Embed Notice

The problem with ActivityPub and the various documents around it, is that they try to do EVERYTHING. HTTP Signatures is theoretically extensible to every possible signing algorithm on the planet, even though in practice everyone uses “RSASSA-PKCS1-v15” (I hate that I know that). This means you parse and support it 10 different ways just to do one thing. Meanwhile ActivityPub can have _any URL making it extremely hard to fetch things because you have to fetch a URL to know which URL to fetch.

I suppose the idea is that if we adopt standards that can solve multiple problems, we’ll get overlapping contributions from people who don’t do social media stuff but want HTTP Signatures (etc) for other reasons. But in practice that doesn’t really happen, and we just have overly complex systems for no reason.

Also this does matter, because if big important people don’t implement it because it’s too hard, it will hamper adoption.