Gregory's Server
my precise opinion on this matter is *blood begins pouring from every pore of my body and begins filling the room*
|
23 comments
Olivier Forget
Chris Messina
@teleclimber @grishka @cwebber Like most technical decisions, it requires a set of tradeoffs that exist in the context of a broader society, much of which is not technically literate, and which does not [currently] have the time, attention, motivation, or interest to care about these subtleties. Only once they've fucked themselves by losing their keys do they suddenly care, when it is too late. And we just have to assume this is our social operating environment, forevermore. 
Eunakria
@teleclimber @grishka @cwebber it's hard to do even for tech people! I'll be the first to admit that my SSH key backup solution is a fucking disaster 
Jeff Martin
@grishka yeah! I'm trying to design a decentralized identity system and I keep struggling with this problem too. If the using the pubkey as the identity is the problem, then what's the solution? And solutions that appeal to some centralized authority to resolve the issue aren't allowed, because, well ... decentralized. How can we do better? 
Григорий Клюшников
Jeff, as far as I'm concerned, it's a fundamentally unsolvable problem. The best mostly-decentralized identity systems we have (email, ActivityPub) ultimately rely on DNS.
Jeff Martin
@grishka That's what I was afraid of. It does seem unsolvable. :blobcatverysad: DID at least comes close to a reasonable solution here, because people get to choose which centralized authority they want to use (ie the resolvers), but most of those resolvers are blockchains. Ugh. There has to be a better way.
Océane 🏳️⚧️
Mark W. Alexander
Mark W. Alexander
Dmitri | 🇺🇦
Jeff Martin
@dmitri @grishka DNS is technically disqualified here because it's a centralized authority. But despite that, it may be the best option we have. The trouble is, the DNS system isn't really accessible to most people, so the UX isn't great there. Most of the other DID resolvers are blockchains (ugh), so I'm trying to find something better. It may not exist though. If we're not going to use pubkeys as ids directly, then something like `user@domain` may be the best we can do. 
silverpill
Dmitri | 🇺🇦
@cuchaz @grishka I know, I don't think did:web is an ideal choice (even though I helped create it). But, I DO think a better DID method will be created in the next year or three. And the reason I recommend to use did:web now is -- you get used to the general mechanism and data model, and the moment a better method arrives on the scene, it is trivial to switch.
Lucid00
I imagine the solution will just be multiple keys that point to each other and domains that list them. It's messy but it makes the most sense IMO.
Dmitri | 🇺🇦
@cuchaz @lucid00 @grishka So, I definitely think you're on the right track. The thing about key being an identity, is that you can't rotate or revoke it! That's why it's so useful to add one more level of indirection. an identity points to one or more keys (which can be rotated / revoked without changing the identity). Which is exactly what a DID is -- just a string that points to a JSON object that has a bag of keys.
Dmitri | 🇺🇦
[DATA EXPUNGED]
Lucid00
@Paulie @cuchaz @grishka @dmitri "they have to keep that separate thing up to date just to login to see cat pics" They don't, they could just login to see cat pics like most users are doing. Also I'm not sure PGP failed, it's still in use. Off topic: "Failed" implies that PGP had some kind of success target to hit that it didn't beyond just providing the ability to encrypt stuff. |
Regarding "AT was written because ActivityPub can't handle portable content and identity", I wrote up stuff about this *in 2017* https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md and wrote a demo on how to do the portable content part https://gitlab.com/spritely/golem/blob/master/README.org
Good luck to the Bluesky / AT folks, truly. The main thing that frustrates me is this claim that AP can't do this though. (The Bluesky folks are aware of this, we both wrote some documents about it together, so they *should* know, that's my main irritation with the FAQ item that says ActivityPub can't do it.)
But also:
- I am not currently focused on ActivityPub so maybe it's not the best question to direct at me anymore
- I am focused on Spritely, which will eventually loop back to AP stuff, but that's not its current focus (it's a bit more general and dare I say a bit more revolutionary to how applications are written than that)
- I have never been interested in making a Twitter replacement because I am not convinced a global content space is necessarily a good idea
- It's good that almost everyone agrees that decentralized networks are fundamentally necessary now though
- I am glad that AT/Bluesky is using DIDs and some other components that really might be truly useful
- I am not the best person to ask this question, but I guess I am one of the most obvious people to ask this question
Regarding "AT was written because ActivityPub can't handle portable content and identity", I wrote up stuff about this *in 2017* https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md and wrote a demo on how to do the portable content part https://gitlab.com/spritely/golem/blob/master/README.org