swicg activitypub-http-signature issues

swicg / activitypub-http-signature

Repository for a SocialCG report on how HTTP Signature is used with ActivityPub

https://swicg.github.io/activitypub-http-signature/

11 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

2.3 algorithm should always check id==keyId, and should absolutize `publicKey.id` before this check

#59 trwnh opened 1 month ago
3
Must you not also verify the key ID in addition to the other verification steps?

#58 SorteKanin opened 3 months ago
9
Key pair for every actor vs single instance-wide key pair

#57 SorteKanin opened 3 months ago
9
Using `Forwarded` header (RFC 7239) for inbox forwarding with HTTP Signatures?

#56 trwnh opened 6 months ago
4
Who may delete an actor? Or any object?

#55 jernst closed 6 months ago
2
Update index.html to clean up RFC reference

#54 lisad closed 7 months ago
1
revise and generalize language around publicKeyPem format

#53 snarfed closed 7 months ago
0
mention non-public data in authorized fetch section

#52 snarfed closed 7 months ago
0
add key rotation section and how to handle it when verifying a signature

#51 snarfed closed 7 months ago
0
give background for the hour time window suggestion for date comparison

#50 snarfed closed 7 months ago
0
revise language for caching: Date header, often different keys

#49 snarfed closed 7 months ago
0
incorporate misc feedback from issues

#48 snarfed closed 7 months ago
0
Note on caching

#47 evanp closed 7 months ago
4
No authorization check on authorized fetch

#46 evanp closed 7 months ago
5
Explain the reasoning for the gap in verifying the Date value

#45 evanp closed 7 months ago
5
Distinction between GET and POST requests

#44 evanp closed 7 months ago
7
Distinction between federation protocol and client API

#43 evanp closed 7 months ago
2
Note on why you throw away the key if it's fetched directly

#42 evanp closed 7 months ago
2
in obtaining public key section, mention and link to instance actor section

#41 snarfed closed 7 months ago
0
Key rotation?

#40 jernst closed 7 months ago
7
Suggestion: augment algorithm how to obtain the public key section with authorized fetch and instance actor cases

#39 jernst closed 7 months ago
5
add section on handling actor deletes

#38 snarfed closed 7 months ago
0
add non-goals section

#37 snarfed closed 7 months ago
0
misc revisions

#36 snarfed closed 7 months ago
0
first complete draft of report text. needs editing down! and external review.

#35 snarfed closed 7 months ago
0
Describe how to verify a signature

#34 snarfed closed 7 months ago
0
Describe how to generate a signature

#33 snarfed closed 7 months ago
0
What is a "valid time window"? Acceptable difference in Date headers?

#32 edent closed 7 months ago
4
List of HTTP Signature Implementations

#31 AaronNGray closed 7 months ago
1
How should the keyId be verified?

#30 edent closed 7 months ago
7
How to upgrade supported HTTP Sig version(s)

#29 snarfed closed 7 months ago
2
Explain the purpose of the Digest header

#28 edent closed 7 months ago
11
how do HTTP Sigs address the initial motivation?

#27 snarfed closed 7 months ago
1
Outline

#26 snarfed closed 7 months ago
3
Signed deletion requests from deleted users

#25 edent closed 7 months ago
10
Capitalisation questions

#24 edent closed 7 months ago
4
Interactions with HTTP caching

#23 evanp closed 7 months ago
7
Non-goal: handling/resolving fragments in ids

#22 snarfed closed 7 months ago
0
Number of keys

#21 evanp closed 7 months ago
6
Non-goal: client side signatures

#20 snarfed closed 7 months ago
1
Another attempt to compile and standardize HTTP Signature usage in the Fediverse

#19 perillamint closed 7 months ago
14
Original motivations and use cases

#18 snarfed closed 7 months ago
2
Survey of HTTP Sig support in top fediverse servers

#17 snarfed closed 7 months ago
8
Non-goal: analysis of HTTP Sig implementations

#16 snarfed closed 7 months ago
2
Non-goal: security (etc) analysis of HTTP Signatures

#15 snarfed closed 7 months ago
0
Non-goal: authorization

#14 snarfed closed 7 months ago
1
Compare and contrast with other similar networks

#13 snarfed closed 7 months ago
1
Describe authorized fetch and the server actor

#12 evanp closed 7 months ago
3
Deadlock issues

#11 evanp closed 7 months ago
7
Describe potential improvements

#10 evanp closed 7 months ago
3