arcanicanis on Nostr: ...Why do we have this ridiculous joke of assigning a keypair to every ActivityPub ...
...Why do we have this ridiculous joke of assigning a keypair to every ActivityPub actor (that the user themself can never have) for HTTP Signatures when all remote resources are fetched under the internal actor's key only (and anonymity of who's querying the resource), and therefore be unable to enforce access control on a non-public resource?
Published at
2024-03-06 01:48:47Event JSON
{
"id": "73474c00ff42179e23c7bc61d47899bf92965a5abd678ecdab9e9051397f9e32",
"pubkey": "0ed7afc8b04a4ef5d52c14fd46c65e452d62ca50a47d6cf5287ed2825a6d26f7",
"created_at": 1709689727,
"kind": 1,
"tags": [
[
"proxy",
"https://were.social/objects/9f4c1354-db78-4dba-907d-aadd17e49313",
"activitypub"
]
],
"content": "...Why do we have this ridiculous joke of assigning a keypair to every ActivityPub actor (that the user themself can never have) for HTTP Signatures when all remote resources are fetched under the internal actor's key only (and anonymity of who's querying the resource), and therefore be unable to enforce access control on a non-public resource?",
"sig": "80a361d06432981f86e1fdce0ad14ad5a88ec9ea7e4fb9230b2bd0b1aa40110126823e81cb08f05baa34a2f7b572be68571ce2a666bb766f0c6360a839ec2905"
}
