vilhalmerI'm finally implementing activitypub, and I'm wondering if anyone has experience with http signatures as used by mastodon's implementation; specifically any guidelines on how to verify that the key given in the signature should actually be trusted
