What / expectations can we expect with for federated direct messages between two users on two different servers?

If alice@abc.pub sends a direct message to bob@def.pub, does the server-to-server protocol allow ghi.pub to read the contents, or does the web of trust only extend to abc.pub and def.pub?

Similar question for locked accounts with followers-only post. Would the user be trusting only the instances containing users which they've allowed to follow them?

Does the specification cover this specifically or is this left up to the implementation?

Follow

Answering my own question: the specification is very ill-defined on authorization in general: w3.org/TR/activitypub/#authori

The most detailed information I found about the server-to-server protocol is github.com/tootsuite/mastodon/

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!