@lyse@lyse.isobeef.org and @movq@www.uninformativ.de and possibly @aelaraji@aelaraji.com and even @cuaxolotl โ Iโm very curious to understand and hear thoughts, pros and cons or other feelings about introducing the notation of a feedโs identify using cryptography? If we were to keep things simple, and use whatโs commonly available, for example SSH ED25519 keys? using the ssh-keygen -Y sign
or ssh-keygen -Y verify
tools already available? Maybe in combination with @xuu@txt.sour.is โs idea of generating a random unique ID for your feed, say # id =
and signing it with your ED25519 key? ๐
#r4msqlq
(#r4msqlq) @prologic@twtxt.net Iโm basically with @movq@www.uninformativ.de, but in contrast to him, Iโm not looking forward to implement something like that. :-)
A feed URL is plenty good enough for me. Since I only fetch feeds that I explicity follow, there is some basic trust in those feeds already. Spoofing, impersonation and what not are no issues for me. If I were to find out otherwise, I just unsubscribe from the evil feed. Done.
To retrieve public feeds, I just rely on TLS. Most are served via HTTPS. If a feed is down, Iโm not trying to fetch it from some other source, I just wait and try again later. So signed messages/feeds are not a use case Iโm particularly benefitting from.
To me, itโs just not worth at all adding this crypto complexity on top.
#kfw3saa