-- Leo's gemini proxy

-- Connecting to bbs.geminispace.org:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini; charset=utf-8

Comment by ๐Ÿš€ blah_blah_blah


Re: "openid for gemini"

In: u/norayr


A gemini-friendly solution to ID masquarading:

create account on gemini://gemid.info (<- doesn't exist yet) which generates a verification code

post verification on gemini://bbs/s/gemID or Station or a gemlog with the code

add link to gemid.info account to verify

add site/id pairs to gemid.info account, and any other info


It's opt-in, doesn't follow you around, isn't a login-scheme, but addresses some of the security concerns we might have about verifying identities, and also serves, like linktree or finger, as a convenient place to present one's public-facing identity. Some care would be required by the owner so that skyjake@randopage.com didn't takeover the real @skyjake.


๐Ÿš€ blah_blah_blah

Apr 27 ยท 3 weeks ago


3 Later Comments โ†“


โ˜•๏ธ Morgan ยท Apr 27 at 20:00:

I experimented with something like that, id.gemlog.org, but people didn't want a service that stores data. Which is perfectly reasonable.


So now it doesn't store any data, but it does show a text representation of your client certificate hash.


Which is good for nothing as nobody else uses the same hash+rendering :)


๐Ÿš€ stack ยท Apr 30 at 02:09:

@Morgan, am I missing something, or does your idea require that I must trust servers to create and not fake hashes?


โ˜•๏ธ Morgan ยท Apr 30 at 05:41:

@stack that's right, with that idea every "social" or "id" server owner would run the same algorithm to display the same hash, (opt in per user), so as to not leak the underlying certificate fingerprint.


A malicious or hacked server could lie, so it's not e2e identification proof, but "if you trust the server". I think a malicious or hacked server gets you enough other problems that them forging ids is not super important by itself.


Original Post


๐Ÿ™ norayr

openid for gemini โ€” i believe that activity pub is an overkill for the problem it is trying to solve. we have rss/atom/yyyy-mm-dd for fetching news. rss solves the problem of fetching new content, following someone. openid solves the problem of replying/commenting/reacting as someoe. in a sense, we don't need a social network because internet is already one. internet with rss and openid covers essential features of what we call a social network. so let's adapt or design something like...

๐Ÿ’ฌ 22 comments ยท Apr 25 ยท 4 weeks ago

-- Response ended

-- Page fetched on Mon May 20 14:38:18 2024