Authentify users from other instances
Authentify users from other instances
Hello !
When someone connects to my instances communities, but from another instance, how do I know it's no spoofing involved?
Cheers
12 comments
-
Messages are sent with a digital signature that only the original instance could craft.
-
Having worked with lemmy_server code for months, I wouldn't trust it in practice. Unless someone produces a pretty through test to validate that it actually works as intended when out-of-band data delivery attempts are made. And for discussion sake, I am assuming comment and posting "messages", and not private messages... which is a whole different set of behaviors.
when a user homed on lemm.ee comments on a post where the community is hosted on lemmy.world, it would get delivered to lemmy.ml by lemmy.world, not the origin lemm.ee instance.
Messages are sent with a digital signature that only the original instance could craft.
I don't think the actual message carries a signature from the origin instance, in this case lemm.ee - I could be wrong, because it may not unpack and repackage it before forwarding to subscribed instance servers. But there are some very short timeouts on these signatures and HTTP connections, and I think it does unpackage it and repackage a public comment message.
I think lemmy.ml would need to go fetch the profile for the then unknown user to be able to get the display name and other details of the lemm.ee comment creator to display on the comment. The signature for the comment I think would actually only validate lemmy.world to lemmy.ml - and if lemmy.ml already has the profile of the lemm.ee user stored locally it may not verify it (and could be an entirely different install with the same username). But I don't think many have ventured into study the code in these areas. The whole process hasn't been examined that much and I wouldn't be surprised at all if there are issues with post and comment getting dropped because servers aren't all reachable at the right times for these steps.
-
Hello RoundSparrow, and again thank you for your help when I was in trouble setting up my little instance!
It runs well now :-)
Just as a backdrop I'm curious about how Lemmy works (I'm building a sharing protocol & implementation, decentralised, takedown safe, rugged, ... It feels like how Lemmy is built on top of its protocol) and I love Lemmy and how it "federates" 💗 so I want to know more about it all.
When you say packages get forwarded to whatever instance wanted (if I understand correctly) you don't "unpack" (e.g check if it's a valid request) which seems logic, the end instances does do the security check right? I mean if the end instance doesn't check, you checking won't help them out.
But then again, if I understand you correctly, the trust is split in two; the poster from A posting on B, then B sending all its posts to C, D, E, ...
Which would mean it's enough to trust B to trust A. If you trust B enough :-)
Guess I'm off to learn Rust and try to compile all this :-)
Thanks again, and sorry for the ramblings. It's late here and I have not very much time.
-
-
Okay so it's the lemmt server running my instance that checks it is the right user. Do you know how it is done ?
I reread your post, so it's a signature in the http call?
-
It should be a signature that is sent together with the ActivityPub Object. Yes, if the signature doesn't match, the content, whether a post, comment, favorite, upvote, etc... should be dropped.
Here is the source code of the library that lemmy uses to handle incoming objects and you can see that it does a call to verify the signature of the actor:
-
Here's quite a good overview. The short answer, I think, is that the signature is embedded into the JSON object representing the post / upvote / whatever, which then gets passed around server-to-server (and each server checks the signature against the original server's TLS certificate). It's not something you can get your head around just by asking a couple simple questions but it's a pretty fascinating design when you get your head around it.
-
-
12 comments