Post · Bonfire social

Julian Fietkau

@[email protected] · 2 days ago

daniel:// stenberg://

@[email protected] · 2 days ago

RFC 9421 HTTP Message Signatures support in #curl maybe?

https://github.com/curl/curl/pull/21239

RE: https://mastodon.social/@bagder/116359048796181736

Could be potentially nice for fediverse server testing, as more implementations make the jump to final RFC 9421 HTTP signatures.

On the flip side, ever more complex curl invocations (here: Accept header plus signature fields plus key file, presumably) suggest use of more specialized CLI tools, such as provided by @fedify, or at least scripts/aliases.

Speaking of RFC 9421, which notable fediverse implementations can't handle it yet? Anyone keeping track?

#ActivityPub #FediDev #RFC9421

julian

@[email protected] replied · 2 days ago

@[email protected] by "can't handle" do you mean "still reliant on cavage-12"?

🙋‍♂️

Julian Fietkau

@[email protected] replied · 2 days ago

@[email protected] As I understand the migration path, it's like

1. Able to receive RFC 9421 in addition to draft-cavage
2. Able to send RFC 9421 in addition to draft-cavage
3. Send RFC 9421 by default, but be able to fall back to draft-cavage if needed

So by “can't handle” I meant step 1. 🙂 Although the unspoken step 4 is to remove draft-cavage support once everyone else has taken step 1, I'm ultimately also wondering when we'll get there.

Evan Prodromou

@[email protected] replied · 2 days ago

@[email protected] @[email protected] Honestly, I think it's going to be a while.

I think the term for step 3 is "double knocking", and it's called out in the HTTP Signature report for the Social CG:

https://swicg.github.io/activitypub-http-signature/

ActivityPub and HTTP Signatures