#LDSignatures

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@[email protected]

The next version of will support (), which means that Fedify will be able to verify activities forwarded by from other servers.

In addition, activities sent with the Context.sendActivity() method will have Linked Data Signatures attached in addition to HTTP Signatures if any RSA-PKCS-v1.5 key pairs are present.

We were not motivated by implementing Linked Data Signatures, which is already an outdated standard, but we hope this change will lead to better compatibility and interoperability of Fedify apps!

洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@[email protected]

Working on @fedify's docs about … I hope someday drop the support for Linked Data Signatures… 😇

The combination of HTTP Signatures and Linked Data Signatures is the most widely supported way to sign activities in the fediverse, as of September 2024. Despite Linked Data Signatures is outdated and not recommended for new implementations, it is still widely used in the fediverse due to Mastodon and other major implementations' reliance on it. However, for new implementations, you should consider using both Object Integrity Proofs and Linked Data Signatures for maximum compatibility and future-proofing.
The combination of HTTP Signatures and Linked Data Signatures is the most widely supported way to sign activities in the fediverse, as of September 2024. Despite Linked Data Signatures is outdated and not recommended for new implementations, it is still widely used in the fediverse due to Mastodon and other major implementations' reliance on it. However, for new implementations, you should consider using both Object Integrity Proofs and Linked Data Signatures for maximum compatibility and future-proofing.
洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@[email protected]

Does also attach to activities? If so, what types of activities does it attach LD Signatures to?

洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@[email protected]

I received a request from @ghost today to add to @fedify for compatibility with , as Mastodon does not plan to implement Object Integrity Proofs (FEP-8b32) for the near future. 😩

However, Mastodon's implementation of LD Signatures does not even use valid JSON-LD properties (despite the name), so I'm not sure how to make it compatible with Mastodon since does JSON-LD processing. 🤔

The JSON-LD representation of a Create(Note) activity containing LD Signatures produced by Mastodon and its expanded form. The “signature” property and its child properties are not properly namespaced.
The JSON-LD representation of a Create(Note) activity containing LD Signatures produced by Mastodon and its expanded form. The “signature” property and its child properties are not properly namespaced.
洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@[email protected]

I wish would just implement FEP-8b32 instead of the LD Signatures which is obsolete.

w3id.org/fep/8b32