- From: Dominik George <nik@naturalnet.de>
- Date: Sat, 12 Apr 2025 09:56:02 +0200
- To: public-swicg@w3.org
>If a new Working Group is formed, security issues such as this* need be >acknowledged and addressed* — including exploring models where users >control their own keys, not the servers This model exists. It is called ActivityPub C2S. It even defines how to sign keys for multiple clients and all that. Even with implementations with their own C2S protocols, there is no reason at all to have private keys on the server and making signatures there. ActivityPub and its related vocabularies don't even define the privateKey predicate, it is a proprietary extension invented by a major AP player who is basically controlling the ecosystem. -nik
Received on Saturday, 12 April 2025 07:56:11 UTC