**robryk** @robryk@qoto.org · Dec 05, 2022, 20:36

**robryk** @robryk@qoto.org · Dec 05, 2022, 20:36

robryk @robryk@qoto.org

Dec 05, 2022, 20:36

I'm not sure if this is the right analogy. AP ID is a URL under which you can find metadata and public signing keys for the account. It's an in-envelope concept (to borrow e-mail terminology) and has ~nothing to do with routing (in fact the metadata returned points at your inbox, outbox, and other collections, which can be hosted wherever the handler of that URL desires).

I do agree that it's bad that we have two levels of IDs and different pieces of software consider different levels as persistent.

**JP Sugarbroad** @taral@mastodon.social · Dec 06, 2022, 02:04

**JP Sugarbroad** @taral@mastodon.social · Dec 06, 2022, 02:04

Dec 06, 2022, 02:04

JP Sugarbroad @taral@mastodon.social

@robryk @filippo But that's the thing, why is the domain of the identity hard-tied to a URL host? They could have used SRV or TXT resolution mechanisms like other protocols do.

**robryk** @robryk@qoto.org · 2022-12-06T10:28:46Z

robryk @robryk@qoto.org

@taral @filippo Given that DNS is simple unauthenticated plaintext that would mean that anyone able to fake DNS responses to homeserver foo could provide fake messages from any remote instances that foo would believe in.

Dec 06, 2022, 10:28 · · · ·

**JP Sugarbroad** @taral@mastodon.social · Dec 06, 2022, 14:57

**JP Sugarbroad** @taral@mastodon.social · Dec 06, 2022, 14:57

Dec 06, 2022, 14:57

JP Sugarbroad @taral@mastodon.social

@robryk @filippo Hmm, that is a good point. Requiring the eventual endpoint respond with a certificate for the original domain would solve that but add its own complexity. Messy.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…