Update: https://codeberg.org/fediverse/fep/pulls/497
Uncategorized
26
Posts
8
Posters
0
Views
-
Should one be able to publish a portable object that is repudiable? IIUC, FEP-ef61 portable objects (identified by ‘ap’ URIs) require FEP-8b32 integrity proofs, so they are non-repudiable. On the other hand, FEP-c390 identity proofs establishes links between DIDs and HTTP(S) actors, but they don’t make objects portable. So that seems to be not possible with current proposals.
I’m curious because there are cases where one doesn’t want non-repudiation. For example, you don’t want your private message to be disclosed by the recipient in a publicly verifiable way. But that does not necessarily mean that you don’t want the object to be portable.
-
Should one be able to publish a portable object that is repudiable? IIUC, FEP-ef61 portable objects (identified by ‘ap’ URIs) require FEP-8b32 integrity proofs, so they are non-repudiable. On the other hand, FEP-c390 identity proofs establishes links between DIDs and HTTP(S) actors, but they don’t make objects portable. So that seems to be not possible with current proposals.
I’m curious because there are cases where one doesn’t want non-repudiation. For example, you don’t want your private message to be disclosed by the recipient in a publicly verifiable way. But that does not necessarily mean that you don’t want the object to be portable.
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
did:keydoesn't support VM rotation, but there will be other "blessed" DID methods (most likelydid:webanddid:webvh).Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
-
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
did:keydoesn't support VM rotation, but there will be other "blessed" DID methods (most likelydid:webanddid:webvh).Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
silverpill:If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
this could work but only if the rotation was a "blind rotation", i.e. without a verifiable log of the old key being associated with the identity. if there is a log of the key rotation, then no.
more pressingly, if the key is your identity, then it cannot be rotated without also fundamentally changing your identity. so key rotation with repudiation requires a non-key identity -- in other words, a name (and authoritative name server) or description (and a way of asserting trusted claims that match the description).
silverpill:Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
from what i understood of the paper, it seems this is just delegating signatures to some authority who can sign things on your behalf. you can then claim the authority forged signatures on your behalf. it's basically like how fedi uses custodial keys in most cases.
-
silverpill:
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
this could work but only if the rotation was a "blind rotation", i.e. without a verifiable log of the old key being associated with the identity. if there is a log of the key rotation, then no.
more pressingly, if the key is your identity, then it cannot be rotated without also fundamentally changing your identity. so key rotation with repudiation requires a non-key identity -- in other words, a name (and authoritative name server) or description (and a way of asserting trusted claims that match the description).
silverpill:Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
from what i understood of the paper, it seems this is just delegating signatures to some authority who can sign things on your behalf. you can then claim the authority forged signatures on your behalf. it's basically like how fedi uses custodial keys in most cases.
My question was addressed to @tesaguri
Yes,
did:keycan not be rotated, I think this is exactly what I said in my comment. -
Fedify has just laid out a comprehensive implementation plan for this fep:
https://github.com/fedify-dev/fedify/issues/288#issuecomment-3971459585
The core idea is replacing HTTP(S) URIs with server-independent identifiers:
ap://URIs that use a Decentralized Identifier (DID) as the authority component, rather than a domain name. An object identified asap://did:key:z6Mk…/actorcan live on multiple servers simultaneously and survives any single server disappearing. -
undefined hongminhee@hollo.social shared this topic on
undefined fedify@hollo.social shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Let's stop saying Fediverse is federated + universe and start saying it's federated + diverse
-
@avilewis so all that opposition, that "diversity" from Trump's America was a lie?
What a surprise!
-
Io lessi 2700, i primi numeri almeno, per puro caso. Era una serie fantastica in tutti i sensi, ma non ho mai incontrato nessun altro che la conoscesse, e ho poi scoperto che gli autori erano giovanissimi.
Sapere che adesso uno è morto, a 55 anni, è triste, ma è un'occasione per recuperarla
https://fumettologica.it/2026/03/ugo-verdi-morto-disegnatore-2700-legs-weaver/
-
-
@evacide they stay in USA ?
-
Bologna: questa mattina udienza di convalida per le tre persone arrestate. migliaia di euro di multa ai residenti del pilastro
@anarchia
Udienza di convalida per i tre attivisti, una compagna e due compagni, arrestati lunedì mattina durante il violento sgombero del presidio di protesta contro il taglio degli alberi
-
RE: https://mastodon.social/@headius/116174666503370577
Mame"s article is pretty interesting, mostly because I didn't know he had a blog thingy
-
@TagYourToe @ml yeah next time maybe Dems will try to earn my vote instead of just taking it for granted.
