Nuh 🔻 on Nostr: I like how you bundle so many topics at once. I went with RawPublicKey, since it has ...
I like how you bundle so many topics at once.
I went with RawPublicKey, since it has less complexity than x.509, the downside of that is that rustls decided to forbid the coexistence of both in the same ServerCertificateVerifier so you will need two separate ClientConfigs for Pkarr domains and ICANN domains, you will also need two separate Reqwest clients... but I can live with that.
RawPublicKey also requires that you specify what key you should trust, but that is what I was going to do anyways, and I do that by following the chain of delegation from one Pkarr to the other. The last Pkarr is the one that informs me of the ip, port, alpn, and ech, but also the one used in TLS.
I don't like depending on ICANN or CAs either, but I will, because I have to support browsers, so for a Pkarr based server to be used in browsers securely, they have to point to a clearnet endpoint (ICANN) ... at least until we can convince browsers to trust Pkarr and its TLS scheme.
The problem with this mapping, of which melvincarvalho (npub1mel…5c24) is a big fan, is still depends on lookup of nip65 which defeats the purpose of Pkarr. But maybe it is possible for some clients to use nip65 normally then as soon as they see a Pkarr key they switch to that as the root of the identity.. it might be possible to gradually migrate. I like Bittorrent philosophy here: you build something with limited complexity, if you need to migrate start with two coexistent systems, then deprecate the old and hope it doesnt linger forever. I say Bittorrent succeeded with that couple of times.
I am not against starting over, as evident by the fact I am starting separate thing instead of leveraging any network effects. But if you use Pkarr like you use Nip5, it wouldnt be starting over, sure the npub would remain the root of identity for most apps, and that will hender how much can you benifit from Pkarr, but it seems to me every single new feature in Nostr starts that way anyways, in fact even Outbox model had to claw its way into more and more clients. I wouldnt try to push Pkarr as hard, mostly because I am not that invested in Nostr, but i can see it happening gradually and organically if enough people cared.
I went with RawPublicKey, since it has less complexity than x.509, the downside of that is that rustls decided to forbid the coexistence of both in the same ServerCertificateVerifier so you will need two separate ClientConfigs for Pkarr domains and ICANN domains, you will also need two separate Reqwest clients... but I can live with that.
RawPublicKey also requires that you specify what key you should trust, but that is what I was going to do anyways, and I do that by following the chain of delegation from one Pkarr to the other. The last Pkarr is the one that informs me of the ip, port, alpn, and ech, but also the one used in TLS.
I don't like depending on ICANN or CAs either, but I will, because I have to support browsers, so for a Pkarr based server to be used in browsers securely, they have to point to a clearnet endpoint (ICANN) ... at least until we can convince browsers to trust Pkarr and its TLS scheme.
The problem with this mapping, of which melvincarvalho (npub1mel…5c24) is a big fan, is still depends on lookup of nip65 which defeats the purpose of Pkarr. But maybe it is possible for some clients to use nip65 normally then as soon as they see a Pkarr key they switch to that as the root of the identity.. it might be possible to gradually migrate. I like Bittorrent philosophy here: you build something with limited complexity, if you need to migrate start with two coexistent systems, then deprecate the old and hope it doesnt linger forever. I say Bittorrent succeeded with that couple of times.
I am not against starting over, as evident by the fact I am starting separate thing instead of leveraging any network effects. But if you use Pkarr like you use Nip5, it wouldnt be starting over, sure the npub would remain the root of identity for most apps, and that will hender how much can you benifit from Pkarr, but it seems to me every single new feature in Nostr starts that way anyways, in fact even Outbox model had to claw its way into more and more clients. I wouldnt try to push Pkarr as hard, mostly because I am not that invested in Nostr, but i can see it happening gradually and organically if enough people cared.