fsebugoutzone.org:9999

       Post AXADl0LyoJkXYfwgRE by cmdrmoto@hachyderm.io
 (DIR) More posts by cmdrmoto@hachyderm.io
 (DIR) Post #AXABeRdol16wFp27sG by 0x0@corteximplant.com
       2023-06-27T23:17:26Z
       
       0 likes, 0 repeats
       
       Even more thoughts about potential nomadic identities.Featuring Ed25519, UCAN, and DHTs (it&#39;s 1AM, I might have overlooked some stuff)https://aumetra.xyz/posts/nomad-id-first-steps
       
 (DIR) Post #AXABeSCueXBS0fS9Zo by silverpill@mitra.social
       2023-06-28T21:57:37.094100Z
       
       0 likes, 0 repeats
       
       @0x0&gt;Ed25519Yeah, that&#39;s a good choice. The algorithm of generating EdDSA data integrity proofs is being standardized by W3C: https://w3c.github.io/vc-di-eddsa. In particular, jcs-eddsa-2022 is now the recommended cryptosuite in the latest version of FEP-8b32, and it is used in FEP-c390 example (these documents have not been submitted to the main FEP repo yet).
       
 (DIR) Post #AXADkqJq7Q60R8rpiK by cmdrmoto@hachyderm.io
       2023-06-28T19:13:52Z
       
       0 likes, 0 repeats
       
       @0x0 yes! DID is a pretty useful standard. And its rekey capability is clutch.It sounds like you’re averse to “cryptocurrency” so I am a bit trepidatious about mentioning https://chia.net - but it’s a non-global-warming blockchain with DID support and advanced custody tooling (UI still in development). Their “Chia Cultivation Grants” might also be a useful source of funding: https://www.chia.net/grants/
       
 (DIR) Post #AXADkryzvsc3b58DVQ by cmdrmoto@hachyderm.io
       2023-06-28T19:29:07Z
       
       0 likes, 0 repeats
       
       @0x0 The reason I would like to encourage you to consider integrating this particular DID despite its association with “cryptocurrency BS” is, I know the folks who wrote this blockchain. I know their security philosophy. I trust Bram - the guy who invented BitTorrent - because I worked with him and I feel confident he’s the most thoughtful system engineer I’ve ever known.But maybe since you don’t know me you would rather go your own way. That’s fine too, I guess.
       
 (DIR) Post #AXADksWfufYFHWt6zw by cmdrmoto@hachyderm.io
       2023-06-28T19:33:43Z
       
       0 likes, 0 repeats
       
       @0x0 it’s just that AAA systems tend to be absolutely *riddled* with non-obvious security pitfalls, so you’d best pick a good one.
       
 (DIR) Post #AXADkt5loBcl2NJ8hU by 0x0@corteximplant.com
       2023-06-28T19:41:34Z
       
       0 likes, 0 repeats
       
       @cmdrmoto I really appreciate the feedback, and I agree with your care towards authentication systems. They are inherently complex and there is a good reason for it. Don&#39;t be discouraged by my, let&#39;s say, negativity towards cryptocurrency.My intention is to design, at least the ActivityPub portion, to not care about the DID used.It just has to be able to somehow verify the proof (i.e. the signature) defined in FEP-c390 + some cryptographic authentication challenge.The keys used to sign the proof/authentication challenge have to either be the key of the identity itself or have the necessary capabilities delegated to it.
       
 (DIR) Post #AXADktfDgNyqoJtRxI by cmdrmoto@hachyderm.io
       2023-06-28T20:07:39Z
       
       0 likes, 0 repeats
       
       @0x0 With the door to conversations open, I’ve been re-reading your proposal with a finer focus.Key revocations can be tricky beasts. *Especially* when you take into account the likelihood of network partitions. What happens when my root-signed “revoke this leaf” message doesn’t immediately reach the server where an attacker is ready to impersonate me?Of course, I take the position that A Blockchain Might Help Here. At a minimum, it ensures a monotonic, chronological record
       
 (DIR) Post #AXADkv2Ia42H4BhOZE by 0x0@corteximplant.com
       2023-06-28T19:43:01Z
       
       0 likes, 0 repeats
       
       @cmdrmoto The post mainly talks about ideas for new DID methods that can be used with the draft built on top of FEP-c390 (the draft will define the authentication challenge)
       
 (DIR) Post #AXADkwaMosshs8e7JA by cmdrmoto@hachyderm.io
       2023-06-28T20:17:32Z
       
       0 likes, 0 repeats
       
       @0x0 so, if I revoked a key but my imposter still succeeded at posting something (as me) due to network partition: as soon as the underlying blockchain is back in sync, fraudulent messages are strongly repudiated… but the more I think on it, I realize this may introduce an undesirable coupling between blockchain height and ActivityPub messaging
       
 (DIR) Post #AXADl0LyoJkXYfwgRE by cmdrmoto@hachyderm.io
       2023-06-28T20:24:51Z
       
       0 likes, 0 repeats
       
       @0x0 nevertheless: there is nothing so permanent as a “temporary solution”&gt; It is important to not forget that we want to go decentralised with the system at one point.