Yarn

Recent twts in reply to #r4msqlq

@lyse@lyse.isobeef.org and @movq@www.uninformativ.de and possibly @aelaraji@aelaraji.com and even @cuaxolotl โ€“ Iโ€™m very curious to understand and hear thoughts, pros and cons or other feelings about introducing the notation of a feedโ€™s identify using cryptography? If we were to keep things simple, and use whatโ€™s commonly available, for example SSH ED25519 keys? using the ssh-keygen -Y sign or ssh-keygen -Y verify tools already available? Maybe in combination with @xuu@txt.sour.is โ€™s idea of generating a random unique ID for your feed, say # id = and signing it with your ED25519 key? ๐Ÿ”‘


#r4msqlq

(#r4msqlq) @prologic@twtxt.net Iโ€™m basically with @movq@www.uninformativ.de, but in contrast to him, Iโ€™m not looking forward to implement something like that. :-)

A feed URL is plenty good enough for me. Since I only fetch feeds that I explicity follow, there is some basic trust in those feeds already. Spoofing, impersonation and what not are no issues for me. If I were to find out otherwise, I just unsubscribe from the evil feed. Done.

To retrieve public feeds, I just rely on TLS. Most are served via HTTPS. If a feed is down, Iโ€™m not trying to fetch it from some other source, I just wait and try again later. So signed messages/feeds are not a use case Iโ€™m particularly benefitting from.

To me, itโ€™s just not worth at all adding this crypto complexity on top.


#kfw3saa
Login to participate in this yarn.