Been thinking about what the key-trust part of decentralized "social PKI" should look like.

The individual part seems straightforward: A public key, and a history of key rotations (where each key signs a message revoking itself as latest, and endorsing the next public key as latest instead.)

But how do you trust someone else's key in the first place? (Including when they lose all data and have to recreate their identity, with a new key.)

I'm very tempted to say... we can leave that to implementations, with just some strong suggestions in the spec as to how to meet different users' different needs.

One implementation could just use TOFU and notify the user if something looks wrong. Another could participate in a key-gossip system, where useragents inform each other of identity/key relationships they've seen, allowing multipath resilience against MITM. And another could go full-on PGP key-party if it really wanted to, I guess.

Does this sound reasonable? Would love to hear feedback.

Am designing Gimli's electoral moderation system. That is, a way to choose moderators (NOT instance admins, dw) via elections!

The question is, what system should we implement?

Important note: in each election, there may be a limited amount of moderation seats. The question of how are candidates created - via self-suggestion, or via autocratic appointment - depends on the instance and the specific Guild.

Für die Zukunft nehme ich mir vor eonige #SocialMedia Beiträge mit #Penpot zu gestalten.

Aktuell nutze ich dafür meist #AffinityDesigner und #Canva beides gerade in der Zusammenarbeit mit z.B. Vereinen sehr wichtig bleiben, aber für kleinere Projekte und eigene Posts könnte das sehr gut funktionieren.

https://community.penpot.app/t/5-social-media-design-tricks-and-why-they-work/4401

We should be trying to invent online social spaces that are much, much smaller, and I think it's possible to do this without losing the benefits of large social networks:

https://www.brainonfire.net/blog/2023/06/19/groups-should-go-small/