@raphael @snarfed.org @Julien51 Key ownership can be verified out of band, for example via personal website or by meeting IRL. When this is not possible, we have to Trust On First Use.
Conversation
Notices
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Wednesday, 26-Feb-2025 06:59:32 JST 
silverpill
-
Embed this notice
Raphael Lullis (raphael@mastodon.communick.com)'s status on Wednesday, 26-Feb-2025 06:59:33 JST 
Raphael Lullis
But assume that your server receives a random message. It is properly signed and you can verify the actor. How can you guarantee that the message was sent by the user and not the admin?
-
Embed this notice
Ryan Barrett (snarfed.org@fed.brid.gy)'s status on Wednesday, 26-Feb-2025 06:59:34 JST 
Ryan Barrett
In practice on the fediverse today, as @raphael says, most fediverse servers do custodial keys. Client-managed keys and signing are still possible though! See @silverpill's FEP-ae97 on client signing. LD Signatures are also relevant; they're not ubiquitous like HTTP Sigs, but still somewhat common, eg Mastodon does them. Also see the SWICG HTTP Sigs report.
cc @Julien51
-
Embed this notice
Raphael Lullis (raphael@mastodon.communick.com)'s status on Wednesday, 26-Feb-2025 06:59:35 JST
Raphael Lullis
Do you mean that it hasn't been tempered by the server admin? No. The keys are managed by the server. So a malicious admin could generate messages on behalf of the user.
-
Embed this notice
Julien Genestoux (julien51@mastodon.cloud)'s status on Wednesday, 26-Feb-2025 06:59:36 JST 
Julien Genestoux
In the activitypub world is there any way to know *for sure* (cryptographically) that a specific use posted a toot?
-
Embed this notice
All GNU social JP content and data are available under the