!world@quokk.au

Not going to lie, I got banned so I made my own World News Community. This community differs because there’s no silly bot, I’ll happily listen to the communities voice, and we’re a bit more lax on rules policing.

Feel free to come on by and comment. I would love to foster a News community that’s active in discussion.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    I believe that the basic metric of trust is instance-level. That is, it’s the TLS certificates and whether-or-not an instance is federated that is the basis of trust. I don’t think that users have individual keys – I mean, it’d be meaningless to generate one rather than just trusting a home instance without client-side storage, and that definitely doesn’t exist.

    Having client-side keys would potentially, with other work, buy some neat things, like account portability across instances.

    But the problem is that, as you point out, any solution on vote trust can’t just be user-level keys, unless every admin is gonna police who they federate with and maintain only a network of instances that they consider legit. Once I federate with an instance, I grant it the right to create as many accounts as it wants and vote how it wants. And keep in mind that ownership of an instance could change. Like, an admin retires, a new one shows up, stuff like that.

    • PhilipTheBucket@ponder.cat
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Your actor (https://lemmy.today/u/tal)'s public key is:

       -----BEGIN PUBLIC KEY-----                                      
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VR4k0/gurS2iULVe7D6
       xwlQNTeEsn0EOVuGC2e9ZBPHv4b02Z8mvuJmWIcLxWmaL+cgHu2cJCWx2lxNYyfQ
       ivorluJHQcwPtkx9B0gFBR5SHmQzMuk6cllDMhfqUBCONiy5cpYRIs4LBpChV4vg
       frSquHPl+5LvEs1jgCZnAcTtJZVKBRISNhSp560ftntlFATMh/hIFG2Sfdi3V3+/
       0nf0QDPm77vqykj2aUk8RnnkMG2KfPwSdJMUhHQ6HQZS+AZuZ7Q+t5bs8bISFeLR
       6uqJHcrXtvOIXuFe7d/g/MKjqURaSh/Pqet8dVIwvLFFr5oNkcKhWG1QXL1k62Tr
       owIDAQAB                                                        
       -----END PUBLIC KEY-----                                        
      

      All ActivityPub users have their own private keys. I’m not completely sure, and I just took a quick look through the code and protocols and couldn’t find the place where vote activity signatures are validated. But I swear I thought that all ActivityPub activities including votes were signed with the key of the actor that did them.

      Regardless, I know that when votes federate, they do get identified according to the person who did the vote.

      In practice, you are completely correct that the trust is per-instance, since the instance DB keeps all the actor private keys anyway, so it’s six of one vs. half dozen of the other whether you have 100 fake votes from bad.instance signed with that instance’s TLS key, or 100 fake votes signed with individual private keys that bad.instance made up. I’m just nitpicking about how it works at a protocol level.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Ah, thank you for that, then; that makes sense. And yeah, if there is a per-user key, then I’d expect it to be signing votes.