076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Adora (She/Her) (adora@tech.lgbt)'s status on Monday, 19-Jun-2023 06:03:32 JST Adora (She/Her) Adora (She/Her)
    in reply to
    • wizzwizz4
    • Keyoxide
    • Aeliana (Aeli) Isidora

    @wizzwizz4 @lina @keyoxide lol i was actually going to mention them as an option, but I didn't want to be overwhelming, because @lina didn't settle on PGP keys specifically.

    In conversation Monday, 19-Jun-2023 06:03:32 JST from tech.lgbt permalink
    • wizzwizz4 (wizzwizz4@fosstodon.org)'s status on Monday, 19-Jun-2023 06:03:33 JST wizzwizz4 wizzwizz4
      in reply to
      • Keyoxide
      • Aeliana (Aeli) Isidora

      @adora @lina @keyoxide Comments? (see thread)

      In conversation Monday, 19-Jun-2023 06:03:33 JST permalink
    • Adora (She/Her) (adora@tech.lgbt)'s status on Monday, 19-Jun-2023 06:03:34 JST Adora (She/Her) Adora (She/Her)
      in reply to
      • Aeliana (Aeli) Isidora

      @lina so first off, i love the idea. this isn't criticism at all, its unfiltered support.

      so here's where stuff is getting messy:
      I assume the idea is because people can move instances, otherwise you wouldn't need something to "vouch" in the first place.

      so putting the implementation specifics aside, we need something thats:
      1) centralized and trusted
      2) not prone to loss, otherwise when people lose a computer/phone/authenticator/whatever they no longer have their proof

      and this takes us back to PGP keyservers and certificate authorities all over again.

      so your best bet would be to find a way to leverage something like a CA or PGP keyserver thats been very established and trusted and use it in conjuction with some api translation layer to function the way you need it to.

      and yes, i know that answer sounds bad, feels bad and isn't fun at all.

      In conversation Monday, 19-Jun-2023 06:03:34 JST permalink
    • Aeliana (Aeli) Isidora (lina@tech.lgbt)'s status on Monday, 19-Jun-2023 06:03:35 JST Aeliana (Aeli) Isidora Aeliana (Aeli) Isidora

      warning: long post ahead; probably screenreader unfriendly

      i wonder would it be possible to add some sort of "identity servers" to fedi so that, let's say i'm @lina@lina.moe even tho i'm using a mastodon instance hosted elsewhere

      could see that as a hierarchy? of keypairs
      let's say i use tech.lgbt as my mastodon server, meaning it has generated a keypair, perhaps `tech.lgbt/@lina@lina.moe#mainkey`
      identity server would then sign the public key, so the Actor object would have this?
      ```
      {
      // ...
      "identity": "https://lina.moe/lina",
      "publicKeyPem": {
      "id": "https://tech.lgbt/@lina@lina.moe#mainkey",
      "publicKeyPem": "...",
      "signature": "..."
      }
      }
      ```
      and the identity server would be able to verify the signature to say "yes that's lina" or "no she's being impersonated"

      please boost so that i get feedback on how weird and impossible this idea is and maybe if someone has actually implemented smth similar before 🥺

      In conversation Monday, 19-Jun-2023 06:03:35 JST permalink

      Attachments


      2. LGBTQIA+ Tech Mastodon
        This Mastodon instance is for tech workers, academics, students, furries, and others interested in tech who are LGBTQIA+ or Allies. All are welcome to join us!

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.