Conversation

Notices

1. silverpill (silverpill@mitra.social)'s status on Friday, 20-Sep-2024 01:36:17 JST silverpill

   in reply to

   • Angry Sun

   @sun FEP-521a is supposed to be used in situations where identity is based on a domain name (HTTP signatures, FEP-8b32 integrity proofs on non-portable objects).

   If you want to have a key-based identity, you can keep your identity key on a client as described in FEP-ae97. It works roughly as you said, HTTP signing keys are generated on a client, added to actor document via FEP-521a, and then shared with servers for delegated HTTP signing (we're doing it in a hacky way, that needs to be improved).

   >encrypted messages

   The most well-thought proposal I've seen so far is https://github.com/soatok/mastodon-e2ee-specification but it's completely unrelated to what I'm doing with key-based identity

   • Angry Sun (sun@shitposter.world)'s status on Friday, 20-Sep-2024 01:36:18 JST Angry Sun
     @silverpill I am looking at:
     
     https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
     
     How would I differentiate between a key used for:
     
     1. http signing
     2. portable object signing
     3. encrypted messages
     
     I am looking at using did:key method for creating an identity. But I don't want to use the actual key used in the DID for signing anything because I don't want to have to put my identity private key on the actual server.
     
     Would this be an appropriate thing for a new FEP? Using a did:key key to sign subkeys specified in fep 521a?