#Fedify now has the official #Hollo account! Please follow @fedify!
https://hollo.social/@fedify/01905d6a-5d70-75bc-881e-d6c155a5051c
#Fedify now has the official #Hollo account! Please follow @fedify!
https://hollo.social/@fedify/01905d6a-5d70-75bc-881e-d6c155a5051c
@hongminhee @fedify I can't verify FEP-8b32 proofs on activities coming from Hollo.
Also, Accept(Follow) activity looks weird. It embeds the whole Follow activity, its actor, and its object.
@silverpill Does mitra.social follow the recent update of FEP-8b32?
@hongminhee Yes, it should be able to verify proofs with injected @context. But it is not injected. Here' the Announce activity, for example:
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", { "Emoji": "toot:Emoji", "Hashtag": "as:Hashtag", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#" } ], "actor": "https://hollo.social/@fedify", "cc": [ "https://fosstodon.org/users/hongminhee", "https://hollo.social/@fedify/followers", "https://fosstodon.org/users/hongminhee" ], "id": "https://hollo.social/@fedify/01905d94-a20b-7722-94d1-576817dd3b00#activity", "object": "https://fosstodon.org/users/hongminhee/statuses/112692842178962546", "proof": { "created": "2024-06-28T06:58:47.16192715Z", "cryptosuite": "eddsa-jcs-2022", "proofPurpose": "assertionMethod", "proofValue": "z4xV1JV4JFuoPcLBNBTDbkceyPdd3YGWdFU4oawZDX5qSxiKeJgjFMf3uwf71QCfNUmJay66g9556K6NjUUUxZu1g", "type": "DataIntegrityProof", "verificationMethod": "https://hollo.social/@fedify#key-2" }, "published": "2024-06-28T06:42:20.3Z", "to": "as:Public", "type": "Announce" }@silverpill Fixed it anyway! (Probably.)
@hongminhee Signatures pass the verification now, thanks.
proof.@context can be omitted, but then it also shouldn't be used during "Create Proof" step. The spec doesn't mention this option in "Create Proof" (it says you should always copy @context) because this way of generating proofs is considered deprecated now
@silverpill Hmm… Looks like Fedify is removing the context inside the proof while compacting the whole JSON-LD document (see also: https://bit.ly/4eH70wa). Not sure if it's easy to fix, but I'll take a look!
@silverpill According to the Data Integrity EdDSA Cryptosuites v1.0 specification, when verifying an eddsa-jcs-2022 proof, the document's context is left as is if the proof's context does not exist. Doesn't it mean the proof can omit its context if it's signed with the same context to the document? It might be my misreading though.
https://w3c.github.io/vc-di-eddsa/#verify-proof-eddsa-jcs-2022
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.