mradcliffe@mradcliffe@nokoto.org: When last I left off, I made a pull request to pee…

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @gabboman@gabboman.xyz
mradcliffe@mradcliffe@nokoto.org (2026-04-18 20:46:29)
@gabboman I decided to hack on this the past few nights, and came up with an experimental, backwards-compatible implementation that I created a draft pull request for @peertube/http-signature. I tried to follow the library’s coding style of the original as much as possible.

The idea of backwards-compatibility is that you can drop this into an existing application and nothing will break. There are deprecation messages that may surface in logs to guide changing from using the function exports to the cavage12Draft export (and the rfc9421 export).

I think the next step for anyone would be:

manual...
---Reply---
mradcliffe@mradcliffe@nokoto.org (2026-05-19 07:14:23)
When last I left off, I made a pull request to peertube/http-signature library try to help the JavaScript ecosystem reach RFC 9421 parity while being backwards-compatible with cavage-12 draft implementations. There has not been any traction on this yet. Maybe because PeerTube has abandoned its own use of the library.

So our current ecosystem state is the following:

PeerTube uses misskey-dev/node-http-message-signatures library and owns the defacto unmaintained peertube/http-signature library.
Misskey and the rest of the ‘keyverse use peertube/http-signature library and Misskey owns the defacto...


---Replies---

silverpill@silverpill@mitra.social (2026-05-19 20:02:11)
@mradcliffe Does your instance support RFC-9421 verification?