Let's talk about object ownership in #ActivityPub

I'm writing a new FEP: https://codeberg.org/silverpill/feps/src/branch/main/c7d3/fep-c7d3.md

This topic is rarely discussed, but any server that doesn't implement ownership checks as described in this document is likely vulnerable to impersonation attacks.