#social 2018-08-16
2018-08-16 UTC
# saranix kaniini: pleroma requires the content-length field to be signed on http sigs?
# kaniini saranix no
# kaniini you can sign anything you want, but date must be signed
# kaniini we will soon also require digest be signed, but i haven't flipped the switch yet.
# dansup thats it? just date?
# saranix hrm
# kaniini implementing digest can be tricky.
# nightpool[m] aaronpk: digest isn't required because you're (presumably) already speaking to the host over https.
# saranix kaniini: actor is set
# nightpool[m] so the only person who could mutate/replay an https sig is the host itself. and as long as you sign host, they can only replay it against themselves
# nightpool[m] in fact, signing digest is LESS secure under some threat models, since it's non-repudiable.
# nightpool[m] http sigs is... pretty fucking simple
# saranix kaniini: from that paste, everything from
{type:Create to the close of to=>[]}
# saranix dang it
# kaniini that's escaped though
# kaniini i need the exact binary data
# saranix well, cause it's debug info. Want the original?
# kaniini yes
# kaniini with http headers
# saranix errr.. won't be able to do that
# saranix how do you send a direct message in pleroma? I can reply to a direct message, and I see the little private icon in the feed, but I don't see anywhere to set it in the status box like mastodon has
# saranix kaniini++
# kaniini saranix have to enable that stuff
# kaniini saranix priv/static/static/config.json
# kaniini scopeOptionsEnabled = true
# saranix so the site admin controls that?
# saranix might be confusing for users
ajordan, timbl, xmpp-social, heluecht[m], jauntywunderkind[m] and kaniini joined the channel