timestamp="23/11/2022 19:02:53.762" func=federation.(*federator).AuthenticateFederatedRequest level=TRACE msg="proceeding with dereference for uncached public key https://mastodon.sdf.org/users/XXXXXXXXX#main-key"
Browsing to https://mastodon.sdf.org/users/XXXXXXXXX#main-key does in fact return a '410 Gone' response. From further investigation, this particular transaction was @XXXXXXXXX@mastodon.social (who I am not following) replying to a toot from a user I am following at mastodon.sdf.org.
It looks to me that GotoSocial is experiencing some form of domain confusion in this cross-instance reply case.
The following (slightly sanitized) example is a disproportionate amount of traffic on my instance:
Browsing to https://mastodon.sdf.org/users/XXXXXXXXX#main-key does in fact return a '410 Gone' response. From further investigation, this particular transaction was @XXXXXXXXX@mastodon.social (who I am not following) replying to a toot from a user I am following at mastodon.sdf.org.
It looks to me that GotoSocial is experiencing some form of domain confusion in this cross-instance reply case.