@cwebber I mean how shall that work UX wise?

If I want to follow user foo at peertube instance bar, I can do that by just following @ foo @ bar from mastodon thanks to Webfinger.
But how to do that for non-webfinger AP servers?
If I'm not mistaken there's no canonical URI scheme for AP making this possible withput webfinger, is it?

@schmittlauch Webfinger makes sense indeed when you have a user@domain email style addressing expectation. That's not the only UI experience possible, and indeed it won't even be feasible if people start doing interesting things like ActivityPub + tor onion services. Something something petnames here.

@cwebber maybe I'm just too narrowly-minded or not creative enough, but the approach where the remote instance handles authentication using OAuth and entering credentials directly there creeps me out – too easy to confuse and impersonate the real instance.

But let's see how things develop, hopefully I'm not the first one having to come up with solutions.

@schmittlauch I didn't suggest that route

@cwebber It's the only thing I could come up with so far.
But I also havent carefully read the AP spec so far, maybe I should do that first before speculating based on hearsay knowledge.

It's just a potential rupture point for different instances and their possibility to subscribe to each other. AFAIK Mastodon currently only supports the webfinger UX flow

@schmittlauch How do you send someone an email? Either you have that person "bookmarked" in your addressbook, or they were part of the addressing in that conversation (by introduction)

I have some more in this unfinished document https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md

@notclacke @schmittlauch yep!

@notclacke

recycling finger & wall
.. like F*Book

@cwebber @schmittlauch

@notclacke @schmittlauch @cwebber to clarify—while URIs are used in a lot of scenarios, including all federation references, for practical reasons mastodon uses webfinger as its source-of-truth for account uniqueness. we also require that other implementations we federate with have it for UX reasons

@notclacke @nightpool @schmittlauch Yes, I suspect/hope as the AP network grows, reliance on webfinger will decrease, including its current use in role of what shouldn't really apply for some federation stuff

@cwebber @notclacke @schmittlauch right now the main issue we had with URIs was their fragility—people switching between http/https and people switching between pleroma and mastodon were two major practical issues we ran into a lot that led us to privileging webfinger over URIs.

the second reason is ideological. Mastodon is microblogging, which means (to us) that posts are plain, not rich text. if actors exist in the network that can't be @-mentioned, then that's a huge user expectation problem

@nightpool @notclacke @schmittlauch I understand the frustration with http and https. Have you ever seen Tim Berners-Lee's "Web Security - TLS Everywhere, not https: URIs"?

https://www.w3.org/DesignIssues/Security-NotTheS.html

His argument is, of course we should have a cryptographic layer, but we shouldn't have two different uri schemes for the same resource served as unencrypted/encrypted... instead, there should be one uri scheme, and the encryption selection bit should be a protocol negotiation concern. I 100% agree.

@cwebber I was thinking about that TLS thing this morning. Ultimately it papers over the problems of mutability though

@nightpool what problems of mutability?

@nightpool http(s) has problems with mutability all around anyway :)

@nightpool @cwebber @notclacke @schmittlauch Why can't/aren't URIs dereferenced somehow? If properly dereferenced, then shouldn't the URI no longer matter?

@nightpool Requiring OStatus for ActivityPub? That is unfortunate.

@dansup @nightpool Well, Webfinger isn't specifically OStatus related, but yeah that's why Mastodon has it.

Evan Prodromou, who I think was responsible for Webfinger in OStatus, was one of the bigger voices pushing back against it appearing in ActivityPub, saying there's no need for it in a modern federated system IIRC from the SocialWG calls

@dansup @nightpool Or rather, was pushing back against it being a *requirement* (not against implementations optionally supporting it)

@dansup @nightpool You could absolutely have a Mastodon-like interface without Webfinger btw... type @, and it brings up a list of possible recipients which might not even be the webfinger addresses but people who match this in their name who are in your "addressbook"... mastodon already does this mostly. If I type "@karen" I can complete @aldeka even though she has a different username. Pump.io clients use this to select the user's id, but link with their display name as the link text

@cwebber @dansup @nightpool It means you need a rich-text editor to be able to mention someone.

@gargron @cwebber @dansup yes this is what I was saying about plaintext vs rich text.

@gargron @dansup @nightpool various pump.io clients have dynamic completion of the username but use markdown in composition... rich-text rendering, but not rich-text editors

@gargron @dansup @nightpool I personally hate markdown kind of but that's not relevant to this ;)

@Gargron @cwebber @nightpool Oh, I get it. I wasn't sure what nightpool meant about UX. Thanks for clearing this up!

@notclacke @schmittlauch @cwebber Honestly though, I've always liked the user@instance format that other federated networks use. It's a pretty useful way to think about users across the network; conceptually that identifier feels closer to email.

URL works okay, but the flow and the logic is kind of different.

@deadsuperhero @notclacke @schmittlauch yeah I get that, and people are fairly familiar with email-like ids. I'm not arguing against clients supporting that for composition of addressing anyway, but it does bother me that Mastodon uses Webfinger for some sources of information where it shouldn't matter for protocol'y things

I think that could hold back some exciting future things if it remains. But fortunately my suspicion is that it won't be hard for mastodon to evolve there.

@cwebber @deadsuperhero @notclacke @schmittlauch For the most part it seems to be based on the (mistaken) assumption that if users address each other by user@domain, then so should computers. But that's not really a valid or useful assumption... it's also already caused issues that have been solved in suboptimal ways (re: case sensitivity, account migration, username changes, etc)

@notclacke @schmittlauch @cwebber this doesn't work without webfinger too.