Fedify 1.6.2 has been released as a hotfix to address compatibility issues with certain Mastodon servers.

This release resolves interoperability problems with Mastodon instances running bleeding-edge versions that include RFC 9421 HTTP Message Signatures support. These versions contain a bug that causes 500 Internal Server Error responses when receiving RFC 9421 signatures, affecting communication with several major servers including mastodon.social.

The fix extends Fedify's double-knocking mechanism to retry requests with draft-cavage-http-signatures-12 when receiving 5xx error responses, in addition to the existing 4xx error handling. This ensures continued federation compatibility while Mastodon addresses the underlying issue in their implementation.

This is a temporary workaround that will be reverted in a future release once Mastodon fixes their RFC 9421 implementation and affected servers are updated. The change maintains backward compatibility and does not affect the behavior with servers that properly handle RFC 9421 signatures.

Users are encouraged to update to 1.6.2 to ensure reliable federation with affected Mastodon servers.

@fedify

Thank you. RFC 9421 focuses on the mechanism for signing and verifying HTTP messages. The method of distributing the public key is not specified within RFC 9421 itself. I think the method of distributing the public key is important and should be standardized. For example, a user might consider distributing his public key in a DNS record associated with the user's domain, if the user associates his username with a domain of his own. This is just an idea.