Christopher Lemmer Webber is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Christopher Lemmer Webber @cwebber

Nice to see a blogpost on the Mastodon blog about implementing a basic ActivityPub server blog.joinmastodon.org/2018/06/

(Though technically webfinger isn't needed for activitypub, but it is for mastodon interop!)

Trolli Schmittlauch🦎 @schmittlauch@toot.matereal.eu

@cwebber I'm curious how subscribing between different AP server implementations is going to work UX-wise. Mastodon, Pleroma and peertube all work with the user @ domain webfinger scheme, but what identifiers shall be used for implementations lacking webfinger?

Not Claes Wallin @notclacke@pleroma.soykaf.com
@schmittlauch @cwebber You can use Mastodon without WebFinger *today*!

Just search for https://toot.matereal.eu/users/schmittlauch instead of @schmittlauch.
Not Claes Wallin @notclacke@pleroma.soykaf.com
@schmittlauch @cwebber Or just click someone's username in a toot. That's also handled without any acct: URL involved. Basically WebFinger is only necessary for the case where you want to look someone up by @ identifier, and maybe even only for the case where you want to do that, and the server didn't already see a message from them.
always coming home @nightpool@cybre.space

@notclacke @schmittlauch @cwebber to clarify—while URIs are used in a lot of scenarios, including all federation references, for practical reasons mastodon uses webfinger as its source-of-truth for account uniqueness. we also require that other implementations we federate with have it for UX reasons

Not Claes Wallin @notclacke@pleroma.soykaf.com
@nightpool @cwebber @schmittlauch *grouch* *mumble* for impractical reasons *sideways glance*
Christopher Lemmer Webber @cwebber

@notclacke @nightpool @schmittlauch Yes, I suspect/hope as the AP network grows, reliance on webfinger will decrease, including its current use in role of what shouldn't really apply for some federation stuff

always coming home @nightpool@cybre.space

@cwebber @notclacke @schmittlauch right now the main issue we had with URIs was their fragility—people switching between http/https and people switching between pleroma and mastodon were two major practical issues we ran into a lot that led us to privileging webfinger over URIs.

the second reason is ideological. Mastodon is microblogging, which means (to us) that posts are plain, not rich text. if actors exist in the network that can't be @-mentioned, then that's a huge user expectation problem

Christopher Lemmer Webber @cwebber

@nightpool @notclacke @schmittlauch I understand the frustration with http and https. Have you ever seen Tim Berners-Lee's "Web Security - TLS Everywhere, not https: URIs"?

w3.org/DesignIssues/Security-N

His argument is, of course we should have a cryptographic layer, but we shouldn't have two different uri schemes for the same resource served as unencrypted/encrypted... instead, there should be one uri scheme, and the encryption selection bit should be a protocol negotiation concern. I 100% agree.

· Web · 0 · 3
always coming home @nightpool@cybre.space

@cwebber I was thinking about that TLS thing this morning. Ultimately it papers over the problems of mutability though

Christopher Lemmer Webber @cwebber

@nightpool what problems of mutability?

Christopher Lemmer Webber @cwebber

@nightpool http(s) has problems with mutability all around anyway :)

Alexei Sorokin @xrevan86@loadaverage.org
@cwebber So, STARTTLS / Opportunistic TLS. This has its own problems, email is currently in pain exactly because that.
octodon.social powered by Mastodon