This is with an implementation of HTTP Signatures in fedi. Just as I was looking into someone asking help on implementing HTTP Signatures, I notice the library they pull in doesn’t even validate the digest, just if the signature is valid and nothing else.
This is also why I hate the mentality of “well, surely other people out there are more responsible and educated than me on this domain-specific knowledge, so I’ll just import this random library that seems popular enough”.
arcanicanis /
npub1pm…wd4ts
2024-02-11 03:50:38
in reply to nevent1q…9w4q
Author Public Key
npub1pmt6lj9sff80t4fvzn75d3j7g5kk9jjs537keafg0mfgykndymms5wd4tsPublished at
2024-02-11 03:50:38Event JSON
{
"id": "79730f9e6b542b50c0f035bdd4566335b13c858fcc4ef649f04f2b6fa4050d38",
"pubkey": "0ed7afc8b04a4ef5d52c14fd46c65e452d62ca50a47d6cf5287ed2825a6d26f7",
"created_at": 1707623438,
"kind": 1,
"tags": [
[
"p",
"b808d50107cd2557ceab1235027bdbc35049c64cef8c2f3ba1d9ef3d45c603c2",
"wss://relay.mostr.pub"
],
[
"e",
"9251fbb0024f6b641d8bb572f9b2c3fa3d7dab5271b96bf4f36b32b6b4c0a9ca",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://were.social/objects/943e48e6-5a5b-40c9-b48b-b5003170a46b",
"activitypub"
]
],
"content": "This is with an implementation of HTTP Signatures in fedi. Just as I was looking into someone asking help on implementing HTTP Signatures, I notice the library they pull in doesn’t even validate the digest, just if the signature is valid and nothing else.\n\nThis is also why I hate the mentality of “well, surely other people out there are more responsible and educated than me on this domain-specific knowledge, so I’ll just import this random library that seems popular enough”.",
"sig": "a3003190367427f6792526867ceed532fa734ea7f84ef7e6296179b7cb8db153e6f7af9a704701522389637ba3c2be27933150685a86f6e27b78a9d9df000d04"
}