Hacker News new | ask | show | jobs
by Timja 1317 days ago
Strange that users have private keys. Is that kinda forward-looking, so that at some point those keys could be moved to the users themselves? So they can keep their identity, even if the owner of their instance becomes malicious?
2 comments
oever 1317 days ago
The private key is used in HTTP Signatures for authentication. The signature does not cover the body of the http request and is not stored or published. The http post contains an http headers that signs just a few other header fields. The signature is only valid for a short time.

There is an example here: <https://blog.joinmastodon.org/2018/06/how-to-implement-a-bas...>

link
half-kh-hacker 1317 days ago
no lol
link
Timja 1317 days ago
Then why?
link