Post ANIAbIXiHUbfcR00UC by servant@messurrection.com
(DIR) More posts by servant@messurrection.com
(DIR) Post #ANHG7EamoFPHFKWZM0 by mike@fosstodon.org
2022-09-06T05:11:40Z
0 likes, 1 repeats
I'm updating my PGP key. Finally.https://mikestone.me/updating-my-pgp-keyDay 17 of the #100DaysToOffload
(DIR) Post #ANHGe2tvIZHWXh7ZZY by allinone0@fosstodon.org
2022-09-06T05:17:36Z
0 likes, 0 repeats
@mike congratulationsHow does it feel to update your pgp key? Do you feel renewed, refreshed, and updated?
(DIR) Post #ANHHTC2l4BV9fMdu5Y by Mehrad@fosstodon.org
2022-09-06T05:26:12Z
0 likes, 0 repeats
@mike Few typos:"So, then went" -> "So, they went""The only one" -> "The old one"
(DIR) Post #ANHILn5zWWOaDdBmaG by tomterl@fosstodon.org
2022-09-06T05:36:34Z
0 likes, 0 repeats
@mike As you don't mention it in your post/blog: I want to suggest to use @keyoxide to you, to make it easy for others to encrypt messages to you and verify your signatures
(DIR) Post #ANHIukIfuP8PgUn0i0 by hq1@fosstodon.org
2022-09-06T05:42:20Z
0 likes, 0 repeats
@mike thanks for the reminder, I still have keybase idling for no reason other than monitoring my proven website availability ☠️
(DIR) Post #ANHVLGVtxh08ZUO7k0 by ndrei@fosstodon.org
2022-09-06T08:02:18Z
0 likes, 0 repeats
@mike You missed that they also got into cryptocurrency drops. Keybase was a very nice idea that busted into tons of useless ones.BTW, I've been relying on a Yubikey-based setup for years now and it works great.
(DIR) Post #ANHvrUJEnp1XQuUS6C by servant@messurrection.com
2022-09-06T12:59:28Z
0 likes, 0 repeats
@mike I kicked Keybase to the curb before you did! That makes me a little proud :-P
(DIR) Post #ANI8ufX2pebsVpnNK4 by mike@fosstodon.org
2022-09-06T15:25:42Z
0 likes, 0 repeats
@allinone0 I'm happy to see Keybase in the rear view (mostly), but dealing with PGP keys is also part of my work, so it feels like just a little bit of my job dripping onto my personal life. It's good to have a new, fresh key though. The Keybase one I'd had for a few years and while it was still good you don't want to keep keys around forever. They're like company and fish.
(DIR) Post #ANI91bETDTFbCkPc4O by mike@fosstodon.org
2022-09-06T15:26:56Z
0 likes, 0 repeats
@Mehrad Thanks, just fixed those. Should be published in a few minutes.
(DIR) Post #ANI9Uv42Yr8D6rVxDM by mahmoudajawad@mastodon.online
2022-09-06T06:44:21Z
0 likes, 0 repeats
@mike what's #100daystooffload?
(DIR) Post #ANI9UvRn8Y88IWcvEe by cooper@fosstodon.org
2022-09-06T09:47:11Z
0 likes, 0 repeats
@mahmoudajawad https://100daystooffload.com/@mike
(DIR) Post #ANI9UvopksYtRzPK9Q by mahmoudajawad@mastodon.online
2022-09-06T12:37:21Z
0 likes, 0 repeats
@cooper thanks
(DIR) Post #ANI9UwIxwqfGxRVO7M by mike@fosstodon.org
2022-09-06T15:32:13Z
0 likes, 0 repeats
@mahmoudajawad Drat, @cooper beat me to it! Stupid sleeping.
(DIR) Post #ANI9b0z9SXp1DA8O4e by mike@fosstodon.org
2022-09-06T15:33:21Z
0 likes, 0 repeats
@ndrei Yea, I mentioned "crypto", which I was referring to the Cryptocurrency drops and stuff, but you're right. That part isn't particularly clear. I'll see if I can touch it up a little to get rid of the ambiguity.
