So when you create a new post, your instance takes everyone it knows to be following you, and issues a POST to each of their instances, with the contents of your post. And... that's the only time it ever pushes anything. Thus that's the only time HTTP signatures (spits) are ever used. ...right? Oh, also follow rejections are pushed, I think? There's no way to sign HTTP responses, as far as I can tell, so outbox, followers lists etc will never be signed.

@cy GET requests may also be signed using the instance actor. The receiving instance can then check that the request is genuine, and not some flood attempt, and that the requesting instance is not blocked.

@bob So, if someone else can flood an instance using my domain name and my IP address, then I can sign a request from the same domain name and IP address, and I won't be blocked. Signatures are only pointless if flooders must use a different domain name and IP address, which the instance can filter out. Which is always true.

@cy @bob If properly implemented, an adversary can't flood using a different doman name unless they have also stolen the instance actor keys for that domain.

@bob It doesn't matter if they stole the instance actor keys for another domain. My instance still won't be blocked, because they can't use my domain.
It's no different than SSL client certificates, really. Actually, why not use SSL client certificates?

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!