silverpill on Nostr: Mario Vavti If conversation participants do not perform authentication procedure ...
Mario Vavti (nprofile…efc4) If conversation participants do not perform authentication procedure described in the FEP, the owner will be able to impersonate other participants (or anyone, if conversation is public) by sending an Add(Create(Note)) activity where Create(Note) is forged.
The argument can be made that if you participate in a conversation, you necessarily trust the owner (Lemmy et al operate with this assumption), but I'm not convinced that it is true.
>In this case the message will be rejected allthough its authenticity is verified.
How other servers can verify messages made by remotely authenticated actor? I'm not familiar with OpenWebAuth
The argument can be made that if you participate in a conversation, you necessarily trust the owner (Lemmy et al operate with this assumption), but I'm not convinced that it is true.
>In this case the message will be rejected allthough its authenticity is verified.
How other servers can verify messages made by remotely authenticated actor? I'm not familiar with OpenWebAuth