arcanicanis on Nostr: If you do rotate the keys to have all users be the same public key, make sure you ...
If you do rotate the keys to have all users be the same public key, make sure you list both the new and old key in the Update (new key first, which gets stored; old key 2nd/last, which gets discarded), as that's very specifically how the key rotation with Mastodon works (as I also noticed per:
https://arcanican.is/excerpts/cve-2024-23832/ )
Published at
2024-03-08 20:46:56Event JSON
{
"id": "b5ef54cf8803c355c165ac8fbedb5b2adf324ad75d65f55d2c96953fd77793d0",
"pubkey": "0ed7afc8b04a4ef5d52c14fd46c65e452d62ca50a47d6cf5287ed2825a6d26f7",
"created_at": 1709930816,
"kind": 1,
"tags": [
[
"p",
"79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"wss://relay.mostr.pub"
],
[
"e",
"1b3730c5fe73c062fce408ba0f2980282a57a2cae47b967853305689aac69e90",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://were.social/objects/d7506a62-9f71-4fa8-9c8c-8ab57a82068d",
"activitypub"
]
],
"content": "If you do rotate the keys to have all users be the same public key, make sure you list both the new and old key in the Update (new key first, which gets stored; old key 2nd/last, which gets discarded), as that's very specifically how the key rotation with Mastodon works (as I also noticed per: https://arcanican.is/excerpts/cve-2024-23832/ )",
"sig": "ae872ce306f5cf8a3a0968181dda64aec30de641a45b1edea354a8407effe34d3d617ee752647d5da407311fa7a24e2c7bd4af544a738e47a8e51293936efcff"
}
