sknebelmiklb: if I understand right you could point people there to allow non-indiewebified people to comment on your site, without having to implement anything extra? (although you could see it as a feature that they can't ;))
miklbthat I understand, but you could have an online presence that is verifiable in the sense that you have an established "identity", albeit not necessarily legal identity.
cmalgRegorLove: anonymity is unthinkable in terms of social networks, but pseudonymity is the goal in our case : the next step is ensuring your personal information stays disconnected from any of the only pseudonyms you use (onion routing, etc.)
cmalCan be as little as a URL, but if we're trying to have authorship info about stuff (say, to handle social interactions), we need at least something so full anonymity is not really possible
aaronpkspeaking of GPG, i was just trying to figure out if there's some way to combine webmention with GPG to send signed webmentions, allowing you to skip the verification check if the signature passes
cmalpseudonym is another word for 'nickname'. A pseudonym is the name associated with an identity. Most common uses are for artists, activists and just about almost every one online.
aaronpkthe nice part of GPG is that there are a lot of tools around it already so you can use it without really needing to know how to implement crypto from scratch
cmalgRegorLove: well I think noone is crazy worried about vouching because there isn't such a huge spamming/trolling problem on the Indieweb just yet, but as soon as it happens we'd better have some efficient solutions to tackle the issue :)
sknebelone could also use a sites HTTPS cert maybe? (I wish client-certificates were better supported, then that would be a way, but maybe you can use them to sign stuff as well)
cmalsknebel: I don't think that's a solution as it only allows to identify the domain itself, but there may be several users sharing subfolders for instance
cmalgRegorLove: that's indeed profoundly stupid, but that's the best we've got. then again it's all about pseudonymity, not anonymity : we're NEVER going to use our real-life PGP keys on a production site exposed to the public :D
aaronpk1) I want to send a webmention about a URL on aaronparecki.com to a URL on gregorlove.com. I first make sure my home page (author URL) has a rel=pgpkey to a public key
aaronpk5) if the endpoint already knows the public key for that author URL, it skips this step. if it doesn't know the key, it fetches the author URL and looks for rel=pgpkey
aaronpk6) the endpoint then verifies the GPG message, and if it passes, can treat that as a successful webmention, and can skip fetching the source URL
sknebelI still can make that up, but if you require that author url and source are the same domain I can only make it up about posts on my site... where I could spam links to your domain anyways
cmalalso, we could try to support different key types for different implementation needs : I'm thinking libsodium (way faster than PGP and very strong)
cmalaaronpk: I don't know, it could just be used as a signing mechanism (following the same procedure than you described with PGP) and then we could be back to using followers or XFN as a chain of trust
cmalI mean, I see two downsides with PGP-everywhere : it's super slow (especially on tiny computers like raspberry pi), and the Web Of Trust is public by essence
cmalso that means you cannot vouch for someone without your vouching being made public, which basically means it would be very easy to map around the whole web of trust of the indieweb (which in terms of privacy is disastrous)
cmalaaronpk: that would mean only one key per domain (so wouldn't work for subfolder installs) and would require the user to have control over the DNS (which I can only approve of but is unfortunately not so widespread)
cmalmmmmm but then you're specifically relying on DNS as a means of accessing the content (although .onion is DNS-compliant I believe, some other resolution protocols like IPNS might not be able to provide TXT keys or rely on DNS infrastructure at all)
ChrisAldrichaaronpk: Isn't kylewm at Medium? Is he trying to get them to implement webmention? It would be a killer feature for a major platform to have. Curious if he's brought it up there and what their response was?
petermolnar morning cmal
@borisschapira @nhoizey même pas. Mais j'appelle un peu webmention.io, ce qui me pénalise de 100s environ. Il reste donc 6 min… (twitter.com/_/status/764016491809296385)
@nhoizey @borisschapira ah oui, je dois ajouter webmention.io, pas encore fait… 😉 (twitter.com/_/status/764016676723490817)
cmal has anyone already worked with amp (async PHP framework)? https://github.com/amphp/amp
gRegorLove what is commentpara.de?
Loqi commentpara.de is an anonymous commenting system for the indieweb https://indieweb.org/commentpara.de
aaronpk looks like it's here http://git.cweiske.de/anoweco.git/
loqi.me created /common_crawl (+72) "prompted by KartikPrabhu and dfn added by KartikPrabhu" (view diff)
KevinMarks The other pattern I'm seeing with the decentralized web stuff is the public key being how you look up the homepage
ChrisAldrich aaronpk: Isn't kylewm at Medium? Is he trying to get them to implement webmention? It would be a killer feature for a major platform to have. Curious if he's brought it up there and what their response was?