Re: @peertube/http-signature
-
@chocobozzz@framapiaf.org I have a question for you... I'm seeing in Are we HS2019 yet? that Peertube and Misskey both use your package: @peertube/http-signature
NodeBB currently rolls its own cavage-12 support but and I did some preliminary research into updating to the latest HTTP Signatures draft, but quickly got overwhelmed.
For a variety of reasons, but mainly to avoid NIH, I'd consider switching to a dependency.
My question is: does your library support verification for non-hs2019 signatures, or will I need to invoke your library in front, and fall back to existing cavage-12 verification otherwise?
I suppose, same question re: double-knocking.
-
@julian Hi,
In fact peertube doesn't use this library anymore. We switched to https://github.com/misskey-dev/node-http-message-signatures
Ironically, Misskey still uses @peertube/http-signature.
The former dev of @misskey-dev/node-http-message-signatures expressed concerns about the maintenance status of the library: https://github.com/Chocobozzz/PeerTube/issues/7372
However, upon reviewing it, I found no issues or security considerations with the library. @peertube/http-signature (based on https://github.com/TritonDataCenter/node-http-signature) isn't really maintained either
-
Hi,
My answer seems to not have been received here so I copy the link: https://framapiaf.org/[@Chocobozzz](https://activitypub.space/user/chocobozzz)/116577305060483143
-
Hi,
My answer seems to not have been received here so I copy the link: https://framapiaf.org/[@Chocobozzz](https://activitypub.space/user/chocobozzz)/116577305060483143
@Chocobozzz thanks! I'll take a look at the library you linked to.
Also I'll figure out why your message didn't come through
-
@julian Hi,
In fact peertube doesn't use this library anymore. We switched to https://github.com/misskey-dev/node-http-message-signatures
Ironically, Misskey still uses @peertube/http-signature.
The former dev of @misskey-dev/node-http-message-signatures expressed concerns about the maintenance status of the library: https://github.com/Chocobozzz/PeerTube/issues/7372
However, upon reviewing it, I found no issues or security considerations with the library. @peertube/http-signature (based on https://github.com/TritonDataCenter/node-http-signature) isn't really maintained either
Thanks @chocobozzz@framapiaf.org for the explanation. It does seem like the library is still usable.
In a separate thread, @mradcliffe@nokoto.org mentioned that he had a PR/branch that introduced RFC 9421 support:
https://nokoto.org/user/3/replies/317
It looks like you're the maintainer... would you be open to having that merged if someone (aka me) implements and tests it?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login