I received a request from @ghost today to add #LDSignatures to @fedify for compatibility with #Mastodon, as Mastodon does not plan to implement Object Integrity Proofs (FEP-8b32) for the near future.
-
wakest βreplied to ζ΄ͺ ζ°ζ (Hong Minhee) last edited by
@hongminhee hey @thisismissem, @andypiper what do yall think of this situation? where are we going here? I keep seeing dev after dev complain about the JSON-LD issue with Mastodon and I personally dont even know where to stand on it but it seems its a major hurdle.
-
Sam Sethi :pc2red: βreplied to ζ΄ͺ ζ°ζ (Hong Minhee) last edited by
@hongminhee will @Mastodon lack of support for the AP standards slow the adoption of the fediverse? TrueFans are new to developing with AP. We use @fedify who have made it super easy but we wanted to use the "Listen" verb from the AP vocabulary but no AP client supports it. Mastodon doesn't for certain which is probably why other AP clients don't.
We also wanted to use the 'Summary' verb but Mastodon kept marking our notes as sensitive another bug not fixed.
-
@liaizon @hongminhee @thisismissem I think it may be something long-standing here, is there an existing GitHub issue where I can get more background? I know itβs pretty complicated at this point though.
-
@liaizon @hongminhee @thisismissem (also asking as Iβm on my phone walking right now and canβt search so easily!)
-
@andypiper @liaizon @hongminhee the version of JSON-LD Signatures that mastodon supports is old, basically they implemented it, then the spec completely changed.
That's why stuff doesn't look right.
The question is then: how do you migrate forwards without breaking compatibility with existing deployments. That's gonna need time & money thrown at the problem to solve.
-
Andy Piperreplied to Andy Piper last edited by [email protected]
@liaizon @hongminhee @thisismissem no promises on how quickly this can be resolved, but it is in progress. It needs more work and probably backporting etc. https://github.com/mastodon/mastodon/pull/31871
-
@thisismissem @liaizon @hongminhee agreed that it will take a while to resolve things due to the scale of the deployments.
-
@thisismissem @liaizon @andypiper @hongminhee
FEP-8b32 is designed to be compatible with existing implementations. The upgrade path for Mastodon may look like this:
1. Support multiple public keys per actor
2. Start publishing second Ed25519 key as described in FEP-521a
3. Start adding FEP-8b32 integrity proofs in addition to LD signatures (as specified in "Backward compatibility" section of FEP-8b32)
4. Stop adding LD signatures -
silverpillreplied to ζ΄ͺ ζ°ζ (Hong Minhee) last edited by [email protected]
@hongminhee Do they want LD signatures in Fedify in order to process forwarded Create activities? I simply fetch
object
by itsid
when signer and actor do not match. -
ζ΄ͺ ζ°ζ (Hong Minhee)replied to silverpill last edited by
@silverpill Oh, that's great idea! It really helps, thanks!!
-
Rimureplied to ζ΄ͺ ζ°ζ (Hong Minhee) last edited by
@hongminhee Here is some code for verifying and creating LD Signatures https://codeberg.org/rimu/pyfedi/src/commit/1a658d007fa6259ea736005b818ae516a954bb16/app/activitypub/signature.py#L429
I tested it out last week but haven't used it in production - this was originally copied from Takahe so I assume it works well with Mastodon.
-
ζ΄ͺ ζ°ζ (Hong Minhee)replied to Rimu last edited by
@rimu Thank you! I think this will help.
-
Jenniferplusplusreplied to Sam Sethi :pc2red: β last edited by
@samsethi @hongminhee @Mastodon @fedify it does, yes
-
Sam Sethi :pc2red: βreplied to Jenniferplusplus last edited by
@jenniferplusplus @hongminhee @Mastodon @fedify what Mastodon supports Listen? Not so far in our testing. Also using summary marked everything as sensitive. That is still the case?
-
Jenniferplusplusreplied to Sam Sethi :pc2red: β last edited by
@samsethi @hongminhee @Mastodon @fedify sorry, I wasn't clear. I meant to answer your initial question. Will it hold back fediverse development if mastodon doesn't implement the specs properly? Yes, it already does.
-
Nik | Klampfradler πΈπ²replied to ζ΄ͺ ζ°ζ (Hong Minhee) last edited by
@hongminhee The first. The latter would imply giving up on the web and global federation.