@evan no, but...
- All public activities should be resolvable
- All activities should be self-authenticating
@evan no, but...
- All public activities should be resolvable
- All activities should be self-authenticating
@raphael what do you mean by "self authenticating"?
@raphael I understand that, but in the model that ActivityPub follows, where you get the canonical representation of an object by fetching its IRI (which is what I thought you referenced with your first point in the grand parent), you don't really need a signature in my humble opinion, unless your threat vector is a malicious originating server, which frankly ActivityPub has no means to mitigate as things are.
identifying != authenticating.
Anyone can generate a document that looks like it came from your server, but if the document has a signature embedded in the document, we can verify its authenticity just by having your public key.
@raphael I think that by default if the server is not around any more the activity is no longer resolvable. As far as I know there's no plans for dropping identifying ActivityPub objects strictly by their IRI. :)
I mean "using something like Linked Data signatures, so that anyone can verify the authenticity of the message even if it server is not around anymore"
@raphael @mariusor I should have been clearer. The signature is useless if you abbreviate the object.
> You can't use abbreviated versions of the object.
Why not? I would expect the signature in a document only to authenticate the document, not as an intrument to validated the objects referenced in the document.
Depends on your definition of "malicious", but there are servers offering "community migration" that works by taking all the objects from one actor and rewriting as their own and changing the to/audience fields. Somehow this rubs me the wrong way.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.