RFC9421 replaces the Signing HTTP Messages draft

Last month, the RFC9421 has been released. This is a final evolution of the HTTP Message Signatures draft, that replaces the Signing HTTP Messages draft, that is currently implemented by peertube to sign JSON-LD payloads for ActivityPub communications.

I suppose this draft have been chosen for peertube to be at least compatible with Mastodon, that implements the very same version. After a quick read of the draft and the RFC, they appears to be very different, and I doubt an implementation of the draft would be compatible with the RFC.

Now that the spec has reached final state, I would like to ask the peertube dev team what are their intents about implementing RFC9421. Told differently, as of march 2024, to start building a software communicating with peertube via ActivityPub, should we implement the draft of the finale spec?

RFC9421 is indeed very different from the used draft. It is to be expected that the Social CG will produce a spec on how to use HTTP Signatures with ActivityPub, with especially the way to upgrade properly and handle legacy implementations :

1 Like