Hacker News new | ask | show | jobs
by ilyt 1295 days ago
I think just having public key posted in DNS record + the subscribers saving both "human name" and public key would be enough; even if someone takes over a domain every subscriber will get an alert that they key have changed; maybe have backup method of just storing `/.well-known/<social-network>/username with same info for those that don't/can't fuck with DNS.

Building on that the list of address+pubkeys can be put somewhere to search (DHT on server nodes?) so if someone moves shop they can still be found. Then the client could either subscribe directly to who they want (akin to RSS), or get on someone's instance (which would be akin to RSS aggregator) to participate in their community.
1 comments
vidarh 1294 days ago
Mastodon uses webfinger for this, which scales much better (though I find it annoying webfinger wasn't specified with a url format that'd make it easy to provide static replies like what you suggested), and supports aliases and redirection.

E.g. if you go here: https://galaxybound.com/.well-known/webfinger?resource=acct:...

You'll get redirected here: https://m.galaxybound.com/.well-known/webfinger?resource=acc...

Which will return a webfinger profile, which includes this activitypub profile (curl command line because you need the "Accept:" header):

curl -H "Accept: application/activity+json" https://m.galaxybound.com/users/vidar

If you look at the "publicKey" key in that JSON doc, you'll see:

{ "id": "https://m.galaxybound.com/users/vidar#main-key", "owner": "https://m.galaxybound.com/users/vidar", "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHAMudraHmCA2u8wcI2/\n7iB0Td73AF7tk3LC7AuUxzCMu0Ipf/mNVdh+2nFOQ0pY+7E/wEgGeFg5BlMNC7hK\nebfYtY5ZFm7upVqQ0OXTP2hC+fnDTNcpmnPqmwMRdL54YtiZvQtRzW++ZKquWjER\nInM97NsjW0H0yuVkMETfPX1ilWkzTlWa9m0+H5Tmaz3EbKk3VanJXSLKNLnSq2lK\nbKcr2kD/U5UobzJDaaKjK+tW50iTOMiFEXLAT+4Po375WlgxKchahvtPyioiDm6j\noneGAbKRM/eAiHf7EhP76zyoL/LNG0XP4rDEFr4Ia4vo4HG1zhbGZ+815Tip4lNW\nYwIDAQAB\n-----END PUBLIC KEY-----\n" }

.. which is used to check the signature of my posts when they federate.

From the profile you also know where to get my posts, and can get them either as JSON or RSS if you want to pull them without actually following me.

If someone "moves show" there'll be an alias in place. E.g:

curl -H "Accept: application/activity+json" https://mastodon.social/users/vidarh | jq .movedTo

gives: "https://m.galaxybound.com/users/vidar"

Now, something like a DHT to replace webfinger so a move can be done without cooperation from the original instance might be interesting, but Mastodon works pretty well here already.

link