(DIR) Post #ANI9eLl8g8boVeAcTI by mike@fosstodon.org
2022-09-06T15:33:49Z
0 likes, 0 repeats
@servant Yea, but you delete accounts like you're changing socks. I almost never do it!
(DIR) Post #ANIAbIXiHUbfcR00UC by servant@messurrection.com
2022-09-06T15:44:13Z
0 likes, 0 repeats
@mike LOL That's total truth right there :-P
(DIR) Post #ANIFFaok9geBhGQzZ2 by mahmoudajawad@mastodon.online
2022-09-06T16:36:42Z
0 likes, 0 repeats
@mike @cooper haha! On the bright side, your sleep was reason to get to interact with Cooper 😁
(DIR) Post #ANJ4C1GawraK27Xszw by joel@fosstodon.org
2022-09-07T02:07:16Z
0 likes, 0 repeats
@mike will you add some #keyoxide proofs to it? :blobcatderpy:
(DIR) Post #ANJ750pMU02QVS9qL2 by mwt@fosstodon.org
2022-09-07T02:39:55Z
0 likes, 0 repeats
@mike keyoxide is a good alternative
(DIR) Post #ANJI112ErrOVUJTgTA by RyuKurisu@fosstodon.org
2022-09-07T04:42:25Z
0 likes, 0 repeats
@mike you know what I think would be an awesome idea? That somehow Mastodon would integrate PGP keys and you could send encrypted "private" posts between users.It is just a morning thought so I don't have details how @Gargron could make it work, but the jest of it would be that those that if both parties added their public key to their profile would automatically start using it when sending anything other then public posts 🤔Client software should handle the private key? ¯\_(ツ)_/¯
(DIR) Post #ANJMUy1N2PFMe0bp9k by kev@fosstodon.org
2022-09-07T05:32:35Z
0 likes, 0 repeats
@RyuKurisu I actually think that’s a really bad idea as it would open the platform up to abuse. Users wouldn’t be able to report abuse because admins and mods wouldn’t be able to see the contents.No idea what @mike and @Gargron thoughts are, but IMO private messages are best left to services like Signal and their ilk. A social network isn’t the place for that. Just my 10p worth. 😊
(DIR) Post #ANKAuX2mxL2MDIejy4 by mike@fosstodon.org
2022-09-07T14:57:31Z
0 likes, 0 repeats
@kev @RyuKurisu I think I read somewhere that @Gargron is currently working on encrypted DMs in Mastodon. I could be wrong and I can't seem to find where I read that, so grain of salt.
(DIR) Post #ANKBJC2ICU94IXBQyO by jiewawa@mastodon.online
2022-09-07T15:01:43Z
0 likes, 0 repeats
@mike @kev @RyuKurisu @Gargron encrypted DMs were mentioned in this blog posthttps://blog.joinmastodon.org/2022/04/twitter-buyout-puts-mastodon-into-spotlight/
(DIR) Post #ANKBRRBrjyQjcCanL6 by mike@fosstodon.org
2022-09-07T15:03:27Z
0 likes, 0 repeats
@jiewawa That is definitely NOT where I read it, but it does confirm what I said. Thanks for finding it!@kev @RyuKurisu @Gargron
(DIR) Post #ANKE6mMc7gzb43Scmu by mwt@fosstodon.org
2022-09-07T15:33:15Z
0 likes, 0 repeats
@kev @RyuKurisu @mike @Gargron if the posts are signed in addition to encrypted, users could theoretically report abuse to admins in cleartext.Then, the signatures could be used to verify that the cleartext report is the true message that was sent.
(DIR) Post #ANKsE4q5pIe2YhHfjE by technicalissues@fosstodon.org
2022-09-07T23:02:52Z
0 likes, 0 repeats
@mike it would be interesting if @matrix was somehow utilized for the DM side of things @kev @Gargron @jiewawa @RyuKurisu
(DIR) Post #ANMFD0xfFcfwLVFQFU by kevansizemore@fosstodon.org
2022-09-08T14:55:06Z
0 likes, 0 repeats
@mike Now that's a bit of insightful wisdom: "...you don't want to keep [PGP] keys around forever. They're like company and fish." Brilliant.
