Brooklyn Zelenka

> Should we support non DID principals? It's a good question, and has come up a few times! I'm not dead set against opening principals to being any URI, or...

@scottc-WellSky I agree that the example could be annotated more clearly. I _think_ you're referring to this code in the README: https://github.com/fission-codes/keystore-idb/blob/0bbb92aeba7a33a5372bd2ef64dce1c3ee1f7213/README.md?plain=1#L44-L79 If so, the text right above says that...

@matheus23 I should probably tag you in to make sure that I'm not missing anything. I never actually worked on this repo 😛

> > aes-256-gcm, aes-128-gcm, etc.? > > This is really a rabbit hole. I'm not deep enough (and hopefully won't get any deeper) to have a strong opinion about it....

> Otherwise you are trivially vulnerable to replay attacks because you broadcast the tokens to the DHT We've done some work with UCAN to avoid replays, too 👍 The most...

> cc some folks who have been asking about this for a while Maybe to clarify a bit: the Fission team definitely welcomes this as a privacy measure, and I...

> it reduces the replay to a (trivially exploitable) race condition > To be clear, one absolutely critical property of any usage of this is that auth tokens MUST be...

> I want to double check that you're not waiting on go-ipfs (now https://github.com/ipfs/go-ipfs/issues/8959#issuecomment-1156963447) to implement something like ipfs get bafyfoobar --token= since that's not something that's planned to be...

+1 to base58 has been a pain to work with in practice That said we have a bunch of b58 keys in the wild. It's easy enough for us to...

LOL thanks Codecov