I personally would need to dig into testing and code again to give answers with confidence. What I’m trying to say more than anything is… don’t assume. The level of mistakes in Lemmy’s more technical back-end code are pretty high from my experience, especially when it comes to multiple servers involved (comment deletes not being sent to all servers was a situation I tracked down). What I do know is that there is very little written out there about people actually tearing it apart and showing what works… a lot of stuff gets logged in server logs as errors that almost nobody can explain. Either it’s mistakes in apub JSON or other non-lemmy servers, or older versions of Lemmy, etc.

When you say packages get forwarded to whatever instance wanted (if I understand correctly) you don’t “unpack” (e.g check if it’s a valid request)

the pack metaphor isn’t that great. But it is signed, and the receiving server checks a signature. But I really have not seen anyone discuss how those signatures are exchanged in the first place, and I’ve seen people say they re-installed their entire instance - which I assume generates a new set of signing keys for the same domain name… and I know Lemmy starts with 1 in index for post, comment, person - and would end up generating the same numbers for different content.

I haven’t seen much eye towards auditing any of this works, and if it even is a good design. Even 2 months ago there were some aggressive timeouts that were causing delivery to fail. And when something fails, the person who comments or posts doesn’t get notified…

There is some deep stuff in lemmy., every community has a private key/public key pair, as does each person - but I’m not even sure that is used at all and was an ambition. I rarely see the topic actually come up and I’ve been listening for this kind of deeper technical topics… and created !lemmyfederation@lemmy.ml to try and better organize it.

Thanks again, and sorry for the ramblings.

I’m pretty much rambling myself… my repeat point is: don’t assume. I would not describe Lemmy as battle-hardened against attacks or spoofing that someone can find to bypass the current logic.