Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mitra.social/objects/01935e8d-702e-aa4b-61c3-856af252e854">silverpill (silverpill@mitra.social)'s status on Sunday, 24-Nov-2024 23:23:12 JST</a><a href="https://mitra.social/users/silverpill" title="silverpill@mitra.social"><img src="https://gnusocial.jp/avatar/85321-48-20230105202807.webp" width="48" height="48" alt="silverpill" style="position: absolute; left: 0; top: 0;">silverpill</a><div><a href="https://hub.somaton.com/item/deca629e-0da8-4457-b155-b15982097722" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://hub.somaton.com/channel/mario">@mario</a> If conversation participants do not perform authentication procedure described in the FEP, the owner will be able to impersonate other participants (or anyone, if conversation is public) by sending an Add(Create(Note)) activity where Create(Note) is forged.</p><p>The argument can be made that if you participate in a conversation, you necessarily trust the owner (Lemmy et al operate with this assumption), but I'm not convinced that it is true.</p><p>&gt;In this case the message will be rejected allthough its authenticity is verified.</p><p>How other servers can verify messages made by remotely authenticated actor? I'm not familiar with OpenWebAuth</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4057281#notice-7937084">In conversation</a><time datetime="2024-11-24T23:23:12+09:00" title="Sunday, 24-Nov-2024 23:23:12 JST">about 6 months ago</time> <span>from <span><a href="https://mitra.social/objects/01935e8d-702e-aa4b-61c3-856af252e854" rel="external" title="Sent from mitra.social via ActivityPub">mitra.social</a></span></span><a href="https://mitra.social/objects/01935e8d-702e-aa4b-61c3-856af252e854">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
silverpill (silverpill@mitra.social)'s status on Sunday, 24-Nov-2024 23:23:12 JSTsilverpill
in reply to
- Mario Vavti
@mario If conversation participants do not perform authentication procedure described in the FEP, the owner will be able to impersonate other participants (or anyone, if conversation is public) by sending an Add(Create(Note)) activity where Create(Note) is forged.
The argument can be made that if you participate in a conversation, you necessarily trust the owner (Lemmy et al operate with this assumption), but I'm not convinced that it is true.
>In this case the message will be rejected allthough its authenticity is verified.
How other servers can verify messages made by remotely authenticated actor? I'm not familiar with OpenWebAuth
In conversationabout 6 months ago from mitra.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice