Gregory's Serverchristine what do you think about bluesky christine what do you think about it
 24 comments
@teleclimber @grishka @cwebber Like most technical decisions, it requires a set of tradeoffs that exist in the context of a broader society, much of which is not technically literate, and which does not [currently] have the time, attention, motivation, or interest to care about these subtleties. Only once they've fucked themselves by losing their keys do they suddenly care, when it is too late. And we just have to assume this is our social operating environment, forevermore. @teleclimber @grishka @cwebber it's hard to do even for tech people! I'll be the first to admit that my SSH key backup solution is a fucking disaster  @grishka yeah! I'm trying to design a decentralized identity system and I keep struggling with this problem too. If the using the pubkey as the identity is the problem, then what's the solution? And solutions that appeal to some centralized authority to resolve the issue aren't allowed, because, well ... decentralized. How can we do better?  Jeff, as far as I'm concerned, it's a fundamentally unsolvable problem. The best mostly-decentralized identity systems we have (email, ActivityPub) ultimately rely on DNS. @grishka That's what I was afraid of. It does seem unsolvable. :blobcatverysad: DID at least comes close to a reasonable solution here, because people get to choose which centralized authority they want to use (ie the resolvers), but most of those resolvers are blockchains. Ugh. There has to be a better way.   @dmitri @grishka DNS is technically disqualified here because it's a centralized authority. But despite that, it may be the best option we have. The trouble is, the DNS system isn't really accessible to most people, so the UX isn't great there. Most of the other DID resolvers are blockchains (ugh), so I'm trying to find something better. It may not exist though. If we're not going to use pubkeys as ids directly, then something like `user@domain` may be the best we can do.  @cuchaz @grishka I know, I don't think did:web is an ideal choice (even though I helped create it). But, I DO think a better DID method will be created in the next year or three. And the reason I recommend to use did:web now is -- you get used to the general mechanism and data model, and the moment a better method arrives on the scene, it is trivial to switch. I imagine the solution will just be multiple keys that point to each other and domains that list them. It's messy but it makes the most sense IMO. @cuchaz @lucid00 @grishka So, I definitely think you're on the right track. The thing about key being an identity, is that you can't rotate or revoke it! That's why it's so useful to add one more level of indirection. an identity points to one or more keys (which can be rotated / revoked without changing the identity). Which is exactly what a DID is -- just a string that points to a JSON object that has a bag of keys.
[DATA EXPUNGED]
@Paulie @cuchaz @grishka @dmitri "they have to keep that separate thing up to date just to login to see cat pics" They don't, they could just login to see cat pics like most users are doing. Also I'm not sure PGP failed, it's still in use. Off topic: "Failed" implies that PGP had some kind of success target to hit that it didn't beyond just providing the ability to encrypt stuff. |
my precise opinion on this matter is *blood begins pouring from every pore of my body and begins filling the room*