Mastodon is compatible with litepub by the fact that litepub is a subset of the specific variant of activitypub that Mastodon chose to use.
But I think litepub has better security attributes, because of the strong requirement for using pointers (capability IRIs) to content not controlled by the local instance.
Mastodon security posture is that LDS is good enough because Delete messages can be redistributed along the DAG (the acyclic graph of peers of peers all the way down known as the fediverse) to ensure object integrity. but, the reality is pushing state around is harmful. instead, litepub's requirement for capability IRIs solves the problem cleanly.
there are some edgecases involving tracking what instances have received an object, but it's not impossible to solve those.
I strongly believe based on real world experience that simpler protocols are more robust. LDS method is more complex than the methods proposed in litepub...
But I think litepub has better security attributes, because of the strong requirement for using pointers (capability IRIs) to content not controlled by the local instance.
Mastodon security posture is that LDS is good enough because Delete messages can be redistributed along the DAG (the acyclic graph of peers of peers all the way down known as the fediverse) to ensure object integrity. but, the reality is pushing state around is harmful. instead, litepub's requirement for capability IRIs solves the problem cleanly.
there are some edgecases involving tracking what instances have received an object, but it's not impossible to solve those.
I strongly believe based on real world experience that simpler protocols are more robust. LDS method is more complex than the methods proposed in litepub...
