I know what the signatures are for but I wonder if there's a simpler way to achieve these objectives.
Server authentication: For example XMPP uses client certificates to authenticate servers to other servers (TLS server certificates usually can be used for client authentication too).
Message authentication: maybe exchanging OpenPGP messages would be easier? They already are signed and the payload can be anything. Of course it's not as easy to list a collection of these messages as it is with JSON (just collect into an array).
> If you avoid LD-signatures then you don't have to mess with JSON-LD canonicalization either,
I want to be interoperable with existing software so avoiding it is not a practical option (although allowed by the ActivityPub spec). Just like having non encrypted HTTP2 is not a practical option (although allowed in the spec).
Server authentication: For example XMPP uses client certificates to authenticate servers to other servers (TLS server certificates usually can be used for client authentication too).
Message authentication: maybe exchanging OpenPGP messages would be easier? They already are signed and the payload can be anything. Of course it's not as easy to list a collection of these messages as it is with JSON (just collect into an array).
> If you avoid LD-signatures then you don't have to mess with JSON-LD canonicalization either,
I want to be interoperable with existing software so avoiding it is not a practical option (although allowed by the ActivityPub spec). Just like having non encrypted HTTP2 is not a practical option (although allowed in the spec).