Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @silverpill@mitra.social
Phantasm@phnt@fluffytail.org (2026-05-24 05:20:49)
@silverpill 
>this measure is ineffective and can easily be circumvented by changing the keyId parameter of a signature.

I never thought about it like that, but that too is a way to circumvent it. Although you would still need some way to publish that key and a valid Actor for verification, a server. If a remote server implementing restrictions on fetching based on signatures only disallows the instance Actor, then that is a way to bypass that restriction. Although I think there currently is no implementation that does that. Mastodon instead blocks everything on the domain including all subdomains and GTS probably does the same. No idea how the Misskey forks and Iceshrimp.NET do it though. Of course using different domains works as well.

>Servers MUST NOT allow clients to publish activities where embedded objects are owned by another actor.

Unrelated to the this FEP, but this came up when fixing the recent Pleroma security issues. There is no agreed upon way of federating moderation decisions to remote instances. It is logical when validating remote Update Activities to only allow Activities that update Objects owned by the same Actor, however that is never guaranteed when for example an admin on a remote instance forces a post to be NSFW. Similarly Delete Activities can have the Actor be the moderator, but Object actually owned by user.
---Reply---
silverpill@silverpill@mitra.social (2026-05-24 06:07:26)
@phnt Yesterday, a proposal was submitted that offered a solution to this exact problem: https://codeberg.org/fediverse/fep/src/branch/main/fep/baf5/fep-baf5.md. I don't like some parts of it (see discussion), but it's a step in the right direction