Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/trwnh/statuses/113284221000410799">infinite love ⴳ (trwnh@mastodon.social)'s status on Friday, 11-Oct-2024 02:44:33 JST</a><a href="https://mastodon.social/@trwnh" title="trwnh@mastodon.social"><img src="https://gnusocial.jp/avatar/3863-48-20231028031507.webp" width="48" height="48" alt="infinite love ⴳ" style="position: absolute; left: 0; top: 0;">infinite love ⴳ</a><div><ul><li><li><a href="https://gnusocial.jp/user/85321" title="silverpill@mitra.social">silverpill</a></li><li><a href="https://gnusocial.jp/user/242079" title="erincandescent@akko.erincandescent.net">Erin 💽✨</a></li></ul></div></section><article><p><a href="https://community.nodebb.org/user/julian">@julian</a> <a href="https://mitra.social/users/silverpill">@silverpill</a> <a href="https://akko.erincandescent.net/users/erincandescent">@erincandescent</a> <a href="https://hachyderm.io/@thisismissem">@thisismissem</a> Security-wise all bets are off if you want to establish anything other than “the signature claims to be from this key, and the key claims to be owned by this actor, and the actor links back to the same key, so we can assume the actor’s controller is the signing party”</p><p>note that i said “actor’s controller” and not just “actor”. this is an important distinction. just like web keys are custodial, web actors are custodial too</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3806586#notice-7446749">In conversation</a><time datetime="2024-10-11T02:44:33+09:00" title="Friday, 11-Oct-2024 02:44:33 JST">about a month ago</time> <span>from <span><a href="https://mastodon.social/@trwnh/113284221000410799" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@trwnh/113284221000410799">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
infinite love ⴳ (trwnh@mastodon.social)'s status on Friday, 11-Oct-2024 02:44:33 JSTinfinite love ⴳ
@julian @silverpill @erincandescent @thisismissem Security-wise all bets are off if you want to establish anything other than “the signature claims to be from this key, and the key claims to be owned by this actor, and the actor links back to the same key, so we can assume the actor’s controller is the signing party”
note that i said “actor’s controller” and not just “actor”. this is an important distinction. just like web keys are custodial, web actors are custodial too
In conversationabout a month ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice