GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Matthias Pfefferle (pfefferle@mastodon.social)'s status on Wednesday, 14-May-2025 05:08:40 JST Matthias Pfefferle Matthias Pfefferle

    can someone recommend a http-signature library/implementation in #php ?

    #activitypub #wordpress #followerpower

    In conversation about 4 days ago from mastodon.social permalink
    • Embed this notice
      Matthias Pfefferle (pfefferle@mastodon.social)'s status on Wednesday, 14-May-2025 16:35:34 JST Matthias Pfefferle Matthias Pfefferle
      in reply to
      • André Menrath

      @linos there is no issue yet but Mastodon is implementing the latetest spec and might abandon the current version over time: https://oisaur.com/@renchap/114455531480422517

      In conversation about 3 days ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        Renaud Chaput (@renchap@oisaur.com)
        from Renaud Chaput
        We are implementing the final version of RFC9421 (HTTP Signatures) in Mastodon, and would like to test this with other ActivityPub implementations. Do you know of any AP implementations supporting both incoming (verification) and outgoing (signing) RFC9421 signatures, and if possible with support for the double-knocking mechanism as described in https://swicg.github.io/activitypub-http-signature/ (section 3.5)? #activitypub
    • Embed this notice
      André Menrath (linos@graz.social)'s status on Wednesday, 14-May-2025 16:35:35 JST André Menrath André Menrath
      in reply to

      @pfefferle What are the current issues?

      In conversation about 3 days ago permalink
    • Embed this notice
      Terence Eden (edent@mastodon.social)'s status on Wednesday, 14-May-2025 23:45:44 JST Terence Eden Terence Eden
      in reply to

      @pfefferle I recommend *not* writing your own. I tried and fucked up!
      https://shkspr.mobi/blog/2024/03/i-made-a-mistake-in-verifying-http-message-signatures/

      In conversation about 3 days ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: shkspr.mobi
        I made a mistake in verifying HTTP Message Signatures
        from @edent
        It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard. There are lots of complex parts and getting any aspect wrong means certain death. In a previous post, I wrote A simple(ish) guide to verifying HTTP Message Signatures in PHP. It turns out that it was too simple. And far too trusting. An HTTP Message Signature is a…

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.