(DIR) Post #ANMIlr9nzhvxw8ES6C by mike@fosstodon.org
2022-09-08T15:34:52Z
0 likes, 0 repeats
@technicalissues Yea, I don't think they're using Matrix for that, but maybe for some kind of integrated chat feature. Not sure what I think about such a feature (probably too much in one package), but regardless it's a possibility.@matrix @kev @Gargron @jiewawa @RyuKurisu
(DIR) Post #ANP3dHDKpX4QJ3DJBY by mike@fosstodon.org
2022-09-09T23:29:30Z
0 likes, 0 repeats
@mwt I actually just created the Keyoxide profile. Still working through the documentation because I'm a complete slacker (sorry @yarmo), but I'm getting there. Mastodon profile has been verified at least, so maybe next I can add my personal homepage?
(DIR) Post #ANP4unO6Yv0My6AWQa by mike@fosstodon.org
2022-09-09T23:43:51Z
0 likes, 0 repeats
@mwt Annnnnnnnnnd I broke it. I had the Fosstodon account verified and then I added PixelFed and a profile image, now it's failing to verify either account for some reason it thinks PixelFed is Pleroma. I'll have to dig around a bit more to see what I'm doing wrong. If all else fails, I'll just have to RTFM I guess.@yarmo
(DIR) Post #ANPYqyTCPkNuo0e5OS by yarmo@fosstodon.org
2022-09-10T05:19:15Z
0 likes, 0 repeats
@mike documentation is getting a big overhaul soon, been working on it for a while because I think the current docs is messy. I hope to release it this weekend!And Pixelfed showing up as Pleroma is a known bug, don't have a fix yet, need to fix other stuff first but should get patched soon… No date yet.@mwt
(DIR) Post #ANPZFifeIBor2qGgls by mike@fosstodon.org
2022-09-10T05:23:47Z
0 likes, 0 repeats
@yarmo No worries. I got things working pretty well. It's a pretty slick setup. I like the link validation, and my biggest complaint so far (other than the Pleroma thing) is that I have to leave the verification for PixelFed in the bio permanently? Not sure how to do it better, and I'm more than getting my money's worth. I feel like I remember you announcing you were doing it here a couple years back. It's come a very long way in such a short time. @mwt
(DIR) Post #ANPb8htwxDreXXk1Wy by yarmo@fosstodon.org
2022-09-10T05:44:51Z
0 likes, 0 repeats
@mike @mwt thanks a lot for the kind words! It did come a long way and a lot is still going to happen the coming year \o/Any identity proof needs to stay permanently, as people are doing the identity verification for themselves. You don't ask Keyoxide if this account is verified, you do it for yourself and Keyoxide just automates the process.What the docs is not yet mentioning is that only the fingerprint is actually needed as proof! That should make it much shorter in the bio, I hope
(DIR) Post #ANPbS29zrAWysESkro by mike@fosstodon.org
2022-09-10T05:48:25Z
0 likes, 0 repeats
@yarmo @mwt That's a great bit of info! That chunk of text that the documentation mentions pretty much maxes out that text field as it only allows for 250 characters I think. I had to remove everything else I had in there. Now I'm going back and fixing it!
(DIR) Post #ANQIj5eARVKUdgxEQK by mwt@fosstodon.org
2022-09-10T13:53:22Z
0 likes, 0 repeats
@mike @yarmo I had an idea a while back. What if a link to your keyoxide profile (in attachments) could work as an alternative proof?
