I just added what I think is the coolest part to OcapPub... the "Composition" section! This especially shows off how cool ocap design is: Alyssa schedules a backup of her file to run twice a day, and yet the job scheduler which runs the backup has neither access to read the file nor write anything else to the backup service! gitlab.com/spritely/ocappub/bl

@cwebber hmm, I still have to come up with an actual use case for attenuation in ActivityPub

Also, I can see a few issues with proxying in the context of AP:
- End-to-end reliability now depends on a chain of proxies
- The proxy is in a much better position to perform replay attacks
- The proxy could also decide to selectively block transmission for certain kind of information, not agreed upon previously by the person who has been given the capability

@cwebber more generally, using proxies for attenuation is incompatible with End-to-end encryption and gives a lot of power to the proxy

@Thib These are good criticisms and will be better addressed once I introduce the True Names and public profiles section :)

@Thib We can put *a portion of it* this way:

"What do I believe this is a proxy of?"

"Does the thing I am proxying to believe this is a secure channel for me to make communications to it?"

@Thib And maybe, adding to that:

"Does the thing I am proxying to believe this is a reliably-available channel for me to make communications to it?"

@Thib Would answering those questions help your concerns?

I appreciate this feedback, btw!

@cwebber yes, I guess so, but I can't really see how those could be answered by anything else than “no”

@Thib Well then, I guess you have to wait for my next couple of updates :)

@Thib I realize I am introducing a lot of concepts, layer by layer. It is part of the reason OcapPub is so long.

We can see that in the examples I gave, Alyssa's friends had no reason to believe these capabilities were for anything other than what she said it was, because that was their trust assumptions from the beginning. If they trust Alyssa, and they heard it from Alyssa, that's fine. Similarly, the chronjob scheduler doesn't care.

We'll need better for talking to many AP actors.


@cwebber I guess how important those assumptions depend on the exact use case behind the proxy, and I can't really think of a use case for attenuation in AP yet

@Thib I hear you; reserve judgements till after the the True Names section comes out. :)

@Thib Also the episode of @librelounge that's coming out next (probably Friday?) should help, too.

Sign in to participate in the conversation
Mastodon (instance perso de ThibG)

This is a small personal instance running on a couple small ARM servers at home.