Hi all,
I’m opening a discussion for a new FEP draft: PortaFed —
cryptographic account portability for ActivityPub.
The problem: ActivityPub identity is server-rooted. When a server
shuts down or bans a user, their identity and post history are
permanently lost. The existing Move activity requires the source server
to be online and cooperative — which fails exactly when portability
matters most.
The proposal: Three cryptographic layers that together enable
server-independent migration:
- Actor-rooted identity via ed25519 keypair (builds on FEP-ef61)
- Per-object integrity proofs using JCS/RFC 8785 (builds on FEP-8b32)
- MigrationProof — a Merkle commitment over the full export, signed
by the actor’s private key, bound to the destination DID
The destination server verifies the proof using only the actor’s
public key. No source server contact required.
No blockchain. No centralised registry. No ActivityPub core spec
changes required.
Spec draft and reference implementation (Rust):
Specific questions for the community:
- Does the MigrationProof design compose correctly with LOLA?
- Are there edge cases in the Merkle construction we should address?
- Which ActivityPub server implementations would be most valuable
to target first for interoperability testing?
Looking forward to feedback.