Technology

37719 readers

314 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

206

Email is the oldest Federated service. (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

79 comments fedilink hide all child comments

I was struggling to wrap my head around how federated social media works until I realized that email has basically been doing the same thing for 30 years. Different email servers are like instances of a federated network. You can send emails to people from within a single server or you can send emails to people on any other mail server. Your email address is a username followed by an '@' and the server address, just like on Lemmy. Email is a decentralized service I've been using the whole time!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 1 year ago (1 children)

@nodsocket @technology I think the real challenge with the user experience of PGP is making it possible for people to actually do the whole “web of trust” think in a practical way, and making management of private keys over a long period of time by individuals. It’s way too easy to lose your keys

[–] [email protected] 1 points 1 year ago

The nominal answer to that was PKI, i.e. TLS (and maybe SMIME). But that's just a different shitshow.

The other challenge is IMHO there's two kinds of tasks here that are related but not the same.

One situation is for stuff like most e-mail and posts online etc. You don't care or need a strong identity guarantee, you just need to be able to say ID1 from yesterday is strongly confirmed to be ID1 today. For things you make first contact and only contact online - this is really all you need, along with the privacy of the content. Stuff like PGP and SSH do this just fine. Self Signed TLS certs do too, except for browsers somehow treating them as worse than unencrypted.

The other is where you do want a strong identity verification. This is where TLS how most people use it works, except it's a false sense of verification. People want something like a Government ID - so you KNOW Amazon is Amazon verified by a trusted third party. But this sadly isn't how the certificate authorities actually work, and now it's considered so hard to take care of your keys that a certificate lasting more than a year (pushing for 90 days) is "too big a risk". Imagine any other ID you had to renew every 3 months! It clearly doesn't work, and only continues IMHO because it's how the web ended up working. But in actual practice IMHO - you basically get the same thing you would have from option 1 for most people. It's not like there's an enforced standard or anything for the CAs, it's just can you pay. And with LetsEncrypt for those 90 day renewals there's not even payment so it really might as well be just telling you it's encrypted and forget about the identity alltogether.