tobi (they/them) is writing bugs :terminal_cursor:

I opened an issue on Mastodon to suggest a code change that would save on network requests to GoToSocial instances.

https://github.com/mastodon/mastodon/issues/19217

Currently, if the PublicKey ID for an Actor is not at the same url (plus fragment) as the Actor itself, Mastodon will always refetch the key during signature verification

Since Mastodon does already have the key stored for that Actor if the Actor has interacted with the instance before, this is rather wasteful of resources, which is especially noticeable on smaller instances which deliver to Mastodon inboxes.

My suggestion is to add a field like public_key_uri to Account database entries. The appropriate Actor for an incoming request could then be selected from the database with something like SELECT * FROM accounts WHERE public_key_uri = 'https://example.org/users/someone/main-key'; Then if the instance had the Actor stored already, it would not need to make a remote call to the origin instance to validate the signature.

I would try to implement this myself, but I have almost no experience with Ruby, so I’m not sure where I would start.

Are there any Ruby-doers out there who could do such a thing?

Like 22 Sep 2022 at 11:13 | Open on gts.superseriousbusiness.org