(DIR) Post #ANR1aPevAFx22LXkY4 by yarmo@fosstodon.org
2022-09-10T15:01:18Z
0 likes, 0 repeats
@mwt so glad you mention it! This idea has circulated on the forum a bit and in the matrix/IRC channel and I really wanted to make that happen.As I wanted it written in the new docs, I had to push the development and well, since about 15 minutes, it's live! Kx URLs as proof!And you can even go further as you'll see on my fosstodon account: I redirect https://yarmo.eu/id to my Keyoxide profile and now that is my Keyoxide proof 🤯(Sneak peek before I announce this next week 😜)@mike
(DIR) Post #ANR1aQBBEJkteOdVpY by mike@fosstodon.org
2022-09-10T22:15:59Z
0 likes, 0 repeats
@yarmo Sorry for the newb question, but is that an alternative to the DNS proof?@mwt
(DIR) Post #ANR2pQtuvgAUBcHeMK by mwt@fosstodon.org
2022-09-10T22:29:58Z
0 likes, 0 repeats
@mike @yarmo it's an alternative to ActivityPub proofs. It supports Mastodon and probably also Pleroma, etc
(DIR) Post #ANTEE2k1NY2eJAVpj6 by yarmo@fosstodon.org
2022-09-11T05:35:05Z
0 likes, 0 repeats
@mwt @mike not a newb question and also not a DNS alternative, though I absolutely understand the confusion.This, I still need to figure out how to best explain in the docs.It's important to distinguish claims and proofs. They're the same as in "they are links to other entities". They're different in that "claims are in crypto keys, proofs are on websites/accounts/…"Example: in your OpenPGP key, you link to your fediverse account. This is an identity claim.
(DIR) Post #ANTEE3GzOyPfxPwA76 by yarmo@fosstodon.org
2022-09-11T05:38:53Z
0 likes, 0 repeats
@mwt @mike in your fedi account, you link back to your key by mentioning the fingerprint. This is the identity proof.When you have both the claim and proof pointing at each other, you get bidirectional linking. This demonstrates that it really is your account. No one else would have linked back to your key but you.Now, Keyoxide used to be a little simple in that it required the proof to be the fingerprint. Yes, it's the most basic proof but also long and quite opaque.
(DIR) Post #ANTEE3l7awW3Ss2E52 by yarmo@fosstodon.org
2022-09-11T05:44:11Z
0 likes, 0 repeats
@mwt @mike this HTTP proof replaces that "fingerprint proof". Instead of linking back to the key by mentioning the fingerprint, you link back to a URL of a Keyoxide profile page.Since yesterday, Kx now "understands" that that URL is equivalent to seeing a fingerprint.(Technical detail: the Kx profile page sends the fingerprint in the HTTP response header, so there it is! The fingerprint needs to be exchanged at some point since that is the true proof)
(DIR) Post #ANTEE4LzNs0TJDHfXs by yarmo@fosstodon.org
2022-09-11T05:50:28Z
0 likes, 0 repeats
@mwt @mike to clear up the DNS thingy.The DNS claim hasn't changed. So if you want to claim your domain, it's still `proof=dns:domain.tld`.But on the DNS side, you used to have to put the fingerprint there, so `openpgp4fpr:123456`.From now on, you can also put a Kx URL there: `https://keyoxide.org/my@domain.tld` for example.Or if use an alias URL (nothing more than a 301 redirect to a Kx profile page!): `https://domain.tld/id` or something of your choosing.
(DIR) Post #ANTEE4p3dnG6lMssr2 by yarmo@fosstodon.org
2022-09-11T05:52:08Z
0 likes, 0 repeats
@mwt @mike BTW, that `proof=…` that you need to put in notations? Yeah, I must keep that for backwards compatibility, but indeed it's actually a claim…
(DIR) Post #ANTEE5KFloDEK7TnTk by mike@fosstodon.org
2022-09-11T23:46:52Z
0 likes, 0 repeats
@yarmo OK, that makes sense. It'll make things easier too as it's easy to remember a URL on my own site where it's hard to remember a 40 character random string. This way I won't have to keep looking that up. Is there any particular way the redirect needs to be done?@mwt
(DIR) Post #ANU8gk5oooGAsTDLhQ by yarmo@fosstodon.org
2022-09-12T10:19:36Z
0 likes, 0 repeats
@mike see https://fosstodon.org/@yarmo/108984922235421117@mwt