FEP-2277 update: https://codeberg.org/fediverse/fep/pulls/708
- The Actor class now has the highest priority.
- Verification methods and public keys are treated as different classes.
This is needed because I discovered a way to bypass the same-owner check where attacker creates an ambiguous object (e.g. a Note with inbox property).
FEP-fe34 will be updated too, it will have a precise algorithm for determining the owner of an object.
#fep_2277
silverpill
npub19y…5wysk
2025-10-30 17:33:24 UTC
Author Public Key
npub19yg7mshq9vdtvvcm48svw03cmzewue4jug62cltnleh3y78khz5sm5wyskSeen on
wss://relay.momostr.pinkPublished at
2025-10-30 17:33:24 UTCEvent JSON
{
"id": "3f9d372f2bcae5bf9d4cba611c833c835bd6458bde127516576b21ed1b53ed62",
"pubkey": "2911edc2e02b1ab6331ba9e0c73e38d8b2ee66b2e234ac7d73fe6f1278f6b8a9",
"created_at": 1761845604,
"kind": 1,
"tags": [
[
"t",
"fep_2277"
],
[
"proxy",
"https://mitra.social/objects/019a362e-7109-11ad-864a-495e4e42b12c",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mitra.social/objects/019a362e-7109-11ad-864a-495e4e42b12c",
"pink.momostr"
],
[
"-"
]
],
"content": "FEP-2277 update: https://codeberg.org/fediverse/fep/pulls/708\n\n- The Actor class now has the highest priority.\n- Verification methods and public keys are treated as different classes.\n\nThis is needed because I discovered a way to bypass the same-owner check where attacker creates an ambiguous object (e.g. a Note with inbox property).\n\nFEP-fe34 will be updated too, it will have a precise algorithm for determining the owner of an object.\n\n#fep_2277",
"sig": "01461645798d158823eb40fbe246c78a1fee462069dd2e06825fd54f98f315057bb2b0a51c03dd3c1f1d578b2829eab8647a7e7aff695efd6a8b122b809712ae"
}