@staticsafe A couple things. If my understanding of the events is correct, the security fix that rate-limits failures in signature verification by source IP backfired on knzk.me because their Puma does not see the real IP address (proxy misconfig). In search of solution, they reset all RSA keys as well, wherein I discovered a bug in the tootctl command that does that, so the accounts were advertising one public key, while signing with another.
Conversation
Notices
-
Eugen (gargron@mastodon.social)'s status on Tuesday, 18-Dec-2018 09:24:43 JST 
Eugen
- 神崎おにいさん✅ repeated this.
-
Eugen (gargron@mastodon.social)'s status on Tuesday, 18-Dec-2018 09:22:01 JST
Eugen
Helping bring knzk.me back to life...
-
Eugen (gargron@mastodon.social)'s status on Tuesday, 18-Dec-2018 09:27:34 JST
Eugen
@staticsafe I have run another update on the public_key column to source it from the actual keypair, and given them a patch to (temporarily) undo the IP-based fix. In a day or more the accounts should be considered stale, and key caches on other servers should update and fix themselves. To check that it worked, I manually updated key caches on mastodon.social, and was able to successfully communicate with knzk.me
神崎おにいさん✅ repeated this.
All senooken JP Social content and data are available under the