grishka / Smithereen

Federated, ActivityPub-compatible social network server with friends, walls, and groups.
The Unlicense
393 stars 31 forks source link

Accept hs2019 algorithm in signatures #38

Closed vpzomtrrfrt closed 2 years ago

vpzomtrrfrt commented 2 years ago

Some AP implementations are sending signatures with "hs2019" as the algorithm per https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-00.txt

Technically it's supposed to mean deriving the algorithm from other objects, but practically everyone still assumes it means rsa-sha256 (see also https://socialhub.activitypub.rocks/t/state-of-http-signatures/754)

Apparently the newer drafts completely change the format of the signature headers so that might also be relevant eventually

grishka commented 2 years ago

I already support the "same as rsa-sha256" part as of this commit on the dev branch: https://github.com/grishka/Smithereen/commit/b95ae2e3476a7bcb813a6d8322d365966b58f7f7

vpzomtrrfrt commented 2 years ago

ah fair enough, I didn't realize you had a separate branch for development