Ryan Barrett

Merging #472 in here. From that issue: > Looks like https://mostr.pub/ is currently sending us hs2019 sigs, which we don't yet support. Example, with added newlines for readability: ``` Signature:...

Checking these libs for hs2019 support. Looks like https://codeberg.org/socialhome/python-httpsig-socialhome.git has it.

Nothing in pyauth-http-signatures: https://github.com/pyauth/http-message-signatures/search?q=hs2019&type=

Am I even understanding this right? https://arewehs2019yet.vpzom.click/ makes it sound like hs2019 isn't a cipher/algorithm at all, but a directive that passes through to rsa-sha256 or 512 or something.

Aha. From https://github.com/TritonDataCenter/node-http-signature/issues/106 : > In the newest version of the specification draft (https://tools.ietf.org/html/draft-cavage-http-signatures-12) it is recommended to hide the algorithm from the signature by using hs2019. In fact in...

...but that version of the spec is superceded by https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-16, which doesn't mention hs2019 at all 🤷

conclusion seems to be that the fediverse is still generally on cavage v12 at most, and hasn't migrated to httpbis yet. - https://socialhub.activitypub.rocks/t/state-of-http-signatures/754/22 - https://socialhub.activitypub.rocks/t/http-signatures-libraray/2087/2 sounds like hs2019 technically moves...

I hacked this in 842f8ac96402d89a6adb66c9667c2121fbb721c7 and ba38d6853b752d60df42487dadd924842f805061 by hard coding hs2019 to rsa-sha256. 😎

Thanks for the kind words! And yes, this isn't currently supported. I think you'd [delete](https://indieweb.org/deleted) (HTTP 410) your follow. That's the usual practice for other kinds of posts and interactions,...

Yeah seems like standard 410 delete: https://indieweb.org/unfollow#How