Julian FietkauApr 6

RE: https://mastodon.social/@bagder/116359048796181736

Could be potentially nice for fediverse server testing, as more implementations make the jump to final RFC 9421 HTTP signatures.

On the flip side, ever more complex curl invocations (here: Accept header plus signature fields plus key file, presumably) suggest use of more specialized CLI tools, such as provided by @fedify, or at least scripts/aliases.

Speaking of RFC 9421, which notable fediverse implementations can't handle it yet? Anyone keeping track?

#ActivityPub #FediDev #RFC9421

Show threadHazelnootApr 6

Speaking of RFC 9421, which notable fediverse implementations can’t handle it yet? Anyone keeping track?

@julian @fedify I’m honestly not aware of any that do support it yet…

Show threadJulian FietkauApr 6
@hazelnoot @fedify At the very least, Mastodon and Fedify (and by extension Hollo and Ghost) do. Outside of those I'm very unsure! I've seen @silverpill talk about it a bunch, so maybe Mitra supports it as well.
Show threadsilverpill

@julian @hazelnoot @fedify Mitra can verify RFC-9421 sigs.

I think all FEP-844e implementations support RFC-9421 in some capacity. The list of known implementations includes:

- Streams / Forte
- ActivityPub for WordPress
- tootik

fep/fep/844e/fep-844e.md at main

fep - Fediverse Enhancement Proposals

Codeberg.org
Apr 6 at 9:24pmWeb
Show threadjulian6d ago
@[email protected] how do I test against Mitra?
Show threadsilverpill6d ago

@julian Just send a request with RFC-9421 signature. It should return 401 on failure.

Mitra doesn't use RFC-9421 for signing outgoing requests.