wordpress-activitypub icon indicating copy to clipboard operation
wordpress-activitypub copied to clipboard
verified publisher icon Automattic

Signature: Add created and expires headers

Open obenland opened this issue 6 months ago • 2 comments

Not sure yet whether that is a good idea. It's possible we'd have to add double-knocking to even have this work?

Proposed changes:

Other information:

  • [ ] Have you written new tests for your changes, if applicable?

Testing instructions:

  • Go to '..'

Changelog entry

  • [ ] Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • [ ] Patch
  • [ ] Minor
  • [ ] Major

Type

  • [ ] Added - for new features
  • [ ] Changed - for changes in existing functionality
  • [ ] Deprecated - for soon-to-be removed features
  • [ ] Removed - for now removed features
  • [ ] Fixed - for any bug fixes
  • [ ] Security - in case of vulnerabilities

Message

obenland avatar Jun 19 '25 20:06 obenland

I am not sure about the benefit!?!

pfefferle avatar Jun 20 '25 10:06 pfefferle

Is it a good idea to use hs2019? What I understand in the discussions to the signature PRs is, that this is not properly supported and differently implemented yet?

The whole signature part is very crucial and might break interoperability, so I would be very conservative with it!

Otherwise we would have to test it with a lot of platforms!

pfefferle avatar Jun 21 '25 08:06 pfefferle

Agreed, like I said in the PR description, Not sure yet whether that is a good idea.

I think there's an opportunity to simplify generate_signature, but that can be done when we work on that part for RFC-9421.

obenland avatar Jun 24 '25 16:06 obenland