💾 Archived View for bbs.geminispace.org › u › mediocregopher › 21689 captured on 2024-12-17 at 15:52:32. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Is there a SmallWeb service for identity? What's the..."
I've been keeping an eye on the DANCE ietf workgroup for this topic. They are working out the basics of using DANE to identify client certs to a domain name in a way which would be agnostic to protocol and server, using only existing infrastructure.
The basic idea is that I have my client cert's SAN set to a domain name. On that domain, which must have DNSSEC enabled, I have a TLSA record which contains a hash of the cert. The server I connect to can then verify that the cert and the domain name match each other, and my domain name can be effectively used as a distributed identity.
I like the system because it uses only existing infrastructure, and doesn't require any changes on a Gemini client to use it. It's very elegant.
— https://datatracker.ietf.org/group/dance/about/
Once DANCE is formalized I think we can expect that other groups outside of the small web will create implementations for their own purposes (IoT, for example). But there's nothing stopping someone from using it with Gemini now, all the pieces are there.
Nov 10 · 5 weeks ago
🦋 CarloMonte · Nov 10 at 17:13:
Nice technical question, but more details about your requirements would help understand what exactly you want to achieve, why, and which risks you are ready to accept.
The one sentence about being followed from site A to site B at the risk of profiling/doxing please needs expansion and discussion.
Gemini is the way it is for good reasons...
🦂 zzo38 · Nov 10 at 21:05:
Of course, it should be optional. That way, you can preserve privacy, as well avoiding to add complexity to implementations that do not want it. (Furthermore, you can have multiple shared profiles in case you do not want only one.)
Another note, is that sometimes a URL can be used to refer to a user ID on some service, but other times (e.g. MUD) a URL cannot be used.
💀 requiem · Nov 18 at 11:59:
finger protocol was basically invented for "identity" and similar things. try:
$ finger rqm@tilde.institue
to see my finger message.
There used to be a page called "about.me" which I liked -- basically a page where you could aggregate stuff about yourself. I'm thinking of launching something similar for Gemini. Just buying domains... :)
Is there a SmallWeb service for identity? What's the smallest viable protocol? I'm thinking if I use the same cert on two sites, and I voluntarily publish two triples (username/site/cert) to an identity service, then it should be possible. If someone knows me on Site1 and they log in to Site2 they could find out my user name on Site2. I can think of a couple of twists to keep people from just harvesting all the data willy nilly. Is there someone like that already? Or a decent proposal?