Notices by silverpill (silverpill@mitra.social), page 58

From now on, my server will be using eddsa-jcs-2022 cryptosuite to sign activities. It is still experimental but soon it will replace custom RSA cryptosuite used by default.

I also updated @context of actor object to pass validation at https://json-ld.org/playground/

@mikedev I've just re-read the whole conversation on GitHub and while I still don't understand half of it, one thing JSON-LD experts seem to agree on is that we need to copy @context from the document to the proof object during signing.

This means there will be a way to distinguish between 'old' and 'new' eddsa-jcs-2022, and that makes option (2) even more attractive. So I'll be using eddsa-jcs-2022 to sign activities.

@mikedev They were actually talking about changing eddsa-jcs-2022: https://github.com/digitalbazaar/data-integrity/issues/19#issuecomment-1847297553

>At this point, we should presume the eddsa-jcs-2022 spec is wrong and we should fix it.

I think we have two options:

1. Define new cryptosuite (e.g. eddsa-jcs-2022-fep-8b32) and use it. Switch to eddsa-jcs-2022` once the spec is stabilized
2. Go with eddsa-jcs-2022 and later try to guess what variant of eddsa-jcs-2022 is used. Run verification procedure according to the new spec, and if it fails, run according to the old spec.

(2) is probably easier at this point, no need to change the FEP, and also makes the argument against breaking the spec stronger

@mikedev I enabled FEP-8b32 signatures as well, but with cryptosuite name jcs-eddsa-2022. This comment should have one.

Unsure about eddsa-jcs-2022. What if W3C people decide to change its specification?

@mister_monster @monero Yes, this is me. I'm choosing fediverse for several reasons 1) almost everyone I care about is here 2) I think it's actually very important to be in contact with people who maintain infrastructure (admins) 3) ActivityPub is an open protocol which is not controlled by anyone 4) better protocol design overall

Many existing implementations suffer from the lack of data portability but I figured out how to fix that.

@treetrnk @monero I recommend building on ActivityPub instead.

You'll be able to connect to monero.town and to everything else in Fediverse. See https://codeberg.org/grindhold/flohmarkt for example. It is a bit unfinished but people are already using it. If you're python dev you can even fork it.

@mikedev It's working. I noticed activities such as Like in my log where HTTP signature belongs to one actor and integrity proof to another. My server checks both signatures, integrity proof takes precedence, the (actor == signer) constraint is satisfied and activity is accepted.

@alex @dave @97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322

Yes, I think it is worth trying.

Also, you might be interested in this: https://github.com/getAlby/lightning-browser-extension/pull/826

@alex @dave @97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322

>emit an Activity of the receipt back to the AP server

This sounds like the best solution, but then lightning node will have to implement AP actor, right?

It should be possible to create actor-less activities with FEP-ef61. I need to think about it.

@Hyolobrika Transaction is a message too, and hardware wallets are quite popular.

Signing your posts with HW is probably not very convenient, but I think this option should exist.

@pcottle @box464 @crepels @csu Oh, nice. Indeed, there's a Link tag, thanks for letting us know.

@teknomunk @box464 @pcottle It already contains an example of a quote in "Examples" section.

rel property is not really required.

Possible rel values were discussed on SocialHub but there was no consensus, so FEP doesn't provide any recommendations.

@teknomunk @box464 @pcottle

I'm adding rel="https://misskey-hub.net/ns#_misskey_quote"

AFAIK Streams and Pleroma doesn't add rel at all, so Mitra would accept any FEP-e232 Link regardless of rel value (as long as it points to something that looks like "post")

@benpate @ben

I tried to follow this actor, but your server responded with 500:

@box464 @pcottle

Currently the only formal proposal is FEP-e232. It allows multiple quotes and uses only standard Link type from ActivityStreams, but it is not widely implemented.

The de-facto standard is quoteUrl property.

_misskey_quote may be recognized by some servers but not all.

@helge @linos Yes, collaborative editing is an interesting example, I shall add it.

@arcanicanis Although this is often the case, there's also a growing number of startups that are pretending to be something else. This is very common in blockchain space where everything is "open source community owned public good", but also in adjacent areas like decentralized social networks (Bluesky is a good example of that trend).

My favorite shit-test is Discord. When the devs are using it while crowing about decentralization, they are either VC-funded or incompetent, and nothing good will ever come out of their work. I'm yet to see a single counter-example.

@Hyolobrika True. If there's a web gateway, people will use it and ignore the p2p network. Those web gateways become supernodes, and their number is a real measure of decentralization.

Most things in "decentralized & censorship resistant" category have truly pathetic supernode count. IPFS is not bad, but often there's just one site that is used by 99% of users.

@iwojima @mint Yes, I think you need newer sqlite3, 3.38 or later.

@monerobull monero.town has become one of my primary Monero news sources (along with various weekly digests). Keep it up!