@cwebber @rdh
Web 2.0 of Trust

@jordyd @rdh haha, I'm going to start calling Rebooting Web of Trust that

@cwebber @rdh
Now I gotta go see what that is. I suspect it’s exactly what it says it is but you never know

@jordyd @rdh it's a "workshop" conference I go to where a lot of the "ways out of this mess" are being incubated, including DIDs (Decentralized Identifiers), ocap-ld, and the petnames writeup I recently participated in (still need to finish that one...) all came out of there

@jordyd @rdh we really need more fediverse people showing up to Rebooting Web of Trust fwiw

@cwebber @jordyd

Do you mean this? http://www.weboftrust.info/

@rdh @jordyd yep!

@rdh @jordyd I also wrote a paper for the conference about how AP and this work could get along https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/activitypub-decentralized-distributed.pdf

It's fairly out of date though

@rdh @jordyd Also might as well link this while I'm at it, here's a paper on petnames we never finished but has the core ideas https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md

If you can understand that, you can start to understand how to kill CAs and DNS.

@cwebber @rdh
That's a very neat idea

@jordyd @rdh Thanks... it's not new! These ideas have been around (and even implemented before) for ages, we were just trying to clean them up and explain clearly to a modern audience

@cwebber @rdh
Do you know of any projects that are headed in this direction?

@jordyd @rdh When Spritely stops being vaporware, it will be. ;)

@cwebber @rdh @jordyd This is a really interesting PDF. Are there plans to use OpenPGP fingerprints as identifiers? They are inherently distributed. (As far as I know Monkeysphere uses `openpgp4fpr` URI scheme for that), Signed notes could be freely exchanged between fediverse nodes (they can be easily checked against the key), heck one could even use key certifications as "follow" mechanism. For the record OpenPGP is quite extensible (with metadata notations, etc).

@cwebber

I'll have to look into these because I'm definitely interested in alternatives.

In fact, my previous post might have looked like I was pro-status quo, but really I'm just of the opinion that we can use these systems without being a part of them.

@rdh Indeed, SSL/TLS foundations are actually totally possible to use without involving CAs at all.