We've been working on cleaning up some of our ActivityStreams and
Salmon-related code for StatusNet 0.9.7; we first implemented these
early in 2010 from incomplete draft specs, and want to get things
updated to current specs before we move on to bigger internal changes.
I've just checked in code on StatusNet's 'testing' branch that updates
our Salmon magic envelope signatures to the current specs in
http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html#signing
The actual signing system is unchanged from our earlier implementation
except that additional fields from the envelope are included when
hashing the input data.
For transitional compatibility with StatusNet 0.9.6 and below, and with
other apps that have been using the earlier draft, we now send a second
outgoing slap using the old signature method if we get an HTTP error
code back from the receiving end; this will slightly slow down pings to
sites running the older software but should be pretty transparent to
end-users.
When verifying signatures on incoming slaps, we simply try both
signature methods on the input data and will accept either.
I did a quick compatibility test with Tuomas Koski's verifier; call
plugins/OStatus/tests/slap.php with --verify parameter to test any
notice mention this way (requires the site being on a public server for
key discovery or you'll get blank return data).
My personal test site, currently running testing branch with this code:
http://status.leuksman.com/
StatusNet testing branch on gitorious:
http://www.gitorious.org/statusnet/mainline/commits/testing
Tuomas's testing tool:
http://www.madebymonsieur.com/ostatus_discovery/magic_env/readme
Please feel free to test for interoperability, and give a shout if I
blew anything up. :)
-- brion vibber (brion @ status.net)
_______________________________________________
StatusNet-dev mailing list
StatusNet-dev@lists.status.net
http://lists.status.net/mailman/listinfo/statusnet-dev
