zlacker

[return to "So this guy is now S3. All of S3"]
1. arianv+53[view] [source] 2023-05-04 19:07:02
>>aendru+(OP)
This is why mastodon , webfinger and ACME uss .well-known uri prefix. .well-known is reserved and you can't e.g. make a bucket named .well-known

It's funny the bluesky devs say they implemented "something like webfinger" but left out the only important part of webfinger that protects against these attacks in the first place. Weird oversight and something something don't come up with your own standards

◧◩
2. benatk+Ej[view] [source] 2023-05-04 20:25:41
>>arianv+53
.well-known seems unintuitive

Also the penalty isn't very high here. Someone impersonated a domain on a burgeoning protocol for a short while. So what?

◧◩◪
3. ceejay+Oo[view] [source] 2023-05-04 20:53:30
>>benatk+Ej
> .well-known seems unintuitive

We're talking about folks setting up a custom domain for a personal social media presence. If they can handle nameservers and DNS records, they can handle a folder with a dot in the name.

◧◩◪◨
4. benatk+by[view] [source] 2023-05-04 21:42:19
>>ceejay+Oo
They can and probably should but what if they decide not to?

That's the problem with expecting people to agree with and follow standards.

◧◩◪◨⬒
5. thwart+JI[view] [source] 2023-05-04 22:47:57
>>benatk+by
If they decide not to, then they get all the capabilities, responsibilities, and level of participation that come with not following a standard that others are expecting.

You've effectively described what happens when people don't agree.

◧◩◪◨⬒⬓
6. benatk+xL[view] [source] 2023-05-04 23:08:48
>>thwart+JI
There's already a strong precedent for something like .well-known being disregarded — the ~/.config directory. It's the same idea, a special directory starting with a dot, and the objection seems to be similar, that it's awkward. In the case of the config directory it's that the storage for an app is spread between multiple directories like ~/.local/share and ~/.cache instead of one directory like ~/.vim

https://wiki.archlinux.org/title/XDG_Base_Directory

I support both well-known and XDG because I think the benefit outweighs that perhaps they could have been designed better. But I don't think that those who opt out of it could only be doing so out of ignorance.

◧◩◪◨⬒⬓⬔
7. thwart+6c1[view] [source] 2023-05-05 03:40:43
>>benatk+xL
~/.config is an interesting contrast. The difference is .well-known has different producers and consumers, webmasters and web clients, respectively. Whereas the thing that uses an application's config files is the same as the thing that created it.
[go to top]