trwnh.com/unified.test.hugo/content/kb/activitypub/extensions/http-signatures.md

5 lines
386 B
Markdown
Raw Normal View History

2024-10-05 06:27:07 +00:00
draft 8 cavage
even in the updated HTTP Message Signatures which supercedes the old HTTP Signatures, the `keyId` resolution to get the actual key material is unspecced, it's up to app logic
so you need to clearly specify somewhere such rules. like "keyId must point to a json-ld object with type sec:Key and must have sec:owner pointing to an activitypub actor" or something like that