Comment

Comment on Implementing Portable User Identities with DIDs

Whelp here I go again

Why not GPG!!??

I’ve been working on my own idea for what the “fediverse” should be, I’m calling it userless because I want to avoid users in the database and I wanna use GPG as the individuals identity because it already exists and can yes perfectly verify for me who created a post, I’m not sure why we need more than that.

I haven’t flushed the whole thing out yet and I plan to hand write proper docs for the protocol.

But GPG has been around since forever. I’ve been told that it’s too hard to use, it’s insecure, it’s too old. And when I use the thing I just don’t agree, there is nothing technically wrong with the product like it should be way more popular.

source

Sort:hotnew top

muntedcrocodile@lemmy.world ⁨6⁩ ⁨days⁩ ago
So Activpub needs an actor with an I box and outbox to send a receive content. A did is a virtual actor that reroutes to a real actor a collates across real actors. Ideally can send an activity to a did which is resolved to the current home instance. And the did stores ur profile picture a public key display names bio etc etc. U could use pgp as the key in the did if the devs want to support it as a cryptography protocol.

source
- danhab99@programming.dev ⁨5⁩ ⁨days⁩ ago
  
  So Activpub needs an actor with an inbox and outbox to send and receive content. A did is a virtual actor that reroutes to a real actor and collects content across real actors.
  
  Gpg public keys have a dedicated email address field. And if you don’t want to share your “real” email address then just make a new one.
  
  And the did stores ur profile picture a public key display names bio etc etc.
  
  Yeah that’s a pain point I experienced with Gpg armored packets, I couldn’t figure out a way to pack in a PFP. Even shrinking it to 64x64 made the public key file feel too heavy. So I just decided profile pics are out of scope and you should just use gravatar.
  
  U could use pgp as the key in the did if the devs want to support it as a cryptography protocol. The did is also used to sign each message similar to pgp. U simply need more functionality than what pgp provides.
  
  I 80% agree. I do wish PGP armored packets had extra fields and if that’s an RFC that could be sent to the Gnupg maintainers then gpg would be absolutely perfect but I haven’t gotten around to figuring that out. All things considered since GnuPG already exists and it’s already installable everywhere and it already works I figured I could just roll with it for userless atleast. I want to use GPG for all user authentication related concerns.
  
  source
- zalgotext@sh.itjust.works ⁨5⁩ ⁨days⁩ ago
  
  A did is a virtual actor that reroutes to a real actor and collects content across real actors
  
  Where is that virtual actor hosted? If it’s centralized, I feel like it defeats the purpose of user-centric identity control. If it’s user-hosted, that sounds like GPG with extra, even more inconvenient steps.
  
  source
  - muntedcrocodile@lemmy.world ⁨5⁩ ⁨days⁩ ago
    Its both. It can we a json file served from some webserver. It can be a peer hosted thing where a bunch of instances host it on your behalf. It can be something that exists on your designated identity server. It can be a transaction on a blockchain. And as long as the software knows how to resolve it they all work.
    
    source
    zalgotext@sh.itjust.works ⁨4⁩ ⁨days⁩ ago
    Having to figure out hosting, no matter if it’s self, peer, or whatever else hosting, kinda makes this proposal DOA I think. It’s kinda using a jackhammer for a problem that’s already been solved by a screwdriver.
    
    source