Notices by Adora (She/Her) (adora@tech.lgbt)

@lina so first off, i love the idea. this isn't criticism at all, its unfiltered support.

so here's where stuff is getting messy:
I assume the idea is because people can move instances, otherwise you wouldn't need something to "vouch" in the first place.

so putting the implementation specifics aside, we need something thats:
1) centralized and trusted
2) not prone to loss, otherwise when people lose a computer/phone/authenticator/whatever they no longer have their proof

and this takes us back to PGP keyservers and certificate authorities all over again.

so your best bet would be to find a way to leverage something like a CA or PGP keyserver thats been very established and trusted and use it in conjuction with some api translation layer to function the way you need it to.

and yes, i know that answer sounds bad, feels bad and isn't fun at all.

@wizzwizz4 @lina @keyoxide lol i was actually going to mention them as an option, but I didn't want to be overwhelming, because @lina didn't settle on PGP keys specifically.