The first is sufficient. You only need to see someone’s public key once, then you cache it and can authenticate all future signed messages.
Comment on Plebbit is a peer-to-peer Reddit alternative that allows you to self host and own your own community
sugar_in_your_tea@sh.itjust.works 2 weeks agoAssuming you’re talking about authentication:
- public key signatures - users sign every posts and broadcast their username/pub key combo
- centralized (could be multiple) auth authority - openid, oauth, etc; posts signed by some unique key from that auth service
I’m deciding if the first is sufficient or if I actually need some form of blockchain to prevent tampering.
catloaf@lemm.ee 2 weeks ago
sugar_in_your_tea@sh.itjust.works 2 weeks ago
I just need to think about potential attack vectors. I think issues can be worked around, but I’ve spent most of my time thinking about how to create something and less about how to protect it from attack.
But yeah, public key crypto w/o a central database is my first choice, blockchain is my second.
sem@lemmy.blahaj.zone 2 weeks ago
Thanks for your thoughts on this.
I am not sure how Matrix handles keys but it is a real headache for end users. For me at least
With openid, etc, it’s decentralized compared with centralized and distributed, so you wouldn’t get stuck with one openid provider.
I don’t know much about any of these so thanks for developing for the rest of us.
sugar_in_your_tea@sh.itjust.works 2 weeks ago
Yeah, I’m thinking of having a separate key per device, and there would be a registry that ties them together. Usernames would not be unique, so to tell two users with the same name apart, the app would check the post signature against the keys in the registry.
This should prevent name squatting, but it would enable pretending to be another user. As long as user names aren’t very important (i.e. it’s closer to Reddit than Twitter/Facebook), this is probably fine and similar to what we have on Lemmy (only unique to your instance).
If we want to guarantee unique usernames, we would probably need to use a consensus system like blockchain. But blockchain has other drawbacks and I’d really rather not go that route.
Which one we go with doesn’t really impact my moderation plans, so I’m going with pub keys for now because they’re dead simple. It’s also nice that it’ll keep working if your country disconnects you from the internet, and someone could smuggle in data from outside if you really wanted to.