this post was submitted on 20 Aug 2023
2 points (62.5% liked)
Lemmy Support
4656 readers
21 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Messages are sent with a digital signature that only the original instance could craft.
Okay so it's the lemmt server running my instance that checks it is the right user. Do you know how it is done ?
I reread your post, so it's a signature in the http call?
It should be a signature that is sent together with the ActivityPub Object. Yes, if the signature doesn't match, the content, whether a post, comment, favorite, upvote, etc... should be dropped.
Here is the source code of the library that lemmy uses to handle incoming objects and you can see that it does a call to verify the signature of the actor:
https://docs.rs/activitypub_federation/latest/src/activitypub_federation/actix_web/inbox.rs.html#18-54