undefined

points

[-]

> Use HTTP (secure is not the way to decentralize).

This doesn't seem like useful advice. If you're going to use HTTP at all there is essentially zero practical advantage in not using Let's Encrypt.

The better alternative would be to use new protocols that support alternative methods of key distribution (e.g. QR codes, trust on first use) instead of none.

> Selfhost DNS server (hard to scale in practice).

This is actually very easy to do.

by bullen4 hours ago|

parent|

[-]

Let's Encrypt is not part of our friends here.

DNS is easy for yourself, but if you host it for others (1000+ of people) and it needs to have all domains in the world, then it becomes a struggle.

by zrm3 hours ago|

parent|

[-]

Let's Encrypt is a non-profit that defeated the certificate cartel. The main thing you get from using HTTP without it is bad security.

DNS can answer thousands of queries per second on a Raspberry Pi and crazy numbers on a single piece of old server hardware that costs less than $500.

by bullen2 hours ago|

parent|

[-]

No root certificate is decentralized.

If your DNS port is closed by your ISP, you can't have people use your DNS server from the outside and then you need Google or Amazon which are not decentralized.

Also to be selfhosted you can't just forward what root DNS servers say, you need to store all domains and their IPs in a huge database.

by almatia2 hours ago|

prev|

[-]

There are bridges for Matrix (JSON)-ActivityPub (XML), one in Elixir: https://github.com/technostructures/kazarma/

by pixl975 hours ago|

prev|

[-]

1) so how do you validate the http the client receives is the http you sent?

by forgotmypw175 hours ago|

parent|

[-]

Validate it yourself with hashing and PKI. Yes, it needs bootstrapping, just like centralized HTTPS needs bootstrapping.

by bullen4 hours ago|

parent|

[-]

Wow, thanks!

Also if people need more food for (decentralized) thought:

https://datatracker.ietf.org/doc/html/rfc2289