Re: Thinking about Webfinger

Hey Bob,

In another thread Ryan Barrett recently made the observation that content negotiation is one of those ideas that sounds great in theory, and not so much in practice, and I concur with his reasoning. Sliding those into an existing deployed decentralized system after the fact might be even more perilous than what he lists IMHO.

If such a significantly updated “webfinger++” spec should happen to be created — and right now I think the case is much more compelling to work on other things like security and privacy and not disturb this part of the system that’s working well enough for current needs — then I’d rather prefer a clean new .well-known.

> It seems to me that, given WebFinger as it is currently defined, we should be able to have useful support for dids in ActivityPub systems. What am I missing? I've often heard that WebFinger and DID are somehow incompatible, but I've never understood what the problem is.

Well, DID is one of those big picture umbrellas underneath which all sorts of things can hide. For many of them, it’s not obvious which webfinger server to talk to as they explicitly try to take DNS out of the picture. That doesn’t mean one couldn’t have a DNS-based “bridge” like .onion services with Tor2web and such, but chances are many people would object. I seem to recall IIW sessions titled “Why DID http is evil” or such.

From an implementation perspective, however, such a “unified identifier metadata lookup service” could be very useful, and coincidentally I’m working on such a thing for our own purposes :-)



Johannes Ernst

Received on Saturday, 6 May 2023 21:25:43 UTC