Please implement support for Blind Key Rotation (privacy feature) #398
Labels
A: Backend
Code running on the server
A: Federation
Stuff related to Federation
A: Security
C: Enhancement
New feature or request
Background
Blind Key Rotation is a mitigation for the problem that JSON-LD Linked Data Signatures are irrevocable. It is also useful (albeit less so) in the context of HTTP Signatures, since HTTP Signatures only sign headers and not the object itself, and are also detached from the object.
As Plume implements JSON-LD Linked Data Signatures, implementing Blind Key Rotation is important for resolving trust and safety issues with this signature scheme!
Implementation - receiving objects
Supporting Blind Key Rotation in the validation pipeline is simple enough: if a signature validation fails, refetch the remote actor and recheck the signature accordingly.
This would be done here:
Plume/src/routes/instance.rs
Lines 188 to 193 in 80a4dae
Implementation - deleting objects
Supporting Blind Key Rotation to enhance the deniability of deleted objects is also simple enough: send the
Delete
signed with the original key and then silently replace the keypair. The new keys will be fetched when the user publishes new content.I'm not quite certain where to implement this part, but it is probably not that hard to implement.
Questions?
Contact me on fediverse: https://pleroma.site/kaniini
The text was updated successfully, but these errors were encountered: