Follow

More robust handling of cases where username is reused or keys change github.com/tootsuite/mastodon/

1: Establish root trust by signing profiles/keys with the instance actor
2: Establish a web-of-trust for instance actors, using Trust On First Use (TOFU)

TLDR:
- Give instance actors their own keys, if they do not have them already.
- Sign profile keys with the instance key.
- Add UI in the admin panel to audit when instance keys change.

gonna keep hollering about this every time i'm reminded of it

anyway case in point how do you know that mastodon.rocks is the same as mastodon.rocks (after the database was lost)

or how do you know that an instance is different if its domain name expires and someone registers the same domain and hosts a fedi instance there again

or what about if the instance stays the same but someone deletes then recreates their account with the same username

all this and more

@trwnh uh, doesn't Mastodon just never free up old usernames?

@noiob more info in the actual issue but yeah, Webfinger acct takes precedence over ActivityPub id

@trwnh honestly I don't understand most of this stuff :D

@noiob mastodon refers to every account via user@domain

pleroma (and others) refer to accounts via the https id

both of those can change (although in practice the latter is more stable)

ultimately what we're *really* doing here is trusting the instance, not the profiles -- the instance is hosting the profiles

so we need a way to identify instances, and relying on keypairs is probably good enough here. if the keys change then it was reinstalled either a) by the owner or b) by someone else

@noiob the admin of each instance would need to figure out which is the case (depending on whether they trust claims by the new admin as to whether they are the same person as the old admin)

@noiob everything in activitypub has an id which is just an https url for now

that way you can just GET the id and obtain the object when you're working with other objects that reference it

@trwnh ah
Pleroma accounts can have human-readable URIs too, right?

@noiob on the backend both mastodon and pleroma use /users/username -- pleroma just uses various routing urls for their frontend that end up resolving to the same thing

@trwnh I mean masto has urls with @ in them too

@noiob yeah but those are just urls, the masto code routes /@username to /users/username transparently

@trwnh "More robust handling of pleroma username reuse"

I would argue this is a bug in pleroma, not something other implementations should have to deal with!

@trwnh mastodon and most implementations do not reuse usernames, and for the other point some do support blind key rotation.

Supporting federated username changes is a whole other ball game, I don't see how a WoT or more complex PKI will solve anything

@trwnh ah, yeah DNS is something the AP spec does not define in great detail.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!