Subdomain per protocol-level server? #711
Comments
|
The added difficulty here is that DNS servers generally don't support multiple levels of wild cards like we'd need to serve arbitrary sub-sub-subdomains like this without enumerating and creating explicit DNS records for all of them. So, realistically, we'd need to customize and run our own DNS server that handles multiple levels of wildcards. Ugh. |
|
Huh, I misunderstood DNS wildcards, they actually can serve multiple levels. More: https://blog.cloudflare.com/wildcard-proxy-for-everyone/ The catch is that we'd also need an SSL cert for each subdomain we want to serve WebFinger and AP actor ids on, or at least each wildcard level, and SSL certs don't support more than one level of wildcards. |
|
Oh, also, and more importantly, this would mean that Bluesky users' bridged fediverse handles would change every time they migrate to a new PDS. That kinda seems like a showstopper. |
|
^ Added to the docs, https://fed.brid.gy/docs#instance-subdomains . Tentatively closing, at least for now. 😢 |
Right now, in federated protocols, server admins can block/defederate individual other servers. We don't currently expose individual servers across the bridge, though, so if eg a fediverse admin doesn't like one specific ATProto PDS and wants to defederate from it, they can't. Their only option is to block the bridge as a whole. It'd be nice to expose servers across the bridge so that admins can defederate them individually.
The difficulty is that this would make user ids even bigger and more unweildy. For example, Bluesky user
alice.orgcurrently gets the fediverse handle@[email protected]. With this, we'd need to make her handle something like@[email protected], where pds.net is her ATProto PDS (server). Ugh.The text was updated successfully, but these errors were encountered: