fsebugoutzone.org:9999

       Post AulC9Nd2f2AI1wXJeC by fentiger@zotum.net
 (DIR) More posts by fentiger@zotum.net
 (DIR) Post #AukuwuxNjpUgPUWPxI by silverpill@mitra.social
       2025-06-03T14:14:51.481887Z
       
       0 likes, 1 repeats
       
       ActivityPub and HTTP Signatures recommends double-knocking to those who want to produce RFC 9421 signatures.This is ridiculous because it means making ~2x more POST requests to deliver an activity. And eventually there will be another upgrade. Then what, triple-knocking?I think capabilities like RFC-9421 support can advertised via actor properties.It can look like this:{  &quot;id&quot;: &quot;https://social.example/actor&quot;,  &quot;type&quot;: &quot;Person&quot;,  &quot;generator&quot;: {    &quot;type&quot;: &quot;Application&quot;,    &quot;implements&quot;: [      {        &quot;name&quot;: &quot;RFC-9421: HTTP Message Signatures&quot;,        &quot;href&quot;: &quot;https://datatracker.ietf.org/doc/html/rfc9421&quot;      }    ]  }}Here is a FEP draft:https://codeberg.org/silverpill/feps/src/branch/main/844e/fep-844e.md@rfc9421
       
 (DIR) Post #Aul52HWkFTQPOtG7yi by picofarad@noauthority.social
       2025-06-03T16:08:17Z
       
       0 likes, 0 repeats
       
       @silverpill @rfc9421 hi i&#39;m a dummy. So rfc9421 is &quot;newer&quot; than content message signing, which AP already has? Is the double knocking, as copilot tells me, for backwards compatibility for older clients?does RFC9421 sign the content itself? a skim shows headers, methods, and URI. either way, i guess rfc9421 signing means that activitypub can go through protocol specific &quot;routers&quot; and proxies and the like, transparently?i don&#39;t read RFCs for fun, unless they have a DOI (they probably do...)
       
 (DIR) Post #Aul5g1pk14gaJL65g0 by silverpill@mitra.social
       2025-06-03T16:15:07.658549Z
       
       0 likes, 0 repeats
       
       @picofarad @rfc9421 It&#39;s for signing HTTP requests, not content (activities). Until recently, we used a draft of RFC-9421, but now RFC-9421 is final and developers are starting to upgrade (draft and final versions are incompatible).Don&#39;t know about routers/proxies.
       
 (DIR) Post #AulC9Nd2f2AI1wXJeC by fentiger@zotum.net
       2025-06-03T16:37:06Z
       
       0 likes, 0 repeats
       
       @silverpill Do you have to double-knock every time? Can&#39;t you cache the result when a POST succeeds, so you know which signature method to use next time you deliver to that instance?
       
 (DIR) Post #AulC9OniIqINfKXLv6 by silverpill@mitra.social
       2025-06-03T17:27:33.660157Z
       
       0 likes, 0 repeats
       
       @fentiger @rfc9421 I don&#39;t know how it is supposed to work.
       
 (DIR) Post #AulHhRHK65tQxyRBQ0 by silverpill@mitra.social
       2025-06-03T18:29:50.731533Z
       
       0 likes, 0 repeats
       
       @fentiger @rfc9421 Caching results might help, but either way, not all servers validate signatures synchronously, so this method is not reliable.It is much better if you know what to send in advance.