silverpill
@mariusor @hongminhee I think signing forwarding request with instance actor's key is a reasonable choice.
>I think that servers operating activities on behalf of actors, without these actors explicitly performing an action is a breach of trust between the two.
However, I don't think there is a breach of trust. In vanilla ActivityPub actors must trust servers unconditionally.
We can change this by switching to client-side signing, for example with FEP-ae97.
marius
@hongminhee yes, I guess. However why did you consider the recipient as the right entity to do the signing?
In my mind, this action means that they "vetted" the received activity and decided to forward it, when in actuality it's the server that does both of those things. Ie, in my opinion, the server - through its instance actor - is the entity that assumes the burden of attestating the validity of the forwarded Activity.
I think that servers operating activities on behalf of actors, without these actors explicitly performing an action is a breach of trust between the two.
076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.
All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.