Plugin / Salmon

Matthias Pfefferle
Download from WordPress

Frequently Asked Questions (FAQ)

Early Internet protocols and systems were vulnerable to trivial forgery, and fixing this after the protocols were widely deployed is painful, partial, and slow. On the other hand, it’s also possible to add too much security and make a protocol too restrictive or too complex for large-scale adoption. Salmon tries to find a good balance. Salmon adopts a defense-in-depth strategy, assumes that there will be abuse and spammers, but builds in protocol hooks to make an active in-depth defense both cheap and effective with few false positives. Specifically, spammers can not forge signatures from legitimate users, and it is very hard for them to mint massive numbers of fake identities without detection. So as a first line of defense, anything whose authorship check fails, is simply dropped. We’re building this in from the start so that we’ll never have an installed base of clients doing things insecurely. Salmon disallows completely anonymous and untraceable messages. It requires pseudonyms from verifiable identity providers. This feature allows receivers to rate limit the messages per hour per pseudonym and per identity provider. (Identity providers themselves have verifiable identities and can gain or lose reputation based on what their users do; every identity provider has to at least have a domain name, raising the bar for spammers significantly, and meaning that simple rate limiting can force the spammers to acquire and “burn” many domain names.) Assuming wide deployment, we expect that spammers will attack Salmon with the same vigor they throw at email. However, Salmon implementors can cheaply and easily deal with the simpler techniques the spammers currently use to inject email. They will also mount active defenses based both on the years of experience in spam-blocking email and the new tools (guaranteed identity, identity providers, distributed reputation) that Salmon enables. All of this is possible to do, and has been done, with closed systems. Salmon provides a way to do this with an open protocol that anyone can implement and anyone can interoperate with.
Yes, the thr:in-reply-to ID can be the ID of a comment (which can itself be a Salmon with a xpost:source element that points at the ultimate source). While the protocol supports threading, recipients can of course flatten salmon in the feeds that they re-publish — though the thr:in-reply-to element can be used to reconstitute threads as needed.
Salmon is in fact based on and compatible with AtomPub. Salmon greatly enhances interoperability and usability by specifying a distributed identity mechanism for identifying the author and intermediary involved, provides a discovery mechanism, and specifies how things should be linked together. By not requiring pre-registration or federation but still allowing for verifiable identification, it provides a usable, level playing field for all parties involved.
See http://wiki.activitystrea.ms/Cross-Posting.
The payload can define any kind of message, so Salmon can be extended in arbitrary ways. It is already being used to communicate mentions to mentionees. It has also been used to signal cross-site following (by sending a follow message) or to send requests (by sending requests rather than notifications, e.g., a friend request). It is best used when there is not necessarily predefined relationship or subscription between the source and destination; if there is, PubSubHubbub may be a better choice.

Ratings

0
0 reviews

Rating breakdown

Details Information

Version

0.9.1

First Released

26 Nov, 2017

Total Downloads

1,775

Wordpress Version

3.0 or higher

Tested up to:

4.9.12

Require PHP Version:

-

Tags

Diaspora diso federated mastodon ostatus

Contributors

Matthias Pfefferle

Languages

The plugin hasn't been transalated in any language other than English.

DIRECTORY DISCLAIMER

The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.