[2019-11-26 00:20:19+0000] Gregory via SocialHub:
All three of the most-popular AP-based servers (Mastodon, Pleroma, Misskey) use this type of signature in addition to HTTP signatures. These are used to sign the message itself, to allow it to be proxied by other instances to the instances yours doesn’t know about.
Actually Pleroma doesn’t do any JSON-LD, external messages are just compatible with so it can federate with others, therefore we do not have JSON-LD Signatures, only HTTP Signatures. And we also considered it to be quite insecure or a breach of privacy as it goes against deniability (and so Mastodon now only uses it for public posts).