idk where to really put this (might turn into a blog post later or something). it’s what you might call a “hot take”, certainly a heterodox one to some parts of the broader #fediverse community. this is in response to recent discussion on “what do you want to see from AP/AS2 specs” (in context of wg rechartering) mostly devolving into people complaining about JSON-LD and extensibility, some even about namespacing in general (there was a suggestion to use UUID vocab terms. i’m not joking)

1/?

  • blaine@mastodon.social
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    @trwnh the “trick” with webfinger is that it’s a way to go from a “name” to an authoritative context (the authority for “[email protected]”’ is “y.xyz” and the authority for “blah.com” is “blah.com”; the challenge with phone numbers is that it’s impossible to infer the authority for +1-416-867-5309 / telcos don’t provide a lookup system). That’s really it; the rest is a cultural thing.

    • infinite love ⴳ@mastodon.socialOP
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      @blaine there might not be an authority for a phone number but i think it can be handled more like a combo of “local dns resolver” + “registry of phone number”. sure in many cases with identifiers that have an authority component you can just use their webfinger if they have one, but i think it would also be cool to be able to use your own webfinger and “proxy out” as needed, in the same way that dns does it

      • blaine@mastodon.social
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        @[email protected] for sure; lots of ways to deal with the phone number lookup thing, but “security is hard” in that context 😅

        aside: I did a little work a couple of years ago on a thing I was calling “NNS” (the “Name Name System”) around how we might use modern cryptographic assertions to step back from the relatively “centralized” mode of DNS (and by proxy, webfinger and atproto’s approach), but then IPFS etc imploded and the funding/interest dried up. There are some similar efforts out there, too.

      • blaine@mastodon.social
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        @[email protected] lolsob. This is/was the whole point of webfinger (“It’s DNS, for people”) but the mastodon implementation kind of missed that part. But it’s trivially possible to do that.

        My ideal is to have one “personal address” [per life context, e.g., work, family, social, etc] that points to different stuff I’m sharing in different contexts, with tagging to indicate in which contexts it the various feeds/etc might be useful. e.g., a tech-focused mastodon feed, a pixelfed feed for family, etc.

        • blaine@mastodon.social
          link
          fedilink
          arrow-up
          0
          ·
          1 month ago

          @trwnh … and *critically* for what I think you’re saying, there’s nothing preventing linking from a webfinger profile to e.g. a wiki or a webpage of any sort, or another identifier like a phone number or a signal account. Again, this is all stuff that informed the original design of webfinger, over 15 years ago now 🙈

          • infinite love ⴳ@mastodon.socialOP
            link
            fedilink
            arrow-up
            0
            ·
            1 month ago

            @blaine yup, more or less. the only difference i’d make is that instead of having multiple feeds for mastodon/pixelfed/etc i’d rather it was all done via the same identity

            one of the things that i wish were implemented broadly is support for streams – arbitrary collections that you could post into and other people could follow. to my knowledge no one other than google+ has done it. and, well… we know how google+ went…

            • blaine@mastodon.social
              link
              fedilink
              arrow-up
              1
              ·
              1 month ago

              @[email protected] oh, totally. To be clear, the way I imagine it is that to end users, it all looks like a single identity, and which feed/stream is negotiated based on the context you’re using the identity. So, e.g., my main public profile might be “[email protected]”, and if someone tried to follow me on mastodon, they’d get my “short text notes” stream, and if someone else tried to follow me from pixelfed they’d get my “square format insta-like-social photos” stream.

        • blaine@mastodon.social
          link
          fedilink
          arrow-up
          0
          ·
          1 month ago

          @by_caballero @trwnh this would work except for the specific way that number portability is implemented. 😅 At least historically, and very likely still today, the “database” used to map phone numbers as assigned by exchange blocks (i.e., to a given carrier) to phone numbers that have been ported to a different carrier by the customer (under number portability laws) was a set of spreadsheets synchronized by FTP at intervals. Access to said “databases” is entirely contractual.

              • blaine@mastodon.social
                link
                fedilink
                arrow-up
                1
                ·
                1 month ago

                @[email protected] @[email protected] since tel: is extremely fraught, especially nowadays with insane phone spam etc, a Signal/WhatsApp/etc address might be a good alternative example?

                I particularly like the “established encrypted messenger” example because the wf->[rel=messenger]-> lookup could get Fedi encrypted DMs “for free.”

                (obviously lots I’m glossing over that make it more complicated, but in theory it’d be less complicated than many alternatives)

                • blaine@mastodon.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 month ago

                  @[email protected] @[email protected] (one thing to note is that it’s not possible to declare an alias, e.g. a phone number in a wf or other profile, and then use that alias in reverse as a way to look up the original profile. I mean, one could do it, but with questions of identity at play it would be an incredibly very extremely bad idea to do that from every conceivable security perspective.)