https://cosocial.ca/users/evan posted on Mar 24, 2026 02:38
In reply to: https://hollo.social/@hongminhee/019d1d9c-6f61-7e65-8bde-a0de49cf5f16
In reply to: https://hollo.social/@hongminhee/019d1d9c-6f61-7e65-8bde-a0de49cf5f16
@hongminhee oh, I'm so happy. I've seen too many implementations that assume the key id is a fragment, and just load that as the actor.
And I saw one that loaded the actor of the received activity and verified the signature against the actor's key, ignoring the keyID entirely!
I knew you would do it right! Thanks for the reassurance