Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.htmlto find potential exploits?
-
Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.html
to find potential exploits? Thinking about the spec it’s missing any algorithms for authorization, but I already found a couple of edge-cases that make a server DoSssable or give an attacker the ability to spoof messages … -
R relay@relay.an.exchange shared this topic
-
Has anybody thought about modelling #activitypub with a tool like https://alloytools.org/book.html
to find potential exploits? Thinking about the spec it’s missing any algorithms for authorization, but I already found a couple of edge-cases that make a server DoSssable or give an attacker the ability to spoof messages …@Profpatsch I don't know Alloy, but I tried to analyze how authorization should be done in ActivityPub. The result is this document:
-
@Profpatsch I don't know Alloy, but I tried to analyze how authorization should be done in ActivityPub. The result is this document:
@silverpill does the http signature not contain the domain of the requesting server and if yes, can't it be used to compare origins after the signature check?
-
@silverpill does the http signature not contain the domain of the requesting server and if yes, can't it be used to compare origins after the signature check?
-
@Profpatsch Yes, the signature contains key ID, from which you can obtain actor ID and perform origin / ownership checks.
@silverpill I mean ideally we already have a cache from the corresponding server key to its origin, so we don’t have to do a https resolution on every incoming message
