issues
search
swicg
/
activitypub-http-signature
Repository for a SocialCG report on how HTTP Signature is used with ActivityPub
https://swicg.github.io/activitypub-http-signature/
11
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Must you not also verify the key ID in addition to the other verification steps?
#58
SorteKanin
opened
2 weeks ago
9
Key pair for every actor vs single instance-wide key pair
#57
SorteKanin
opened
3 weeks ago
9
Using `Forwarded` header (RFC 7239) for inbox forwarding with HTTP Signatures?
#56
trwnh
opened
3 months ago
4
Who may delete an actor? Or any object?
#55
jernst
closed
4 months ago
2
Update index.html to clean up RFC reference
#54
lisad
closed
4 months ago
1
revise and generalize language around publicKeyPem format
#53
snarfed
closed
4 months ago
0
mention non-public data in authorized fetch section
#52
snarfed
closed
4 months ago
0
add key rotation section and how to handle it when verifying a signature
#51
snarfed
closed
4 months ago
0
give background for the hour time window suggestion for date comparison
#50
snarfed
closed
4 months ago
0
revise language for caching: Date header, often different keys
#49
snarfed
closed
4 months ago
0
incorporate misc feedback from issues
#48
snarfed
closed
5 months ago
0
Note on caching
#47
evanp
closed
4 months ago
4
No authorization check on authorized fetch
#46
evanp
closed
4 months ago
5
Explain the reasoning for the gap in verifying the Date value
#45
evanp
closed
4 months ago
5
Distinction between GET and POST requests
#44
evanp
closed
4 months ago
7
Distinction between federation protocol and client API
#43
evanp
closed
4 months ago
2
Note on why you throw away the key if it's fetched directly
#42
evanp
closed
4 months ago
2
in obtaining public key section, mention and link to instance actor section
#41
snarfed
closed
5 months ago
0
Key rotation?
#40
jernst
closed
4 months ago
7
Suggestion: augment algorithm how to obtain the public key section with authorized fetch and instance actor cases
#39
jernst
closed
5 months ago
5
add section on handling actor deletes
#38
snarfed
closed
5 months ago
0
add non-goals section
#37
snarfed
closed
5 months ago
0
misc revisions
#36
snarfed
closed
5 months ago
0
first complete draft of report text. needs editing down! and external review.
#35
snarfed
closed
5 months ago
0
Describe how to verify a signature
#34
snarfed
closed
5 months ago
0
Describe how to generate a signature
#33
snarfed
closed
5 months ago
0
What is a "valid time window"? Acceptable difference in Date headers?
#32
edent
closed
5 months ago
4
List of HTTP Signature Implementations
#31
AaronNGray
closed
5 months ago
1
How should the keyId be verified?
#30
edent
closed
4 months ago
7
How to upgrade supported HTTP Sig version(s)
#29
snarfed
closed
5 months ago
2
Explain the purpose of the Digest header
#28
edent
closed
5 months ago
11
how do HTTP Sigs address the initial motivation?
#27
snarfed
closed
5 months ago
1
Outline
#26
snarfed
closed
5 months ago
3
Signed deletion requests from deleted users
#25
edent
closed
5 months ago
10
Capitalisation questions
#24
edent
closed
5 months ago
4
Interactions with HTTP caching
#23
evanp
closed
5 months ago
7
Non-goal: handling/resolving fragments in ids
#22
snarfed
closed
5 months ago
0
Number of keys
#21
evanp
closed
5 months ago
6
Non-goal: client side signatures
#20
snarfed
closed
5 months ago
1
Another attempt to compile and standardize HTTP Signature usage in the Fediverse
#19
perillamint
closed
5 months ago
14
Original motivations and use cases
#18
snarfed
closed
5 months ago
2
Survey of HTTP Sig support in top fediverse servers
#17
snarfed
closed
5 months ago
8
Non-goal: analysis of HTTP Sig implementations
#16
snarfed
closed
5 months ago
2
Non-goal: security (etc) analysis of HTTP Signatures
#15
snarfed
closed
5 months ago
0
Non-goal: authorization
#14
snarfed
closed
5 months ago
1
Compare and contrast with other similar networks
#13
snarfed
closed
5 months ago
1
Describe authorized fetch and the server actor
#12
evanp
closed
5 months ago
3
Deadlock issues
#11
evanp
closed
5 months ago
7
Describe potential improvements
#10
evanp
closed
5 months ago
3
Describe how to transform a key id into an actor id
#9
evanp
closed
5 months ago
6
Next