I desperately need people to understand that data doesn't need to be signed (be self-authenticated) if you download it from the authoritative source and you trust the DNS and e2ee between you.
If you don't have gossip infrastructure (and demand) in place, signed data is dead weight and larping.
People understand this. Its just a witness.
I am not sure they understand it. If they did, they would have realized that something like Pkarr + any normal HTTPS server satisfies the vast majority of the web usecases.
The only reason to sign data beyond that, is if you are publishing something worthy of gossip, like Torrent or Git repo.
You don't need a witness when there is only two parties involved, the client and the authority.
But instead people take about signing data in a very religious way. Users don't need to sign every damn thing, especially when the price of that is losing your identity every time you lose a signing key.
but you need every person to run their own https server publicly accessible at all times?
No, they can delegate, web hosting have been a thing since forever.
are we going to pretend we can't trust servers that we are already in a trust relationship with to not fake our data?
Not everything needs to be that extreme, life is built on trust, as long as I can always fire a misbehaving server.
