Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.htmlto find potential exploits?

profpatsch@mastodon.xyz

Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.html
to find potential exploits? Thinking about the spec it’s missing any algorithms for authorization, but I already found a couple of edge-cases that make a server DoSssable or give an attacker the ability to spoof messages …

? Offline

@Profpatsch I don't know Alloy, but I tried to analyze how authorization should be done in ActivityPub. The result is this document:

FEP-fe34: Origin-based security model - Fediverse Enhancement Proposals

Developing a comprehensive ActivityPub] security framework based on the concept of [web origin.

(fediverse.codeberg.page)

profpatsch@mastodon.xyz

@silverpill does the http signature not contain the domain of the requesting server and if yes, can't it be used to compare origins after the signature check?

? Offline

@Profpatsch Yes, the signature contains key ID, from which you can obtain actor ID and perform origin / ownership checks.

profpatsch@mastodon.xyz

@silverpill I mean ideally we already have a cache from the corresponding server key to its origin, so we don’t have to do a https resolution on every incoming message

CIRCLE WITH A DOT

Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.htmlto find potential exploits?

FEP-fe34: Origin-based security model - Fediverse Enhancement Proposals

FEP-fe34: Origin-based security model - Fediverse Enhancement Proposals