@gabboman I decided to hack on this the past few nights, and came up with an experimental, backwards-compatible implementation that I created a draft pull request for @peertube/http-signature. I tried to follow the library’s coding style of the original as much as possible.

The idea of backwards-compatibility is that you can drop this into an existing application and nothing will break. There are deprecation messages that may surface in logs to guide changing from using the function exports to the cavage12Draft export (and the rfc9421 export).

I think the next step for anyone would be:

• manual...

Hi @evan
regarding 'keeps things simple' - have you looked into #RFC9421?
(Looking at you, Innerlist https://doi.org/10.17487/RFC9421)

All this #complexity for what benefit?

@julian @fedify

P.S.: I don't consider #ActivityPub to be simple in the first place, so hard to keep it simple that way.

Speaking of RFC 9421, which notable fediverse implementations can't handle it yet? Anyone keeping track?

The last time I checked, Lemmy, GoToSocial, Friendica, and the ‘keys to name a few did not handle it. Mastodon didn’t if you included requiring ed25519. But I haven’t checked the code bases or my logs in a month or two, @julian. At that time there wasn’t much progress on peertube/http-signatures or superseriousbusiness/httpsig.

I should probably check again...