- From: Jon Pincus <jon@achangeiscoming.net>
- Date: Sat, 12 Apr 2025 22:00:34 -0700
- To: public-swicg@w3.org
On 4/12/25 6:34 PM, a wrote: > As currently designed, there are myriad reasons why the fediverse > should not be used for security-critical messaging, or messaging of > any kind for that matter. Even “direct visibility” should not be > thought of as *messaging*; it is treated as *publishing* a post on > your server. The server just so happens to make the resulting resource > available to a limited audience. This is an incredibly important point. I think of it as "scoped visibility" (as opposed to "private"). It's useful in various scenarios even though it's not secure ... but it's not secure! > This is describing a PKI which currently does not exist on the > fediverse. Keys are generated and managed by servers because servers > are the only agents. But I invite “significant discussion” while > considering “user expectations” and “existing software limitations”… I > just want to preface such discussion with a clear understanding of the > design goals and tradeoffs without mischaracterizations of the current > system for “publishing” vs. the very different system required for > “messaging”. And they are fundamentally different systems; I don’t > think there is a way to avoid fundamentally rearchitecting the network > such that it supports agents which are not the host service. By the > time this “step 1” is done, we’d be looking at a fundamentally > different network of agents with keys, rather than servers with actors > whose identity is rooted in the DNS system. > That's how I look at it too ... there's potentially a lot of value to a rearchitecture in those directions, but it would be a rearchitecture, and quite possibly better to start the design of that without initially being constrained by ActivityPub compatiblity (which can always be addressed later). Another potentially-interesting path forward is to think about what ActivityPub (or something like it) looks like on top of next-generation infrastructure which has at least some of the underlying PKI in place -- Veilid, etc. On 4/12/25 6:34 PM, a wrote: > As currently designed, there are myriad reasons why the fediverse > should not be used for security-critical messaging, or messaging of > any kind for that matter. Even “direct visibility” should not be > thought of as *messaging*; it is treated as *publishing* a post on > your server. The server just so happens to make the resulting resource > available to a limited audience.
Received on Sunday, 13 April 2025 05:00:40 UTC