swicg activitypub-http-signature issues

swicg / activitypub-http-signature

Repository for a SocialCG report on how HTTP Signature is used with ActivityPub

https://swicg.github.io/activitypub-http-signature/

11 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Must you not also verify the key ID in addition to the other verification steps?

#58 SorteKanin opened 2 weeks ago
9
Key pair for every actor vs single instance-wide key pair

#57 SorteKanin opened 3 weeks ago
9
Using `Forwarded` header (RFC 7239) for inbox forwarding with HTTP Signatures?

#56 trwnh opened 3 months ago
4
Who may delete an actor? Or any object?

#55 jernst closed 4 months ago
2
Update index.html to clean up RFC reference

#54 lisad closed 4 months ago
1
revise and generalize language around publicKeyPem format

#53 snarfed closed 4 months ago
0
mention non-public data in authorized fetch section

#52 snarfed closed 4 months ago
0
add key rotation section and how to handle it when verifying a signature

#51 snarfed closed 4 months ago
0
give background for the hour time window suggestion for date comparison

#50 snarfed closed 4 months ago
0
revise language for caching: Date header, often different keys

#49 snarfed closed 4 months ago
0
incorporate misc feedback from issues

#48 snarfed closed 5 months ago
0
Note on caching

#47 evanp closed 4 months ago
4
No authorization check on authorized fetch

#46 evanp closed 4 months ago
5
Explain the reasoning for the gap in verifying the Date value

#45 evanp closed 4 months ago
5
Distinction between GET and POST requests

#44 evanp closed 4 months ago
7
Distinction between federation protocol and client API

#43 evanp closed 4 months ago
2
Note on why you throw away the key if it's fetched directly

#42 evanp closed 4 months ago
2
in obtaining public key section, mention and link to instance actor section

#41 snarfed closed 5 months ago
0
Key rotation?

#40 jernst closed 4 months ago
7
Suggestion: augment algorithm how to obtain the public key section with authorized fetch and instance actor cases

#39 jernst closed 5 months ago
5
add section on handling actor deletes

#38 snarfed closed 5 months ago
0
add non-goals section

#37 snarfed closed 5 months ago
0
misc revisions

#36 snarfed closed 5 months ago
0
first complete draft of report text. needs editing down! and external review.

#35 snarfed closed 5 months ago
0
Describe how to verify a signature

#34 snarfed closed 5 months ago
0
Describe how to generate a signature

#33 snarfed closed 5 months ago
0
What is a "valid time window"? Acceptable difference in Date headers?

#32 edent closed 5 months ago
4
List of HTTP Signature Implementations

#31 AaronNGray closed 5 months ago
1
How should the keyId be verified?

#30 edent closed 4 months ago
7
How to upgrade supported HTTP Sig version(s)

#29 snarfed closed 5 months ago
2
Explain the purpose of the Digest header

#28 edent closed 5 months ago
11
how do HTTP Sigs address the initial motivation?

#27 snarfed closed 5 months ago
1
Outline

#26 snarfed closed 5 months ago
3
Signed deletion requests from deleted users

#25 edent closed 5 months ago
10
Capitalisation questions

#24 edent closed 5 months ago
4
Interactions with HTTP caching

#23 evanp closed 5 months ago
7
Non-goal: handling/resolving fragments in ids

#22 snarfed closed 5 months ago
0
Number of keys

#21 evanp closed 5 months ago
6
Non-goal: client side signatures

#20 snarfed closed 5 months ago
1
Another attempt to compile and standardize HTTP Signature usage in the Fediverse

#19 perillamint closed 5 months ago
14
Original motivations and use cases

#18 snarfed closed 5 months ago
2
Survey of HTTP Sig support in top fediverse servers

#17 snarfed closed 5 months ago
8
Non-goal: analysis of HTTP Sig implementations

#16 snarfed closed 5 months ago
2
Non-goal: security (etc) analysis of HTTP Signatures

#15 snarfed closed 5 months ago
0
Non-goal: authorization

#14 snarfed closed 5 months ago
1
Compare and contrast with other similar networks

#13 snarfed closed 5 months ago
1
Describe authorized fetch and the server actor

#12 evanp closed 5 months ago
3
Deadlock issues

#11 evanp closed 5 months ago
7
Describe potential improvements

#10 evanp closed 5 months ago
3
Describe how to transform a key id into an actor id

#9 evanp closed 5 months ago
6