@silverpill
-
@silverpill I am looking at:
https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
How would I differentiate between a key used for:
1. http signing
2. portable object signing
3. encrypted messages
I am looking at using did:key method for creating an identity. But I don't want to use the actual key used in the DID for signing anything because I don't want to have to put my identity private key on the actual server.
Would this be an appropriate thing for a new FEP? Using a did:key key to sign subkeys specified in fep 521a? -
@sun FEP-521a is supposed to be used in situations where identity is based on a domain name (HTTP signatures, FEP-8b32 integrity proofs on non-portable objects).
If you want to have a key-based identity, you can keep your identity key on a client as described in FEP-ae97. It works roughly as you said, HTTP signing keys are generated on a client, added to actor document via FEP-521a, and then shared with servers for delegated HTTP signing (we're doing it in a hacky way, that needs to be improved).
>encrypted messages
The most well-thought proposal I've seen so far is https://github.com/soatok/mastodon-e2ee-specification but it's completely unrelated to what I'm doing with key-based identity
Copyright © 2024 NodeBB | Contributors