# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 14
# self = https://watcher.sour.is/conv/q3z6xkq
… then again, a better solution might be: Allow the user to specify a validate_feed_command. That way, users can use anything they like, be it PGP or OpenBSD signify or whatever. So, feed signing would go into publish_command, feed validation into validate_feed_command. 🤔 And jenny wouldn’t ever have to deal with any of these crypto tools directly.
… then again, a better solution might be: Allow the user to specify a validate_feed_command. That way, users can use anything they like, be it PGP or OpenBSD signify or whatever. So, feed signing would go into publish_command, feed validation into validate_feed_command. 🤔 And jenny wouldn’t ever have to deal with any of these crypto tools directly.
… then again, a better solution might be: Allow the user to specify a validate_feed_command. That way, users can use anything they like, be it PGP or OpenBSD signify or whatever. So, feed signing would go into publish_command, feed validation into validate_feed_command. 🤔 And jenny wouldn’t ever have to deal with any of these crypto tools directly.
@movq @prologic also... So its not part of the file have it hosted at scheme://hostname/twtxt.sig
@movq @prologic also... So its not part of the file have it hosted at scheme://hostname/twtxt.sig
@xuu I actually like the idea of detached signed feeds 👌 We could put a metadata KV on yue feed to point to the .sig URI 👌
@xuu I actually like the idea of detached signed feeds 👌 We could put a metadata KV on yue feed to point to the .sig URI 👌
Okay so we like the idea of a detached signature, which _actually_ uses the same cryptographic primitives to do e2e encryption. Hmmm 🤔 Playing devil's advocate here, but also respect @mckinley 's very correct opinion on openness and styles of social media.
if we like and can accept detached feed signatures. Why not encrypted feeds too? 🤔 In my view as long as we defer the complexity of actually encrypting and signing feeds to say the keys.pub software/libraries that are all open-source, I don't see an awful lot of complexity really on the part of client.
Okay so we like the idea of a detached signature, which _actually_ uses the same cryptographic primitives to do e2e encryption. Hmmm 🤔 Playing devil's advocate here, but also respect @mckinley 's very correct opinion on openness and styles of social media.
if we like and can accept detached feed signatures. Why not encrypted feeds too? 🤔 In my view as long as we defer the complexity of actually encrypting and signing feeds to say the keys.pub software/libraries that are all open-source, I don't see an awful lot of complexity really on the part of client.
@xuu Yeah, detached signatures are probably the way to go *if* we even implement this.
What I don’t like about detached signatures: They require new metadata fields (URL to sig, method (PGP, signify, …)) and more HTTP requests. Yes, that’s cleaner, but also more involved. (And there’s a slight race condition: Updating the feed and the sig is not an atomic step.)
@xuu Yeah, detached signatures are probably the way to go *if* we even implement this.
What I don’t like about detached signatures: They require new metadata fields (URL to sig, method (PGP, signify, …)) and more HTTP requests. Yes, that’s cleaner, but also more involved. (And there’s a slight race condition: Updating the feed and the sig is not an atomic step.)
@xuu Yeah, detached signatures are probably the way to go *if* we even implement this.
What I don’t like about detached signatures: They require new metadata fields (URL to sig, method (PGP, signify, …)) and more HTTP requests. Yes, that’s cleaner, but also more involved. (And there’s a slight race condition: Updating the feed and the sig is not an atomic step.)