Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Julian Fietkau@julian@fietkau.social (2026-04-07 03:04:16)
RE: https://mastodon.social/@bagder/116359048796181736

Could be potentially nice for fediverse server testing, as more implementations make the jump to final RFC 9421 HTTP signatures.

On the flip side, ever more complex curl invocations (here: Accept header plus signature fields plus key file, presumably) suggest use of more specialized CLI tools, such as provided by @fedify, or at least scripts/aliases.

Speaking of RFC 9421, which notable fediverse implementations can't handle it yet? Anyone keeping track?

#ActivityPub #FediDev #RFC9421
---Reply---
gabboman the wafrn dev@gabboman@gabboman.xyz (2026-04-07 03:47:50)
@fedify@hollo.social @julian@fietkau.social

I still cant! but I wonder, any example of a software in node/javascript that uses the new signature standard?

---Replies---

mradcliffe@mradcliffe@nokoto.org (2026-04-18 20:46:29)
@gabboman I decided to hack on this the past few nights, and came up with an experimental, backwards-compatible implementation that I created a draft pull request for @peertube/http-signature. I tried to follow the library’s coding style of the original as much as possible.

The idea of backwards-compatibility is that you can drop this into an existing application and nothing will break. There are deprecation messages that may surface in logs to guide changing from using the function exports to the cavage12Draft export (and the rfc9421 export).

I think the next step for anyone would be:

manual...