• Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          So looking at that spec… Nothing there is validation that current messages originate from an “original” server…

          I don’t think either of these signature options for Server to Server communications means that my current lemmy.saik0.com instance can’t be torn down (delete LXC container) and reconfigured as a brand new instance (New LXC container) and other instances wouldn’t know that there’s been a change to the instance running here… or more accurately would flag a change. I think these signatures are all about not being able to spoof OTHER instances. eg, lemmy.ml can’t send messages on behalf of lemmy.world.

          • priapus@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I assumed that once federated the public key would be remembered and signatures that do not match it would be handled, but you may be correct. I do wonder whether this could be a problem as instances close down over time. I’ll have to spend some more time researching to see if there’s a more clear answer, or if any ActivityPub implementations have their own way of handling that situation.

            • Saik0@lemmy.saik0.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Yeah that’s my worry. I’m pretty sure(and could be wrong) that message/ keys are only checked on ingestion. So i would get key value for a message coming in and can check that is currently valid, not that it’s “changed” since 2 months back. I think this could allow for some one to ressurrect an old Lemmy service and masquerade as the old one… communities , users… all of it.