I know next to nothing about Bluesky or ATProto outside of what this article told me, but: as I was reading the part about the need to trust who's controlling the PLC directory, I kept thinking that this could be a proper problem for trust-less cryptographic data storage mechanisms (like cryptocurrency ledgers) to solve. Isn't that right? You would shift the risk from "the entity hosting the PLC directory goes rogue and you can't update your data anymore" to "a sybil attack can boot you off the network"
zicklag|11 months ago
Because I think what we need is discovery and persistence of many self-verifying records that are independent from eachother.
In other words, each user's own identity record log is it's _own_ "blockchain" already, and we have no need for large, expensive, coordinated consensus, because each user only needs a single signature from one of their authorized keys to make changes.
So if we can just reliably distribute your identity records, then I think we've mostly solved the problem. Having the plc.directory as a standard, primary way to get those records doesn't seem like a bad idea, but having an official fallback to something like the Mainline DHT might be able to make it 100% decentralized in the event of a compromised plc.direcotry.
It's still a fuzzy idea in my head but eventually I'll do some serious thinking about this and try to get some actual proposal or community feedback if it seems like there's promise.
Squeeze2664|11 months ago
anacrolix|11 months ago
Blockchain and DHT are perfect for this.