FoundKeyGang/FoundKey
FoundKeyGang/FoundKey
7
19
Fork 22
Code Issues 37 Pull requests 4 Releases Activity

Deprecation/removal of JSON-LD signatures? #373

New issue
Closed
opened 2023-04-13 04:22:24 +00:00 by helene · 2 comments
helene commented 2023-04-13 04:22:24 +00:00
Contributor
Copy link

Only relays really make use of the complex JSON-LD signatures. HTTP signatures are preferred and preferable for the rest of communications.

JSON-LD signatures were fairly controversial when introduced (and still are) due to the format, requiring JS-specific behaviour and including signatures in the data being signed, as well as privacy/behavioural concerns (activities now contain irrevocable proof of authorship and contents).

Mastodon has introduced JSON-LD signatures first as far as I'm aware, and is also deprecating them. They do not recommend implementing them anymore or using them.

Most fediverse software does not support JSON-LD (very few do, like possibly PeerTube?) either, so removal/deprecation would not result in breakage (except possibly for relays, but Pleroma/Akkoma encounter the issue as they do not support JSON-LD).

Removal of JSON-LD signatures could greatly improve in code clarity and readability, simplifying processing of incoming and outgoing activities while removing attack surface.

Only relays really make use of the complex JSON-LD signatures. HTTP signatures are preferred and preferable for the rest of communications. JSON-LD signatures were fairly controversial when introduced (and still are) due to the format, requiring JS-specific behaviour and including signatures in the data being signed, as well as privacy/behavioural concerns (activities now contain irrevocable proof of authorship and contents). Mastodon has introduced JSON-LD signatures first as far as I'm aware, and is also deprecating them. They do not recommend implementing them anymore or using them. Most fediverse software does not support JSON-LD (very few do, like possibly PeerTube?) either, so removal/deprecation would not result in breakage (except possibly for relays, but Pleroma/Akkoma encounter the issue as they do not support JSON-LD). Removal of JSON-LD signatures could greatly improve in code clarity and readability, simplifying processing of incoming and outgoing activities while removing attack surface.
Johann150 commented 2023-04-13 06:51:15 +00:00
Owner
Copy link

The only way in which LD signatures are used currently is outgoing to specifically configured relay inboxes. As for incoming I don't see how it would be a big threat. I think we should be liberal in what we receive and stricter in what we send out. I think the current use of LD-Signatures accomplishes that.

The only way in which LD signatures are used currently is outgoing to specifically configured relay inboxes. As for incoming I don't see how it would be a big threat. I think we should be liberal in what we receive and stricter in what we send out. I think the current use of LD-Signatures accomplishes that.
👍 1
Johann150 commented 2023-04-13 09:19:52 +00:00
Owner
Copy link

I reviewed how incoming LD-Signatures are handled. HTTP signatures are actually required on incoming activities:

Lines 30 to 35 in 808ad2a
try {
signature = httpSignature.parseRequest(ctx.req);
} catch (e) {
ctx.status = 401;
return;
}

As such, LD-Signatures are only checked if the validation of the HTTP Signature fails. The reason that I could come up with why HTTP signatures are required but LD-Signatures are also there is that relays do a HTTP Signature but since they aren't the original author they also need the LD-Signature. That does not explain though why the HTTP Signature may be invalid (independent of if the signature was made by the original author).

I still think it would be a good idea to allow to receive activities from relays, I'm just not sure how they send stuff.

I reviewed how incoming LD-Signatures are handled. HTTP signatures are actually required on incoming activities: https://akkoma.dev/FoundKeyGang/FoundKey/src/commit/808ad2a505fea104a16f27184750e16e00aa62d2/packages/backend/src/server/activitypub.ts#L30-L35 As such, LD-Signatures are only checked if the validation of the HTTP Signature fails. The reason that I could come up with why HTTP signatures are required but LD-Signatures are also there is that relays do a HTTP Signature but since they aren't the original author they also need the LD-Signature. That does not explain though why the HTTP Signature may be invalid (independent of if the signature was made by the original author). I still think it would be a good idea to allow to receive activities from relays, I'm just not sure how they send stuff.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
refactor-deliver-actor
markdown
move-autoblock
feature/requests
context
indicator-circle-v2
v13.0.0-preview6
v13.0.0-preview5.1
v13.0.0-preview5
v13.0.0-preview4
v13.0.0-preview3
v13.0.0-preview2
v13.0.0-preview1
Labels
Clear labels   
feature

task that proposes new feature(s)

  
fix

task to fix behavioral problems in the FoundKey codebase

  
upkeep

task that should make FoundKey smaller and more maintainable

No labels
feature
fix
upkeep
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: FoundKeyGang/FoundKey#373
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?