- From: Mikael Nordfeldth <mmn@hethane.se>
- Date: Sat, 01 Jun 2013 08:47:59 +0200
- To: <public-fedsocweb@w3.org>
2013-06-01 07:57 skrev Michał 'rysiek' Woźniak: > Exactly. I think using URI (with an optional "username@" part) as UID > makes > sense and doe snot tie us to DNS. Think of the TOR network - nothing > is > stopping anybody from using 'user@example.onion' as an UID, and that > is > *completely* outside the DNS hierarchy. > The "shape" of the UID doesn't mean it is anchored in the current DNS > system. I am curious here how one would verify - and correctly correlate to others in a network - the identity of a federated user if they had a purely human-assigned string such as blah@blaha.bla I wish to argue (and Diaspora had somewhat the same idea I think?) that the real identity should be a more definitive - more computery - identifier string. Otherwise it will not be truly portable (avoiding collisions in a global namespace). One tried and true solution for this are GPG identities, which may be combined with WebFinger or whatever other lookup process/service/protocol. I.e. as long as I control the domain "hethane.se" I can setup an ID pointer there for mmn@hethane.se to address GPG fingerprint AE68 9813 0B7C FCE3 B2FA 727B C7CE 635B B52E 9B31 - and then something which negotiates this with any feed subscribers in a cryptographically verifiable way. Then I could, say, have an "alias" for my account at a webfingerish lookup at my account on "mmn@freesocial.org". This'd also give content privacy by encrypting to friends' public keys. However it would not really address the identify-by-source issues that may be of concern to some. (i.e. that the network may know that two individuals are communicating, despite not knowing the content) -- Mikael Nordfeldth http://blog.mmn-o.se/ Xmpp/mail: mmn@hethane.se
Received on Saturday, 1 June 2013 06:48:22 UTC