Embed Notice

To get away from CAs (#certificateAuthorities) i think web servers and sites ought have a list of other sites that they can vouch for, to bujild a Web Of Vouched Encryption And Names (WOVEAN), and then ppl can, as they type a name, see their WOVEAN address book in real time and see the sites that were used to vouch for the name and public key.

So if my website links to a page then the public key of the site, in beech32 format (the format used by i2p) goes into a list for vouching. The more I use links to a site the stronger the "vouch" for that site.

i suspect that every site will have on average 200-400 sites that they'd vouch for, with 150 of those being strong "vouches" but a fediverse server might end up with tens of thousands of weak "vouches". A fedizen who wants to visit postal.com might just be able to ask and fediserver for all names that start with "po".... if that would result in too big a list then the fediserver can refuse and the fedizen can ask for all results starting with "pos", an extra letter etc. this continues until a mapping of names to B32s can be provided.

this sort of thing might work as part of an addon that i've been proposing to help fedizens crowd serve fediverse media over i2p. Media that they as INDIVIDUALS like and share, or (for improved #search) an INDIVIDUAL FEDIZEN might even share all posts that they can see, which use a #hashtag that they as an INDIVIDUAL have used. This proposed addon i have previously called #DCN (DeCentralized Network), which is ITSELF a tongue-in-cheek rebuttal of the oft-centralized #CDNs.

i2p has a weird and annoying quirk that has made it technically totally possible for the #nameservers to claim a "subdomain" of a site, eg. betty in betty.postal.i2p belongs to a completely different entity to postal.i2p.... but for what i propose, if a browser WANTS to know what the B32 of betty.postal.i2p is then it would HAVE to ask postal.i2p. and it should be possible for a subdomain to have the same public key as the toplevel domain (currently i2p address books dont allow this, which is sort of dumb to me).

really this system could work like the pet naming scheme from @cwebber et al

does this sound compelling? really I don't think i'm outlining anything new here, ive just come up with an acronym, WOVEAN, which might help make the concept more palatable to the average non-techie,,,,

and i'm combining this with an addon proposal with overlapping functions.

a negative is it may add to the amount of responsibility that webmasters/servers have, but not for i2p natives, as most people who share links in i2p will often share them alongside the b32 link. We WILL however want the webserver to be able to detect when it is sharing a WOVEAN link, so that it might AUTOMATICALLY(?) go into the sites address list? The browser addon would detect that a site is WOVEAN from info in the html head, and ask the viewer if they would like to "Fetch the WOVEAN addresses"?

(If you dont interact I'll recommend to folks not to tag you, in subsequent resposes.)

#encryption #naming #dns #mitm #infosec #sociology @gabriel @nimda @silverpill @fedilist @p @r @i2p@mastodon.social