Oddbean new post about | logout
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 Fun fact, looks like our admin registration is going to use the same http auth mechanisms.

Here's how it looks:
- Keep list of admins in webmention format in the DB
- Admins talk to the API using signed HTTP requests
- API verifies requests by verifying the signatures

Cool side effects? No need for storing a password or issuing tokens or actual admin account data. We can also use wildcards in the list like `@*@hypha.coop` to allow any account from a given domain to have access.
237de24a | 1 years ago (raw) | root | parent | reply | flag 
 @59c6c59c I'm pretty sure that host may be spoofable..
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 @f50dbb78 could you elaborate more on the exploit you have in mind?

the flow for verifying looks like this:
- somebody creates an http request to our server and signs it with an actor URL pointing to their key
- our server fetches the actor URL and takes the public key out from the object
- the server then verifies the signature but the public key and verifies the digest of the request as well as the date to prevent replay attacks
- server resolves actor object to a web mention username
237de24a | 1 years ago (raw) | root | parent | reply | flag 
 @59c6c59c hmm, maybe that's fine then!
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 @f50dbb78 I think there is risk in folks adding fake actors if they can add arbitrary files to a site, but I'm hoping that querying the webfinger endpoint to verify would help there.

Spoofing https certs and DNS might be a risk though? 🤷