varx/tech<p>Been thinking about what the key-trust part of decentralized "social PKI" should look like.</p><p>The individual part seems straightforward: A public key, and a history of key rotations (where each key signs a message revoking itself as latest, and endorsing the next public key as latest instead.)</p><p>But how do you trust someone else's key in the first place? (Including when they lose all data and have to recreate their identity, with a new key.)</p><p>I'm very tempted to say... we can leave that to implementations, with just some strong suggestions in the spec as to how to meet different users' different needs.</p><p>One implementation could just use TOFU and notify the user if something looks wrong. Another could participate in a key-gossip system, where useragents inform each other of identity/key relationships they've seen, allowing multipath resilience against MITM. And another could go full-on PGP key-party if it really wanted to, I guess.</p><p>Does this sound reasonable? Would love to hear feedback.</p><p>:boost_ok: </p><p><a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://infosec.exchange/tags/SocialMediaDesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialMediaDesign</span></a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKI</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mindly.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mindly.Social is an English speaking, friendly Mastodon instance created for people who want to use their brains and their hearts to make social networking more social. 🧠💖
Administered by:
Server stats:
1.2Kactive users
mindly.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#socialmediadesign
0 posts · 0 participants · 0 posts today
varx/tech<p>We should be trying to invent online social spaces that are much, much smaller, and I think it's possible to do this without losing the benefits of large social networks:</p><p><a href="https://www.brainonfire.net/blog/2023/06/19/groups-should-go-small/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">brainonfire.net/blog/2023/06/1</span><span class="invisible">9/groups-should-go-small/</span></a></p><p><a href="https://infosec.exchange/tags/SocialMediaDesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialMediaDesign</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload