Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://were.social/objects/3b925336-abe6-4479-8947-173f7abca73a">arcanicanis (arcanicanis@were.social)'s status on Friday, 28-Oct-2022 09:53:33 JST</a><a href="https://were.social/users/arcanicanis" title="arcanicanis@were.social"><img src="https://gnusocial.jp/avatar/10459-48-20220918060352.webp" width="48" height="48" alt="arcanicanis" style="position: absolute; left: 0; top: 0;">arcanicanis</a><div><a href="https://gleasonator.com/objects/15061915-2eb3-4531-a5a9-6f51a9925844" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/1712" title="alex@gleasonator.com">Alex Gleason</a></li><li><a href="https://gnusocial.jp/user/4865" title="curtis@social.teci.world">Curtis Rock, SkD</a></li></ul></div></section><article><p>Actually the spec has a ‘recoveryKey’ component as well for did:plc of which:</p><p>“(…) provides a 72hr window during which the recoveryKey can “rewrite” history. 
This is to be used in adversarial situations in which a user’s signingKey leaks or is being held by some custodian who turns out to be a bad actor.”
( <a href="https://atproto.com/specs/did-plc#account-recovery">https://atproto.com/specs/did-plc#account-recovery</a> )</p><p>Which seems like a pretty simple implementation, without cross-signing or any other ideas to be piled on to achieve the same.</p><p>Also, I think the idea is that there’s a different primary identifier (the DNS-style usernames), which resolves and points to the DID as it’s canonical identifier.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/301883#notice-524235">In conversation</a><time datetime="2022-10-28T09:53:33+09:00" title="Friday, 28-Oct-2022 09:53:33 JST">Friday, 28-Oct-2022 09:53:33 JST</time> <span>from <span><a href="https://were.social/objects/3b925336-abe6-4479-8947-173f7abca73a" rel="external" title="Sent from were.social via ActivityPub">were.social</a></span></span><a href="https://were.social/objects/3b925336-abe6-4479-8947-173f7abca73a">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: atproto.com</div><h5><a href="https://atproto.com/specs/did-plc#account-recovery">DID Placeholder (did:plc) | AT Protocol</a></h5><div></div></header><div>A hosted, secure registry of user DIDs.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
arcanicanis (arcanicanis@were.social)'s status on Friday, 28-Oct-2022 09:53:33 JSTarcanicanis
in reply to
Actually the spec has a ‘recoveryKey’ component as well for did:plc of which:
“(…) provides a 72hr window during which the recoveryKey can “rewrite” history. This is to be used in adversarial situations in which a user’s signingKey leaks or is being held by some custodian who turns out to be a bad actor.” ( https://atproto.com/specs/did-plc#account-recovery )
Which seems like a pretty simple implementation, without cross-signing or any other ideas to be piled on to achieve the same.
Also, I think the idea is that there’s a different primary identifier (the DNS-style usernames), which resolves and points to the DID as it’s canonical identifier.
In conversationFriday, 28-Oct-2022 09:53:33 JST from were.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: atproto.com
  DID Placeholder (did:plc) | AT Protocol
  A hosted, secure registry of user DIDs.

Public

Embed Notice

HTML Code

Corresponding Notice