Can we make federation less dependent on domain names?

thefogan@programming.dev

I mean DNS is always the issue... but then that's kind of the double edged sword as well isn't it?

Conceptually 4 options come to mind.

1. DNS as current - weakness domain name changes or DNS outages or poisoning

2. IP address - Issues, migration etc... some instances may need to move services etc....

3. SSL private/public keys - probably the strongest I'd imagine. only real weakness I can see is... 1. it has no ability to find a server, and I guess if a server is hacked and it's private key is stolen, federated servers would not be able to spot the imposter.

I do think 3 might be the strongest option. I don't know anything on how lemmy etc.. works. I'd imagine a strategy would be, When A and B federate with eachother, A records B's Domain name, IP, and public key (and B gets A's as well), if DNS goes down attempt recorded IP. If neither work wait for an incoming connection and if the new connections public key matches an existing public key, it assumes the identity.

But as far as the user side I don't really know. Obviously we can only match users as their domains. I can't imagine how I could find you again with gammaray@sh.itjust.works when sh.itjust.works domain is unregistered.

silverpill@mitra.social

That's correct.

did: prefix is used to denote cryptographic identifiers, in theory one could even take a did:plc identifier from Bluesky and then use it as identity for an ActivityPub application:

https://github.com/bluesky-social/atproto/pull/3943

gammaray@sh.itjust.works

I was also considering something along the lines of option 3. I'm not sure of a foolproof solution, even DNS has the potential for imposters and being revoked.

e0qdk@reddthat.com

Instances go down a lot -- often permanently. e.g. kbin.social, lemm.ee, etc.

When an instance goes down, it takes out all the user accounts and communities on it, and it's hit or miss if you can find copies of the posts on other instances.

lambalicious@lemmy.sdf.org

Yeah, the weakness of SSL is basically the same as the weakness of DNS: that someone can remotely impersonate you or revoke your identity. But there is a major difference: DNS is designed so that your identity is taken away as part of the system: you can not ever declare your identity yourself, you have to rent it from an external entity controlled by corporate, government or both. Whereas in SSL if your identity is taken away for the most part it's purely your fault (only you should be having your private keys).

Guest

DIDs aren't unique to Bluesky

rimu@piefed.social

Hypothetically an instance could federate an activity telling all other instances about it's new domain name.

But once we get post, community and user migration working there will be much less need for it - everyone could just move themselves.

rglullis@communick.news

I still don't understand how this is not akin to falsifying data. If we normalize servers copying data from other instances and just rewriting the URL, there is little in the way for malicious actors to create piefed instances to scam others pretending to be someone they are not.

auster@thebrainbin.org

Didn't mean it was. Just mentioned it as it was the most common example I knew. But thanks for the link! Reading it now.

lordnikon@lemmy.world

Irc solved this by having list servers domains that give a list of irc servers so instead of having random servers that go down you have a network of distributed servers that work together.

pamasich@kbin.earth

Is Piefed implementing this in some weird way?

Iirc previous work on this in the fediverse involved a very clear way of doing it that makes sure to address the issue you're bringing up there.

The idea is that you send activities to announce the move and mark the original actor as having moved to the new actor (and the new actor as being the new home of the original actor). Instances then verify this by whether that actor relationship is specified correctly on both sides (does going new actor -> origin actor -> new actor lead back to where we started from?).

Is that not also Piefed's implementation? Because if it is, I don't see your scenario being viable. Since the move needs to be acknowledged by both sides, it cannot just be faked.

rglullis@communick.news

AFAIK, "community migration" is done in PieFed by having the target instance making a request to the source one to change, and if the owner authorizes it then it PieFed recreates the actor and its objects on the target instance. Then it is up to the owner of the source community to delete the/close the source community.

My objection is to this recreation of the objects. If someone creates a post on "community@alpha" and the moderator decides to move to "community@beta", history is being recreated and it makes "beta" with activity that is not original. Also, having the consent from the community owner is not enough, because it ignores the fact that the members of the alpha community might not be interested in being associated with beta.

pamasich@kbin.earth

Oh yeah, this does not sound okay.

If user@delta creates a post on community@alpha, their post lives on delta, not alpha. Community@alpha should not be able to unilaterally decide that the post should instead live on beta. Delta needs to be the one to decide that.

Sorry for the political analogy, but this sounds to me like Russia and the US deciding on Ukraine's future without involving the latter.

cracks_inthewalls@sh.itjust.works

I almost feel like someone needs to do a write-up of the 196@lemmy.blahaj.zone debacle - while not a 1-for-1 example (it wasn't a migration attempt that functioned the exact same way as it would with PieFed), it's a good case study for userbase-community owner-instance dynamics that should be considered, specifically the bit in your last sentence.