Blind key rotation and stale duration for profiles

See https://blog.dereferenced.org/the-case-for-blind-key-rotation Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-02-14 17:56:36 +01:00
parent 3a753312c1
commit 39b7afd1cd
10 changed files with 164 additions and 11 deletions
--- a/config/config.exs
+++ b/config/config.exs
@@ -146,7 +146,11 @@ config :ex_cldr,
 config :http_signatures,
  adapter: Mobilizon.Federation.HTTPSignatures.Signature

-config :mobilizon, :activitypub, sign_object_fetches: true
+config :mobilizon, :activitypub,
+  # One day
+  actor_stale_period: 3_600 * 48,
+  actor_key_rotation_delay: 3_600 * 48,
+  sign_object_fetches: true

 config :mobilizon, Mobilizon.Service.Geospatial, service: Mobilizon.Service.Geospatial.Nominatim