Poor cryptography in Gotosocial

While developing software that has to do Authorized Fetch, I discovered something cursed that made me feel a new kind of negative emotion.

Authorized Fetch. A “feature” forced onto everyone by Mastodon developers.

https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization https://docs.joinmastodon.org/admin/config/#authorized_fetch https://github.com/w3c/activitypub/issues/315

To fetch a resource from any server with “Authorized Fetch”, you need to provide an actor with a public key.

Actor URL: https://example.com/ Public Key URL: https://example.com/#main-key

Those two URL should return the same document that looks like this: https://docs.gotosocial.org/en/latest/federation/http_signatures/#quirks

What if you want to change the public key, say, if you lost it, or need to upgrade its crypto primitive?

Well, according to GoToSocial, you are fucked. To be more precise, the entire actor can’t sign requests anymore forever to GoToSocial. GoToSocial caches the public key and its ID forever and ignores whatever is specified in your actor object.

Let’s summarize.

ActivityPub is not an open protocol any more. No open protocol will require you do this dance to fetch a Public Note. It is not how the web works. ActivityPub does not care about the common practice of cryptography. In any case, the security of it hinges on the life expectancy of a Fediverse server being less than that of the signing algorithm.

In comparison, AT Protocol cares more about its users. Key rotation is clearly defined, and your identity is tied to a cryptographic key, not to a server.

https://atproto.com/specs/did https://atproto.com/guides/identity https://github.com/did-method-plc/did-method-plc