Hi, thanks for the compliments!
Couple points raised here that I'm going to try to answer
> 1. the signature based authentication algorithm is susceptible to being replayed.
I care very much about security, would you mind sharing some details so that we could work on fixing any issues?
> 2. there's no real way to negotiate protocols.
There is the Nodeinfo for discovering which protocols an instance supports (such as https://mastodon.social/nodeinfo/2.0) but you're right that it's not actually mandated inside the protocol, mainly because we've been looking for any better ways to do protocol negotation. If you're interested, the reference implementation tries to search for `/.well-known/versia` in order to find out if Versia is supported (otherwise it falls back to ActivityPub), but this is not ideal.
> 3. websockets as a lower overhead transport 😕 ???? What
According to our testing, this actually makes a lot of sense for very high-volume traffic, as keeping a WebSockets connection alive takes basically zero resources.
The goal with that particular idea is to allow for a king of "request batching", so instead of sending each entity in its own individual HTTP request, with the associated overhead, hundreds of entities could be sent at once rather easily, significantly reducing the load on instances (it's pretty crazy how efficient WS is)
If y'all have more questions or suggestions, I'd be happy to listen (even if it'd introduce breaking changes)
Jesse 🇫🇷 :versia: /
npub1zd…xujj7
2024-09-09 07:56:11
in reply to nevent1q…grac
Author Public Key
npub1zd3x53vpdwhm6kt9dwrjr82hryeemrs58j4yujmjxr7n4qj766escxujj7Seen on
wss://relay.momostr.pinkPublished at
2024-09-09 07:56:11Event JSON
{
"id": "872560c3ac4e69242724c8bd7dd6904d1307f2ab90cd9d7ba54f701002ff27de",
"pubkey": "13626a45816bafbd59656b87219d5719339d8e143caa4e4b7230fd3a825ed6b3",
"created_at": 1725868571,
"kind": 1,
"tags": [
[
"p",
"03cc45f7c8229dc1d3ca88af41231e96963d22b1ca28854eceb547a59672a4aa"
],
[
"p",
"13626a45816bafbd59656b87219d5719339d8e143caa4e4b7230fd3a825ed6b3"
],
[
"p",
"801553156848fa533a690ba10ee5064cb57726f30f5534cb380f8e63bb924995"
],
[
"e",
"7164bfe5f4ed5f4baa39dd6df8383673e3fd1d13998d55e37e3d13303c1b0cc0",
"",
"root",
"5400e622e1685195531c21da5ee76154066f868f22ff764633ed850516e3745c"
],
[
"e",
"3be88a81ff07b0071f17c2a978d9bcc70ff9909376f829ee8acbc9fb83ccbc09",
"",
"reply",
"5400e622e1685195531c21da5ee76154066f868f22ff764633ed850516e3745c"
],
[
"p",
"5400e622e1685195531c21da5ee76154066f868f22ff764633ed850516e3745c"
],
[
"p",
"ba5d9f72488de5113974616523a1ea0991af580969a133169425bfacb1eaaaee"
],
[
"p",
"ed1067deed144286f56c867e74434ee7781f4bb98f53c21d3ad08600919c21ef"
],
[
"proxy",
"https://mk.cpluspatch.com/notes/9xy9wdvfvkyr01ge",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mk.cpluspatch.com/notes/9xy9wdvfvkyr01ge",
"pink.momostr"
],
[
"-"
]
],
"content": "Hi, thanks for the compliments!\n\nCouple points raised here that I'm going to try to answer\n\n\u003e 1. the signature based authentication algorithm is susceptible to being replayed.\n\nI care very much about security, would you mind sharing some details so that we could work on fixing any issues?\n\n\u003e 2. there's no real way to negotiate protocols.\n\nThere is the Nodeinfo for discovering which protocols an instance supports (such as https://mastodon.social/nodeinfo/2.0) but you're right that it's not actually mandated inside the protocol, mainly because we've been looking for any better ways to do protocol negotation. If you're interested, the reference implementation tries to search for `/.well-known/versia` in order to find out if Versia is supported (otherwise it falls back to ActivityPub), but this is not ideal.\n\n\u003e 3. websockets as a lower overhead transport 😕 ???? What\n\nAccording to our testing, this actually makes a lot of sense for very high-volume traffic, as keeping a WebSockets connection alive takes basically zero resources.\n\nThe goal with that particular idea is to allow for a king of \"request batching\", so instead of sending each entity in its own individual HTTP request, with the associated overhead, hundreds of entities could be sent at once rather easily, significantly reducing the load on instances (it's pretty crazy how efficient WS is)\n\nIf y'all have more questions or suggestions, I'd be happy to listen (even if it'd introduce breaking changes)",
"sig": "c48669e64fb7791544c415bb0ffe3cf0fde174c3905af4b04270f13df486cfefbe21a08582b0e93421ec222c2973db36cfb40920b8be94392564f2577c3dc4c4"
}