Post AimNmIXWRUWhUlmJgO by mikedev@fediversity.site
(DIR) More posts by mikedev@fediversity.site
(DIR) Post #AimNmIXWRUWhUlmJgO by mikedev@fediversity.site
2024-06-10T00:18:25Z
0 likes, 0 repeats
Just successfully followed a nomadic ActivityPub identity from Mastodon and was able to communicate both directions. That work is in a different branch and not included in the current release, but is also moving along quite nicely.
(DIR) Post #AimNmJeeIToyxA7WQi by silverpill@mitra.social
2024-06-10T08:46:23.064898Z
1 likes, 0 repeats
@mikedev @streams What do you think about adding integrity proofs to collections?https://mitra.social/objects/018fea26-7605-6128-ee72-5291484d8206
(DIR) Post #AinTk8PfupBIONQ49Y by mikedev@fediversity.site
2024-06-10T19:21:40Z
0 likes, 0 repeats
From my point of view, it is an object that is owned by somebody and can be attributed to somebody and should be signed if you wish to verify the attribution. If you don't wish to sign collections I can respect that -- as long as I encounter no attribution issues related to the collection itself. I would however complain loudly if you arbitrarily decided that I am forbidden to sign them.
(DIR) Post #AinTk9juz2y4VRtkLQ by silverpill@mitra.social
2024-06-10T21:27:10.981929Z
0 likes, 0 repeats
@mikedev No, I don't want to forbid signing of collections. I am concerned about clients, because they can't do that easily. A client would need to re-sign outbox collection after every activity, and somehow send it to the server. If some other collection is modified, the process will be even more complicated.Therefore, clients should not be required to sign collections, and servers should not be required to verify their integrity.
(DIR) Post #AinUFNclPXaAXtRMye by silverpill@mitra.social
2024-06-10T21:31:16.461031Z
0 likes, 0 repeats
@mikedev I guess one can understand FEP-ef61 as a collection synchronization protocol.