor, and its object.

   • Embed this notice
     洪 民憙 (Hong Minhee) (hongminhee@fosstodon.org)'s status on Friday, 28-Jun-2024 16:07:40 JST 洪 民憙 (Hong Minhee)

     in reply to

     • silverpill

     @silverpill Does mitra.social follow the recent update of FEP-8b32?

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Friday, 28-Jun-2024 16:07:40 JST silverpill

     in reply to

     @hongminhee Yes, it should be able to verify proofs with injected @context. But it is not injected. Here' the Announce activity, for example:

     { "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", { "Emoji": "toot:Emoji", "Hashtag": "as:Hashtag", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#" } ], "actor": "https://hollo.social/@fedify", "cc": [ "https://fosstodon.org/users/hongminhee", "https://hollo.social/@fedify/followers", "https://fosstodon.org/users/hongminhee" ], "id": "https://hollo.social/@fedify/01905d94-a20b-7722-94d1-576817dd3b00#activity", "object": "https://fosstodon.org/users/hongminhee/statuses/112692842178962546", "proof": { "created": "2024-06-28T06:58:47.16192715Z", "cryptosuite": "eddsa-jcs-2022", "proofPurpose": "assertionMethod", "proofValue": "z4xV1JV4JFuoPcLBNBTDbkceyPdd3YGWdFU4oawZDX5qSxiKeJgjFMf3uwf71QCfNUmJay66g9556K6NjUUUxZu1g", "type": "DataIntegrityProof", "verificationMethod": "https://hollo.social/@fedify#key-2" }, "published": "2024-06-28T06:42:20.3Z", "to": "as:Public", "type": "Announce" }
   • Embed this notice
     洪 民憙 (Hong Minhee) (hongminhee@fosstodon.org)'s status on Friday, 28-Jun-2024 21:32:32 JST 洪 民憙 (Hong Minhee)

     in reply to

     • silverpill

     @silverpill Fixed it anyway! (Probably.)

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Friday, 28-Jun-2024 21:32:32 JST silverpill

     in reply to

     @hongminhee Signatures pass the verification now, thanks.

     proof.@context can be omitted, but then it also shouldn't be used during "Create Proof" step. The spec doesn't mention this option in "Create Proof" (it says you should always copy @context) because this way of generating proofs is considered deprecated now

   • Embed this notice
     洪 民憙 (Hong Minhee) (hongminhee@fosstodon.org)'s status on Friday, 28-Jun-2024 21:32:33 JST 洪 民憙 (Hong Minhee)

     in reply to

     • silverpill

     @silverpill Hmm… Looks like Fedify is removing the context inside the proof while compacting the whole JSON-LD document (see also: https://bit.ly/4eH70wa). Not sure if it's easy to fix, but I'll take a look!

   • Embed this notice
     洪 民憙 (Hong Minhee) (hongminhee@fosstodon.org)'s status on Friday, 28-Jun-2024 21:32:33 JST 洪 民憙 (Hong Minhee)

     in reply to

     • silverpill

     @silverpill According to the Data Integrity EdDSA Cryptosuites v1.0 specification, when verifying an eddsa-jcs-2022 proof, the document's context is left as is if the proof's context does not exist. Doesn't it mean the proof can omit its context if it's signed with the same context to the document? It might be my misreading though.

     https://w3c.github.io/vc-di-eddsa/#verify-proof-eddsa-jcs-2022