Conversation
Notices
-
Embed this notice
Hélène (helene@p.helene.moe)'s status on Sunday, 21-Aug-2022 22:45:11 JST 
Hélène
i don't actually understand what problem ocaps or bearcaps would solve in 99% of cases
i understand what they do and why, but, they feel even weaker than HTTP signatures, which are not exactly incredible either
i could see at least *one* use for them though but they'd be very leaky and honestly, that's not even a solution-
Embed this notice
i seethe and (cope@eeeeeeeee.eu)'s status on Sunday, 21-Aug-2022 22:48:36 JST 
i seethe and
@helene yeah, it's a solution for a domain'less user to user network, that's not what we will ever have Hélène likes this. -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Sunday, 21-Aug-2022 23:12:35 JST
Hélène
@trwnh yeah, it's just that the examples given don't seem very good to me. they're just tokens, but they could be built into the URIs themselves, too, which to me is... the same, pretty much, which is why i don't exactly the point in the current context of AP
i'll still keep them in mind to see what they can offer, however, maybe i'll figure out something in which i feel they can be more useful than the current solutions by just letting it sit on my mind a bit more -
Embed this notice
infinite love ⴳ (trwnh@mastodon.social)'s status on Sunday, 21-Aug-2022 23:12:36 JST 
infinite love ⴳ
@helene ocaps are for when you hate acls and want proof by possession instead of proof by identity
think of like... you could make a youtube video "private" (acl limited to specific authenticated accounts) or you could make it "unlisted" (with a sufficiently unguessable url, the url becomes a secure token, but you don't need an account)
they're not "weaker" they just have different properties. ocaps tend to be simpler to check and more flexible in what they provide (see: attenuation of ocaps)
Hélène likes this.
-
Embed this notice
All GNU social JP content and data are available under the