Instance HTTP Signatures Statistics #304
Labels
No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
No milestone
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: AkkomaGang/akkoma#304
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I'll be taking the same text I made for Pleroma's proposal as I want to upstream this to both projects. Feel free to show feedback.
Problem Statement
I've been recently thinking about
authorized_fetch_mode
and how broken my federation became when I first enabled it years ago. Nowadays, with the recent network influx, I'm thinking of enabling it again, but I worry about how unreachable my instance would become if I enabled it, I don't have that sort of data to really decide if I should enable it or not.Suggestion
Part 1: Create a new attribute under the
Instance
entity, calledhas_request_signatures
. Whilereachable
refers to the overall health of the network connection,has_request_signatures
would be set on requests that contain valid HTTP Signatures (possibly onPleroma.Web.Plugs.HTTPSignaturePlug
?).Part 2: An instance admin can then (with possibly a separate script or
mix
task) calculate the set of instances that they would not be able to see ifauthorized_fetch_mode
is enabled, it would be a more informed decision than the current one of taking guesses.just as a note, http request signatures are required in practice (and thus universally supported) by all software for push federation
you would want to specifically record signed fetches, which only started being supported by fedi software since introduction in mastodon 3.0 (iirc)
Indeed, that's why I suggested implementing the
has_request_signatures
recording on the HTTP Signature plug, as that's the one that also holds the enforcement of such throughauthorized_fetch_mode
. I got the core part of this proposal finished, will be testing in production soon to find out some interesting numbers.Some hours after applying the patch to my instance and I can see some results: 165 instances that confirmed themselves as having signed fetches, while 1302 instances missing (could be either because they're unreachable, as my instance is quite old, or they haven't gotten around to fetching any of my posts yet). Even with those remarks, the numbers are interesting.
my extremely hot take is that authorized fetch mode should be default - it's de facto for most instances anyhow
but in lieu of that, this is not a bad stopgap
the one thing that does concern me is that the patch as-is runs an SQL query on every request, which could be a spam vector - you might want to consider adding a cache for instances to prevent this, and also consider if we'd ever need to go "backwards", so to say
that is, would the state ever realistically go true -> false?
Agreed, will be adding to the patch.
Maybe if an instance has switched their actor keys, maybe? In theory that would mean it's a different instance (say, someone bought the domain after some years of an instance being dead), and so our statistics for that domain should be reset.
We wouldn't be able to detect if an instance has turned off their signed fetches after they've turned it on, as we wouldn't be able to assert their identity at that rate (and I don't think reverse DNS of the requester's IP is a good idea to infer identity).