Good morning Fediverse.
It's another day, where I see people writing about HTTP Signatures. So my regular reminders:
HTTP Signatures are a standard in the purview of the IETF.
HTTP Signatures is a terrible name for the transport protocol used by the Fediverse. I should probably go ahead and write up something and call it "Fedi Transport". The mechanism of HTTP Signatures will probably be 1 out of 4 parts.
HTTP Signatures secure the Headers of a HTTP message. This means claiming that implementing HTTP Signatures requires checking the digest is wrong! You should check the digest, because you implement the Digest algorithm. (One can also sign the trailers, and use this to secure chunked HTTP ... )
The algorithms the Fediverse uses are outdated. The new RFCs will probably be out this or next month. We should get ready to switch.
Helge /
npub1ug…5vaes
2024-02-12 07:30:32
Author Public Key
npub1ug7jnfdqyc70nhy79pwnyf5xzw4t7tftp9rpcnyytsv4jgdlgzrsj5vaesPublished at
2024-02-12 07:30:32Event JSON
{
"id": "63786f83c081b96e0842dd8bc28d7138fba0f47210cd52425805f22e2b5c578d",
"pubkey": "e23d29a5a0263cf9dc9e285d32268613aabf2d2b09461c4c845c195921bf4087",
"created_at": 1707723032,
"kind": 1,
"tags": [
[
"proxy",
"https://mymath.rocks/objects/70a8aef3-ddc8-4403-b496-de3264bab56c",
"activitypub"
]
],
"content": "Good morning Fediverse.\nIt's another day, where I see people writing about HTTP Signatures. So my regular reminders:\n\nHTTP Signatures are a standard in the purview of the IETF.\nHTTP Signatures is a terrible name for the transport protocol used by the Fediverse. I should probably go ahead and write up something and call it \"Fedi Transport\". The mechanism of HTTP Signatures will probably be 1 out of 4 parts.\nHTTP Signatures secure the Headers of a HTTP message. This means claiming that implementing HTTP Signatures requires checking the digest is wrong! You should check the digest, because you implement the Digest algorithm. (One can also sign the trailers, and use this to secure chunked HTTP ... )\nThe algorithms the Fediverse uses are outdated. The new RFCs will probably be out this or next month. We should get ready to switch.\n\n",
"sig": "e2797f25f0b04280cf23e6f67fcccae74f8765a03f74697257cb11634c5d39a8bd568d0effa024379aeb63b598af14e091cccb21de034972a5f2beb153bda235"
}