2/
To handle public-key cryptography safely, often a user should be able to have multiple public-keys.
For example, a user might have a different public-key on each device, rather than sharing public-keys.
A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.
Key-rotation is also often necessary for safety reasons.
Etc.
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
2/
To handle public-key cryptography safely, often a user should be able to have multiple public-keys.
For example, a user might have a different public-key on each device, rather than sharing public-keys.
A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.
Key-rotation is also often necessary for safety reasons.
Etc.
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
3/
All that requires that a Fediverse user can have multiple public-keys specified for them.
...
Although https://w3id.org/security/v1 seems to allow for multiple public-keys —
I wonder how much Fediverse software could actually handle multiple public-keys (rather than just one)?
(And, don't just assume one public-key?)
How mucg Fediverse software could handle public-keys changing over time?
Etc?
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
@reiver From personal experience, at the very least anything based on @fedify can represent multiple keys for an actor.
FEP-521a has a list of implementations: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md#implementations
On changing keys, I used to think this was impossible, but then I saw Claire mention that Mastodon will simply accept a changed key as long as the valid updated actor can be fetched from its canonical URI. So I guess that might work straightforwardly?
@reiver From personal experience, at the very least anything based on @fedify can represent multiple keys for an actor.
FEP-521a has a list of implementations: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md#implementations
On changing keys, I used to think this was impossible, but then I saw Claire mention that Mastodon will simply accept a changed key as long as the valid updated actor can be fetched from its canonical URI. So I guess that might work straightforwardly?
