💾 Archived View for gemini-textboard.fgaz.me › thread › 19 captured on 2022-07-16 at 13:23:03. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

Gemini Textboard

Back to thread list

#19 - Anonymous - Fri, 12 Jun 2020 21:33:33 UTC

Re client certs and usernames -- a nice convention in geminispace could be that if you claim in a forum like this to be e.g. foo@tilde.black, then your client certificate has to be signed by the certificate served by tilde.black, with Common Name "foo". Could this work?

#20 - Anonymous - Fri, 12 Jun 2020 21:39:14 UTC

Nice idea. An extension to that could be public "identity servers" where you can attach a name to your cert

#21 - Anonymous - Fri, 12 Jun 2020 21:40:04 UTC

Alternatively I was thinking of just hashing the identity and showing the hash as a pseudonymous

#23 - Anonymous - Fri, 12 Jun 2020 22:07:07 UTC

Anybody interested in tying identities to client certificates needs to read up on FOAF+SSL! The *original* decentralised TLS-based social network: https://webcache.googleusercontent.com/search?q=cache:uwOH2jZPHisJ:https://www.w3.org/wiki/Foaf%2Bssl+&cd=1&hl=en&ct=clnk&gl=br

#26 - Anonymous - Fri, 12 Jun 2020 22:59:08 UTC

@21: Right, but what if solderpunk wants to post, and identify as solderpunk... are we all meant to learn seir cert hash?

#27 - Anonymous - Fri, 12 Jun 2020 23:47:40 UTC

@26 in that case the purpose of pseudonyms would only be to tell that two posts were made by the same person, not to identify them

#128 - -ZbPvhCc3xQxsG3AUOUjuTWT4Ua1ou9sA860h35FKxQ - Mon, 22 Feb 2021 17:00:38 UTC

pseudonyms are implemented! only hashes for now, no usernames (which are a bit more complex both for me and for the user)

#131 - Anonymous - Wed, 24 Feb 2021 21:49:44 UTC

I don't get it. If we can agree tha user tracking is one of the worst things of the www, why do ywe want to track users iniquely with a user cert? Please, staph! :)

#133 - Anonymous - Mon, 8 Mar 2021 08:28:03 UTC

well, there's a difference between tracking an user without their knowledge and letting them have the power to authenticate themselves

New reply