top | item 45469486

(no title)

stebalien | 4 months ago

The recommendation to resolve from handles to DIDs for "permalinks" is concerning to me:

- My handle is something _I_ control. I can make it point at a different PDS at any time.

- My DID is something my PDS controls.

I could solve this by indirecting through a web DID under my control, but there's no recommendation anywhere in Bluesky's documentation. Is that something everyone needs to do to ensure real identity portability?

edit: I'm not sure this CAN be solved without running a PDS given that I can't use my own keys. What am I missing here?

discuss

danabramov|4 months ago

This doesn't look right to me.

What you control is your identity (i.e. DID Document). As long as you control your identity, you can change either your handle or your hosting aka PDS.

Your hosting/PDS does not control your DID.

rmccue|4 months ago

What stebalien might be referring to is that your DID document for PLC specifically is controlled by anyone with the rotation key.

In the Bluesky implementation, this is Bluesky for convenience’s sake, to make it possible for users to easily sign up. (I’m not sure internally if it’s part of the PDS or held separately.)

PLC has a mechanism allowing “higher” keys to override “lower” ones within a certain time window, so being able to add your own rotation key that “outranks” Bluesky’s would solve this issue.

Alternatively, use web DIDs and then it’s fully self-managed just as DNS would be.

stebalien|4 months ago

I control my domain name and its DNS but I don't have the keys used to sign my DID. I followed the instructions here: https://bsky.social/about/blog/4-28-2023-domain-handle-tutor...

From my reading of your blog post, it sounds like the DID is the ultimate authority and not my domain name, which sounds like a pretty big problem for user portability.