#social 2018-09-20

2018-09-20 UTC
xmpp-social, kaniini, vt, vasilakisfil, _xmpp-social, dlongley, Fox and jdormit joined the channel; fiatjaf and vt left the channel
# 22:26 
heluecht[m] How can I check if my LD signature is correct? Testing against my own routines is looking good. But Mastodon - for example - doesn't seem to care about a valid signature. My post with an invalid one had been accepted.
# 22:28 
puckipedia try sending the post with a Signature header of another user
# 22:29 
heluecht[m] I just wrote some "ddsdfjs" instead of a valid signature - and this was accepted.
# 22:29 
puckipedia like, if the actor in the json and the keyId of the http signature don't match
# 22:31 
heluecht[m] I don't mean the HTTP signature, but LD sifnature
# 22:31 
nightpool[m] you can test the ld signature by not providing a http signature
# 22:31 
nightpool[m] I believe
# 22:32 
puckipedia nope
# 22:32 
puckipedia the signature still has to check out
# 22:33 
nightpool[m] hmm
# 22:33 
nightpool[m] grr
# 22:33 
puckipedia heluecht[m]: yes. If the owner of the object and the person that signed the HTTP Signature do not correspond, it validates the JSON-LD signature
# 22:33 
heluecht[m] Only then? Why?
# 22:34 
puckipedia it's used when another server wants to send the reply to e.g. the followers of the object that you replied to
# 22:35 
heluecht[m] But why not checking it at any time?
# 22:36 
nightpool[m] because there's no need to?
# 22:37 
heluecht[m] Is it defined that way?
# 22:38 
puckipedia it is not
# 22:38 
puckipedia there's no real information about how to authorize requests in AP
# 22:43 
heluecht[m] And Mastodon relays answers with signatures to the other persons in the thread?
# 22:43 
heluecht[m] Or only under certain circumstances?
# 22:44 
nightpool[m] mastodon relays answers with signatures to the followers of the root post
# 22:45 
heluecht[m] Does it matter if the post was public or private or directed to the followers collection or not?
# 22:46 
puckipedia must be public/unlisted
# 22:47 
heluecht[m] What does "unlisted" mean in this situation?
# 22:47 
puckipedia the four privacy modes that Mastodon has are:
# 22:47 
puckipedia public (the AS2 Public collection is in to)
# 22:48 
puckipedia unlisted (the AS2 Public collection is in cc)
# 22:48 
puckipedia private (either to or cc contains the follower collection of the person making the post)
# 22:48 
puckipedia s/private/follower/
# 22:48 
puckipedia private (no public collection nor follower collection)
# 22:49 
heluecht[m] So on private posts to the follower collection there is no relaying?
# 22:49 
heluecht[m] Why?
# 22:51 
puckipedia because you have to send them to all your followers anyways
# 22:51 
puckipedia also. blame like. bad audience targetting features in mastodon. i guess
# 22:52 
heluecht[m] But when I reply to a private post with the followers collection, then I cannot distribute my comment to all followers of the original poster, because I don't know them.
# 22:53 
puckipedia like. Mastodon doesn't support that
# 22:53 
puckipedia when I say "follower collection" above, it's only of the follower collection of the author of the post
# 22:54 
nightpool[m] AP specifically mentions this as a use-case for forwarding, but mastodon doesn't support it because we find it unintuitive for microblogging
# 22:54 
nightpool[m] obviously for, say, comments on a private blog post, it would be a different story
# 22:57 
heluecht[m] I guess there will be a huge list of incompatibilities between Friendica and Mastodon :)
# 22:58 
heluecht[m] I personally don't see any difference between the distribution of a private or public post.
# 22:58 
puckipedia same here
# 22:59 
nightpool[m] what?
# 22:59 
nightpool[m] I'm not sure what you mean by "the distribution of"
# 23:00 
nightpool[m] the problem isn't that nastodon doesn't forward the post, the problem is that it has no way to conceptualize the audience targeting that might cause it to forward the post
# 23:01 
heluecht[m] Situation: A posts something (private or public post to the followers collection). Then B replies to it. Then I would expect that A distributes the comment from B to all followers of A.
# 23:02 
puckipedia in case of a private post, the followers of A can't see the reply anyways
# 23:02 
heluecht[m] I mean a non public post to the followers collection. This should be visible to all followers.
# 23:03 
puckipedia yes, but Mastodon doesn't support it if it's the follower collection of someone that isn't the owner of the reply
# 23:04 
heluecht[m] I would expect that only the followers collection of the starting post should be valid.
# 23:04 
heluecht[m] And Mastodon should know that - if the starting post was made on the server.