You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Frontpage only supports did:plc for user identity. We want to explore supporting did:web users — allowing them to authenticate, create posts, comment, and vote alongside did:plc users.
Previously tracked as #214 ("Cannot log in with did:web"), which was closed as unsupported. This issue scopes the work to properly design and implement did:web user support.
Problem
did:web has fundamentally different trust and availability properties from did:plc:
Availability: DID resolution depends on the user's web server being up. If it goes down, we can't resolve their DID, discover their PDS, or verify their identity — and DID resolution is baked into profile pages, post rendering, comments, voting, and feeds.
Domain takeover: If a domain expires and is re-registered, the new owner controls the DID. As Tom noted in Cannot log in with did:web #214: "making sure that once a did:web is deleted it's burned forever, it can't be reused" is a key problem.
No portability: The DID IS the domain. Users can't migrate PDS without changing identity.
No audit trail: Unlike did:plc's signed operation log, did:web key rotation is just "update the file." No cryptographic proof of changes.
No recovery: If the user loses both their private key and domain access, the identity is gone.
Scope
A comprehensive design is needed covering:
Identity resolution: Extend DID validation and resolution to handle did:web — resolving via HTTPS to /.well-known/did.json, with SSRF protection, timeouts, and redirect handling
Auth flow: OAuth works identically for both DID methods at the protocol level, but we need graceful handling of resolution failures during sign-in
Resilience: Caching strategy, graceful degradation when a did:web host is down, circuit breakers to prevent cascading failures across the app
Domain takeover mitigation: Strategies for detecting identity discontinuity (key changes, document changes) and protecting against domain re-registration attacks
DID burning: Once a did:web identity is seen, ensure it can't be silently replaced by a new owner of the same domain
UI/UX: How to surface did:web identity status, warnings about availability, handle display differences
Data integrity: What happens to posts, comments, and votes when a did:web user's domain goes down permanently?
Context
Currently Frontpage only supports
did:plcfor user identity. We want to explore supportingdid:webusers — allowing them to authenticate, create posts, comment, and vote alongsidedid:plcusers.Previously tracked as #214 ("Cannot log in with did:web"), which was closed as unsupported. This issue scopes the work to properly design and implement
did:webuser support.Problem
did:webhas fundamentally different trust and availability properties fromdid:plc:Scope
A comprehensive design is needed covering:
did:web— resolving via HTTPS to/.well-known/did.json, with SSRF protection, timeouts, and redirect handlingReferences
at://did:web:pds.mk.gg/app.bsky.feed.postis an invalid URI #328 — relatedat://did:web:URI parsing issue