💾 Archived View for bbs.geminispace.org › u › Morgan › 6180 captured on 2023-11-14 at 10:25:56. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
Re: "I was thinking about ways to sign a gemtext message with a..."
That was pretty much the idea, yes. Rather than share the public key I proposed hashing again then sharing only part, that makes it really only useful for matching identities.
You still have the problem that users could post e.g. to Bubble claiming particular hash. You have to have a "known trusted place" e.g. user profile where the server shares it correctly, and teach people to trust only that.
I think the key advantage to the accepted "link both from somewhere you control" method is that posting hashes does not favour personal capsule owners, instead it relies on trustworthy shared/social capsules.
Thanks.
Oct 13 · 5 weeks ago
🐵 cquenelle · Oct 13 at 13:46:
I guess I see the problem in two parts. 1) who is this person *claiming* to be? 2) Do I trust the claim?
For step one we need a global unique name (that’s provable). For step two it will always be a grey area depending on what sites you personally trust. Different people will trust different sites.
I was thinking about ways to sign a gemtext message with a key and I remember a post a while back talking about posting keys. But my gemsearch king-fu is weak. Can anyone help me? I remember they had the idea of a pictograph for a public key. Maybe I’d want another pictograph for the digest signature? (I know my terminology is wrong there.)