@mikedev Okay, I think I'm starting to see the big picture here. When a group actor publishes Add or Announce activity which wraps another activity, the recipients should somehow verify the authenticity of a wrapped activity. With FEP-8b32 this is easy. Without FEP-8b32 you need to fetch the wrapped activity from its server of origin. However, when the group is private the activity would be private as well, and everything becomes complicated. The originating server may not know who is part of the group and who is not, and therefore it can't enforce privacy by requiring a signed fetch.
To work around this in his non-FEP-8b32 implementation of FEP-400e, @grishka invented "actor tokens": https://codeberg.org/fediverse/fep/src/branch/main/fep/db0e/fep-db0e.md
Am I getting this right?
Curiously, the authentication of wrapped activities is not described in FEP-1b12. I posted about this problem on SocialHub forum yesterday but haven't gotten a response yet: https://socialhub.activitypub.rocks/t/fep-1b12-group-federation/2724/66
Is it so obvious that it doesn't need to be stated? Or is there a huge security hole in existing FEP-1b12 implementations because no one have bothered to think about this?