#Loqi[strugee] #250 Add DoS notes to Security Considerations
#ajordanben_thatmustbeme: you're cc'd to make sure I got the wording on this right :)
#saranixit might be more clear to first-timers if it says "denial-of-service/spam"
#saranixlol a quote from the hubzilla support channel "We keep this stuff hidden behind a curtain because a lot of folks can't handle this level of control and run away screaming that they aren't smart enough to use this software. But once you've peeked behind the curtain you'll realise that anything is possible."
xmpp-social and timbl joined the channel
#puckipediaokay so my testing implementation of JSON-LD compacting isn't quite optimal
#puckipediasomehow it's translating published into as:published, and then can't find the type for it in the data
#Loqi[msporny] > It seems like something that users will bump into independently though, and perhaps we should have a way to advise them.
Hey @cwebber, thanks for logging the issue. You're right, we should track this somewhere. I'm a bit pressed for time, so thi...
#cwebber2two interesting comments on there from Manu
#saranixversioning of objects in AP, a whole other can of worms we haven't really dealt with yet
#cwebber2I suppose that's true with any added object
#cwebber2I haven't spent enough time thinking about it though
#cwebber2it's a rabbit hole I'd love to go down, but alas, not enough time yet
#cwebber2anyway, on that note, I think we're going to within the time frame we have left in the group be happy with getting http signatures working interoperably between servers, but LDS will remain an exploration space
#cwebber2http signatures is simple enough and it already seems to be rolling out, but advising people on database storage approaches to retain signed objects is trickier
#cwebber2I guess it would be a challenge Linked Data or not, just having signatures on objects that are broken apart and reconstructed, especially when they may mutate
#jaywinkThat would sucker a lot. OStatus creates broken discussions.
#cwebber2puckipedia: I post a comment to my list about some flowers, jaywink says "nice flowers" but can't access my followers, so my server forwards jaywink's reply to my followers
#cwebber2flowers and followers, I should have used less similar-looking words in that sentence :)
#cwebber2jaywink: how does diaspora deal with this problem btw?
#jaywinkIt's going to be sad if we can't make this functional. AP should last for a long time and fix problems. I mean this all works in Diaspora protocol without problems. I still don't see all the problems with lds but I must admit I haven't hacked on AP yet. If it was only used to sign an object and remotes always verified from the remote - I don't see what problems there would be?
#cwebber2jaywink: I'm specifically asking what diaspora does about the reconstructing a signed object, where the object mutated since the signature, question
#cwebber2does the object, when reconstructed from the database, simply have a broken signature?
#jaywinkWell, that is implementation details. Signing is used for delivery and when someone asks for something
#cwebber2jaywink: when an object changes, don't all objects that reference it now need to update their signatures?
#cwebber2jaywink: querying which objects now need to update their signatures on every update seems like it might take some effort; maybe it needs to be done lazily
#cwebber2it seems like it would be helpful for moving from quads/triples to json-ld cleanly, and even could be used (with some overhead) to "capture" the structure of the signed object being stored. but I think as Manu pointed out, you'd still want to hash the object basically...
#cwebber2it seems like more overhead than I'd want to solve this though for my own system
#jaywinkeverything is very complex in this channel :) more KISS :)
#jaywinkI'm just babbling but have basically no time to give any input how it could work, except to highlight how it works, really simply, in the diaspora protocol. I don't see AP that different. The difference is that AP has no constraints, so people can think it as complex as they want.
#jaywinkthe worst thing that could happen, IMHO, is that the spec stays the same regarding s2s delivery. IMHO http sigs or preferably ldsigs MUST be recommended as the way to go. Otherwise servers will implement one or the other and then we just create more silos
#jaywinkthis is also the number one negative thing about AP I keep reading all the time - not defining how to verify content
#jaywinkthis criticism comes from d*/friendica/hubzilla sides
#jaywinkgetting http sigs as a "way to go" would surely be a great thing compared to the current situation
#cwebber2jaywink: well you know my feelings on the matter :)
#cwebber2jaywink: anyway I agree with those criticisms
#jaywinkeven though it wont support everything very well. for example, Diaspora would not be able to switch and keep their features. Which is private messages delivered to "collections" (=aspects) where the receivers don't know who is in the aspects
#jaywinkso, that use case would jsut not work in AP
#jaywink(but I'm not with Diaspora and have no idea whether they're even interested - just saying from feature point of view what is out there)
#cwebber2jaywink: hey, at the very least, we're at the closest we've ever been to people wanting signatures :)
#jaywinkyeah ? and that need has come from realization that doing so would solve certain problems ;)