misskey icon indicating copy to clipboard operation
misskey copied to clipboard
verified publisher icon misskey-dev

Require signed GET requests (authorized fetch) when using federation allow list

Open belatedly opened this issue 1 year ago โ€ข 5 comments

Summary

I wasn't sure whether to call this a bug or not. I tested the allow/white list function in the current alpha and instances that are not entered in the allowed box can still fetch users and posts by searching the URL. Instances that are not explicitly allowed should not be able to fetch anything from the instance.

I did not receive a follow request from the instance I tested with, so it seems that this functionality is currently only rejecting certain activities from instances that are not explicitly allowed.

Purpose

Using an allow list allows an admin to control access to their users and content, in its current state the functionality is not enforcing this. Authorized fetch would check for signatures and reject all GET requests from instances that are not explicitly allowed.

Do you want to implement this feature yourself?

  • [ ] Yes, I will implement this by myself and send a pull request

belatedly avatar Oct 03 '24 12:10 belatedly

From what I know, this is (although "experimental") added in Sharkey. That could probably be upstreamed to here.

SnenxyTengoku avatar Oct 03 '24 21:10 SnenxyTengoku

From what I know, this is (although "experimental") added in Sharkey. That could probably be upstreamed to here.

Could you point to the MR? I couldn't find one...

KisaragiEffective avatar Oct 04 '24 03:10 KisaragiEffective

Could you point to the MR? I couldn't find one...

Here's the original merge: https://activitypub.software/TransFem-org/Sharkey/-/commit/fd57c7e24caf936392440de3c063b5eaa9d588cb

These are enhancements/fixes: https://activitypub.software/TransFem-org/Sharkey/-/commit/4f2fa60a72d1613ddaa315570d5754f7b54a2ac3 and https://activitypub.software/TransFem-org/Sharkey/-/commit/94fee180b92af2ff8751173d939297d584ea5244

belatedly avatar Oct 04 '24 04:10 belatedly

There are cases where allowlist without authorized fetch still make sense. For example, an allowlist can be used as a last-ditch defense against spam, if all others (like filtering with "prohibited words") fail. But in that case the admin still doesn't want to completely shut itself off from other instances not part of the allowlist.

In fact it would be nice if the allowlist's behavior can be adjusted, like whether it should only block all incoming messages or also suspend all delivery of activities to servers outside the list.

temtemy avatar Oct 11 '24 09:10 temtemy

Oh and maybe an allowlist where the Misskey will only deliver activities could be useful too... Being able to only deliver activities to the relays you've subscribed to would lessen a lot of network pushing I'd imagine.

temtemy avatar Oct 11 '24 09:10 temtemy