I've finished writing part 1 of "OcapPub: Towards networks of consent", which is to say the "Conceptual Overview" section gitlab.com/spritely/ocappub/bl

There's a lot there already, and we haven't even gotten to Part 2, the "How to Build It" section yet. I'll begin work on that tomorrow.

What's here already is more or less an explanation of *why* OcapPub is taking the particular direction it is taking, and why other approaches run into serious problems.

@cwebber this (like all of your writing) is really, really great!

This question is maybe a bit boring (and from the outline it looks like maybe you'll cover it in part 2? so feel free to not answer or direct me elsewhere), but -

in a distributed ocap system, doesn't revoking caps require an ... ACL? (or in this case, a non-acl (blacklist)), to keep track of which caps have been given out that are no longer to be recognized as legit?

@doesntgolf I haven't covered that, but the answer is... no! You don't need an ACL for revocation (or for tracking abuse)! And here's how we can do it.

An ocap is an unforgeable reference right? (As in, if you don't know it, you don't have a way of faking it.)

So, what if we have the "real" object, and then what we actually hand the person is a "proxy" object that forwards messages? This proxy could attach information so we know "who's capability" is being used when they use it.


This is interesting and gives me an idea. Could we do something similar for email? Instead of giving people our actual email address (real object) to send us email, we give them a random (so it's unforgeable) newly generated alias address (proxy object). If they start spamming us, we delete the alias. If they share the alias with a spammer, we can hold them accountable. Are there any systems that implement this?

@arunisaac Yep, people have been doing that for some time! Many mail servers even support this out of the box.

You can also read up on Petmail which has similar ideas to what I am describing petmail.lothar.com/design.html

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!