4.9 KiB
| slug | authors | status | dateReceived | trackingIssue | discussionsTo |
|---|---|---|---|---|---|
| 521a | silverpill <@silverpill@mitra.social> | DRAFT | 2023-07-08 | https://codeberg.org/fediverse/fep/issues/130 | https://codeberg.org/fediverse/fep/issues/130 |
FEP-521a: Representing actor's public keys
Summary
This proposal describes how to represent public keys associated with ActivityPub actors.
Rationale
Historically, Fediverse services used publicKey property to represent actor's public key. Implementations usually allow only one key per actor, therefore a new approach is needed to support use cases where additional keys are required.
Furthermore, publicKey property was removed from the latest version of Security Vocabulary.
Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119.
Multikey
Actor's public key MUST be represented as an object with Multikey type, as defined in section 2.3.1.2 Multikey of Data Integrity specification. This object MUST have the following properties:
id: the unique global identifier of the public key.type: the value of this property MUST contain the stringMultikey.controller: the value of this property MUST match actor ID.publicKeyMultibase: a Multibase encoded value of a Multicodec prefix and the key. Implementations MUST use thebase-58-btcalphabet.
The Multikey object MAY contain the expires property indicating the expiration date of the key. Implementations MUST NOT not accept a signature created with a key that has been expired.
Key IDs
Identifiers SHOULD be generated by appending a fragment identifier to the actor ID. Different public keys of the same actor MUST be identified using different fragment IDs.
Resolution of a URI containing a fragment identifier is performed in two steps:
- Resolve URI without a fragment identifier.
- Find a nested object where
id(or@id) property contains the full URI.
Key types
Implementers can use cryptographic keys of any type for which Multicodec prefix is registered.
Controller document
Actor object MUST be used as a controller document, as described in section 2.3 Controller Documents of Data Integrity specification.
Key purposes
If the key is intended to be used for signing ActivityPub objects, it MUST be added to the assertionMethod array of the actor object.
Other use cases are currently out of scope of this proposal.
Example
{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/multikey/v1"
],
"type": "Person",
"id": "https://server.example/users/alice",
"inbox": "https://server.example/users/alice/inbox",
"outbox": "https://server.example/users/alice/outbox",
"assertionMethod": [
{
"id": "https://server.example/users/alice#ed25519-key",
"type": "Multikey",
"controller": "https://server.example/users/alice",
"publicKeyMultibase": "z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2"
}
]
}
Difference between this proposal and FEP-c390
FEP-c390 describes how to link external identities to ActivityPub actor. Valid identity proof implies that actor and proof's subject are controlled by the same entity.
This proposal describes how to represent actor's public keys. The corresponding private keys are controlled by the server.
Test vectors
See fep-521a.feature
Implementations
- Mitra
- streams
- Hubzilla
References
- Christine Lemmer Webber, Jessica Tallon, ActivityPub, 2018
- Ivan Herman, Manu Sporny, Dave Longley, Security Vocabulary, 2023
- S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, 1997
- Dave Longley, Manu Sporny, Verifiable Credential Data Integrity 1.0, 2023
- Protocol Labs, Multicodec
Copyright
CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
To the extent possible under law, the authors of this Fediverse Enhancement Proposal have waived all copyright and related or neighboring rights to this work.