the internet has a fundamental assumption that anyone can send anything to anyone. this assumption has of course been broken at the IP layer by firewalls and NAT, causing no end of headaches for application developers and users. that assumption permeates the whole stack - not only can i send a packet to any computer on the public internet, i can email anybody, i can message anybody on any of the messaging platforms. i can tag anybody on social media. on the internet everybody is next door and can come round whenever they want.
but what if they couldn’t?
converge is about distributing data, not connecting nodes in a network.
one of the implications of this - that i’ve been struggling with - is that it’s very difficult to reach out to a person or service via converge. everything is about fetching immutable data, or subscribing to changes of mutable data. it’s easy enough if two people who know each other’s keys want to connect - do a key exchange, establish a shared secret, derive a new signing key, write data into the mutable object, and subscribe to changes on that object. but, very importantly, both parties need to subscribe to establish two-way communication.
i had been considering this a nuisance - a lot of traditional software architectures are more difficult this way. but i am starting to this that this is a feature rather than a bug. you cannot send spam via converge. if you want to talk to someone you need to pass your key on through the network of existing connections, subject to the trust and relationships between those people. yet if two people want to talk to each other they can still connect without that.
it’s a really different way of thinking about an overlay network, and not something that i see in other projects.
so maybe i don’t want to come up with a destination object type, that anyone can create or verify, but only someone with a particular key can open. maybe that is reintroducing a huge attack surface that simply isn’t necessary.
even if that means making writing a public message board significantly harder.
- ← 13.77882
i quite like the anti-spam property of converge that i described yesterday. but it also seems a bit too harsh to prevent all automated initiation of contact. how can we enable some unilateral initiation, as an extra that you specifically need to enable?
- 13.77906 →
in cryptography, we often require domain separation for different uses of the same primitives. roughly, this means ensuring that the inputs to a primitive for different purposes cannot overlap. so there are no instances where you can lift a value from one part of the protocol and use it in another.
i’ve been thinking about data confusion - interpreting the same pile of bytes as different types.