Oddbean new post about | logout
237de24a | 1 years ago (raw) | root | parent | reply | flag 
 @59c6c59c how can you add it to your actor object if you actor object is sogned with the previous key?
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 @f50dbb78 Err, do Actors need to be signed? I've only been using the signing for http auth. Didn't see anything about needing to sign the actor in any of the guides I looked at. 😅
237de24a | 1 years ago (raw) | root | parent | reply | flag 
 @59c6c59c well, in your system if te actor wasn't signed, I could mitm a server, add a new key to a copy of your actor object, and suddenly get that new key federated out.
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 @f50dbb78 Yeah! That's what I meant about being overly dependent on DNS. If  you can't trust an HTTPS request the whole thing breaks.
237de24a | 1 years ago (raw) | root | parent | reply | flag 
 @59c6c59c I guess what I'm getting at is: key management and security is difficult, particularly distributed, and requires sneakernet verification often. So if you just blindly trust that a key mentioned in the Actor object is authentic, then that's the flaw in your security, because you service also doesn't want to be checking the origin's Actor object for every activity or federations-request, so would need to cache known keys, which would mean a single mitm would poison the key cache
ca6770df | 1 years ago (raw) | root | parent | reply | flag 
 @f50dbb78 Yup I getcha!