chrisb
LightNews LightNews
banner
boscolo.co
chrisb
@boscolo.co
330 followers 200 following 630 posts
sojourning through the crazy woods (bosco loco) pondering rainbows and unicorns
Posts Media Videos Starter Packs
Pinned
boscolo.co
chrisb @boscolo.co · Jun 13
I'm a bit of a dreamer, I want to message people via ATProto using their ATProto Identity and have it be end-to-end encrypted like Signal.

bsky.app/profile/bosc...
boscolo.co chrisb @boscolo.co · May 15
ATproto devs, app builders, dreamers of a more agentic world—this our opportunity to shape secure, private open E2EE messaging!

This preliminary AT Messaging spec needs your help to finish. Dive in, share your brilliance, join #e2eeWG, and let’s build it together!

github.com/ATProtocol-C...
2 15
boscolo.co
chrisb @boscolo.co · 1d
I wish my brain had a CLAUDE.md for all of the projects I am working on. Context switching is killing me...
4
boscolo.co
chrisb @boscolo.co · 4d
hopefully this is not prescient of when the AI overlords take over the timeline 😨
boscolo.co
chrisb @boscolo.co · 6d
Are you sleeping on @cloudflare.social Durable Objects with WebSocket Hibernation?

That's ok, you won't pay for anything while they sleep...

seriously tho, why isn't everyone building with them?
1
boscolo.co
chrisb @boscolo.co · 6d
If AT Protocol had it's own native decentralized encrypted messaging, could build app notifications on it. 📬

🔔 Image if a notification that someone commented a published @leaflet.pub showed up in Bluesky?
4
boscolo.co
chrisb @boscolo.co · 6d
if I had a nickel for every time I bought a domain, I'd be rich!

(minus the cost of the domain)
danabra.mov dan @danabra.mov · 7d
i even bought a domain!!
4
boscolo.co
chrisb @boscolo.co · 7d
Gotcha.

You should check out blog.boscolo.co/3lykyjmlj4k2s

It uses ATProto PDS for user public keys and message delivery address, SMTP for message delivery, and (eventually) MLS for encryption (instead of Matrix).

This avoids all the legacy Matrix inertia, and centers the design on the DID & PDS.
A Vision for End-to-End Encrypted Messaging on ATproto - blog.boscolo.co
This was originally published on whtwnd.com March 26, 2025 at://did:plc:wtk7wq3y3i64z3umv44eutuj/com.whtwnd.blog.entry/3llcqqytyxz2r
blog.boscolo.co
3
boscolo.co
chrisb @boscolo.co · 7d
When comparing ATProto vs. Matrix, the issue is not that there's an intermediary PDS/Home server. It's that Matrix binds the identity to the Home server. ATProto binds the identity to the DID. Users cryptographically control the DID & can update where the PDS is hosted w/out breaking chain of trust.
1
boscolo.co
chrisb @boscolo.co · 8d
but even with MSC4243, the domain in their accountID is the home server, right?

What makes AT Protocol so powerful is that the account ID is abstracted to a decentralized identifier, controlled via cryptographic key pair.

With Matrix your account ID is bound to the DNS domain of your home server
2
boscolo.co
chrisb @boscolo.co · 8d
What if bob initiates the first message?

For Alice, how will the protocol determine (with cryptographic certainty) that the message came from bob.home.xyz?
1
boscolo.co
chrisb @boscolo.co · 8d
this makes sense.

When alice.com sends a message back to bob.home.xyz, what does bob see as the sender of the message? (how does he know it's from alice.com?)
1 1
boscolo.co
chrisb @boscolo.co · 8d
It would be better to not promote protocols the bind user account IDs to home server DNS.

It’s fine for orgs, but bad for individual users. It’s a repeat of Facebook-style centralization.
2
boscolo.co
chrisb @boscolo.co · 12d
Recently, thought of a way to make my did:fid proposal chain agnostic, at the expense of some interop concerns.

Just add the CAIP chain id like so:
did:fid:1898:84532
would be a DID registered on the Base chain.
2
boscolo.co
chrisb @boscolo.co · 12d
Without a doubt cheaper to use on-⛓️ DID.

Larger concern with did:web is that Facebook-sized players will use it to onboard users, completely undermining the value of the DID.

Recently realized there's an easy way to make👇 chain agnostic, will write a follow on post:
blog.boscolo.co/3lyxzeejguk2h
Solving AT Protocol's Centralized Identity - blog.boscolo.co
I spent the weekend building a proof of concept for a truly decentralized DID method using Farcaster's battle-tested identity system. Here's why AT Protocol needs this third DID option.
blog.boscolo.co
3
boscolo.co
chrisb @boscolo.co · 12d
OAuth stands for OrwellianAuth, is the unfortunate truth...
3
Reposted by chrisb
signal.org
Signal @signal.org · 17d
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
41 2.4K 4K
boscolo.co
chrisb @boscolo.co · 19d
Conceptually I like this. My concern is that it has a lot of moving parts that can result in failures to lookup DID Documents. Whereas FIDs are simple, battle tested (1M+ created) with a pretty good recovery story.
boscolo.co
chrisb @boscolo.co · 22d
A full moon is nature’s shelling point for clock synchronization 🌕
1
boscolo.co
chrisb @boscolo.co · 23d
DNS in AT Proto is used for the human readable handle, like ENS on Farcaster. Hence why I think ENS would make a great decentralized addition.

My proposal was to turn the Farcaster FID into a valid W3C DID as an alternative to the two long term stable account ID currently supported in AT Proto
1
boscolo.co
chrisb @boscolo.co · 23d
I think the fact that ENS names are rented not owned, makes them a poor choice for a long term stable account identifier. But, I’d love to see ENS as valid AT Proto handle (the human readable part of your identity.)
1 1
boscolo.co
chrisb @boscolo.co · 24d
Does this require that users (via an app) add a new key pair to their DID?
boscolo.co
chrisb @boscolo.co · 25d
In less than one month @leaflet.pub has completely spoiled me.

The ability to copy text on a web page, and turn it into a link with an OG preview that makes it totally obvious which text I am referring to is a game changer.

Note the difference in:
bsky.app/profile/bosc...
bsky.app/profile/bosc...
boscolo.co chrisb @boscolo.co · 25d
slightly tangential, but a PDS API for generic signing of content would be a huge unlock for a bunch of applications!

pfrazee.leaflet.pub/3lzhui2zbxk2...
Three schemes for shared-private storage - Paul's Leaflets
pfrazee.leaflet.pub
4 1 28
boscolo.co
chrisb @boscolo.co · 25d
good take. My brain interpreted the "should" in the last sentence as permission to paint outside the lines with this. (ah, the fun of standards...)

Given the desire expressed by many to support aliases in AT Protocol, we should push to get this clarified in that directions.
1 2
boscolo.co
chrisb @boscolo.co · 25d
yep, those @Aliases shown in PDSls come from the "alsoKnownAs" array in the DID document.

One question that don't think is described in the ATProto docs is how different apps would know which alias to use. BSky uses the first, but doing it positionally is not the answer for other apps.
2 1
boscolo.co
chrisb @boscolo.co · 25d
This is my understanding.
1
boscolo.co
chrisb @boscolo.co · 25d
Does everyone have to come to a rough consensus on your drink?
1