You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"As an ActivityPub user, I want to be confident that the activities I observe were, in fact, created by those who claim to have created them."
A useful subset of a system that provides E2EE would support the creation of un-encrypted activities, objects, etc. in such a way that a receiver or reader of such data can be reasonably certain that claims made about its authorship can be verified and cannot be repudiated.
I should be able to "sign" activities, etc. that I create in such a way that those who receive them will be able to reasonably certain that I did, in fact, create these things, without having to trust any of the potentially large number of intermediaries in the path between my creation software and the receiver's system(s).
An ability to create non-repudiable data would not only allow one to combat spoofing, it would also open up a variety of new AS/AP application spaces. For instance, if messages are non-repudiable, they might be used to reliably communicate consent. Such an ability might form the foundation of social systems which support offers-to-sell or -buy, or offers-to-hire or be hired, etc...
The text was updated successfully, but these errors were encountered:
bobwyman
changed the title
Non-repudiable activities, objects, etc.
Non-repudiable activities, objects, etc. (i.e. Activities whose authorship can be verified.)
May 29, 2024
"As an ActivityPub user, I want to be confident that the activities I observe were, in fact, created by those who claim to have created them."
A useful subset of a system that provides E2EE would support the creation of un-encrypted activities, objects, etc. in such a way that a receiver or reader of such data can be reasonably certain that claims made about its authorship can be verified and cannot be repudiated.
I should be able to "sign" activities, etc. that I create in such a way that those who receive them will be able to reasonably certain that I did, in fact, create these things, without having to trust any of the potentially large number of intermediaries in the path between my creation software and the receiver's system(s).
An ability to create non-repudiable data would not only allow one to combat spoofing, it would also open up a variety of new AS/AP application spaces. For instance, if messages are non-repudiable, they might be used to reliably communicate consent. Such an ability might form the foundation of social systems which support offers-to-sell or -buy, or offers-to-hire or be hired, etc...
The text was updated successfully, but these errors were encountered: