I have a question about signature handling in #ActivityPub relays.
-
I have a question about signature handling in #ActivityPub relays. As I understand it, relays forward activities between instances that aren't directly connected. Let's say we have this flow: foo.com (source) → bar.com (relay) → baz.com (destination). The activity created by foo.com includes HTTP Signatures, but when bar.com forwards it to baz.com, wouldn't the original signature become invalid since the Host header needs to change? How do relay implementations handle this issue?
-
@hongminhee instead of announcing the complete object embedded, by announcing just the object URI we can still rely on HTTP Message Signatures, but unfortunately too few relay softwares actually do this, which means you'd need to rely on object signatures
-
@hongminhee but yeah it's:
Origin -> Create -> Relay -> Announce -> Destination
-
@thisismissem Oh, I got it. If I understand it correctly relays usually expect Linked Data Signatures (or Object Integrity Proofs?) or just announce object URIs, right?
-
@hongminhee yeah, but also announcing full objects is bad because it sidesteps domain blocks from the origin
-
@thisismissem Ah, that makes sense. Thank you!
-
@hongminhee there's a section in the AP Primer about this, and that reminds me that I want to create this as a recommendation in AP T&S
-
@hongminhee @thisismissem LitePub relays use
Announceactivity. That has a nice side-effect: LitePub relays can be followed by regular users of micro-blogging services
