I am basically saying; the "signer" app could be just the devices you own, as long as they support passkeys.

This was never an option with Pkarr, simply because you couldn't temporarily trust someone else to update your DNS records .. because there is no rotation, so you can't take exclusive custody later.

We don't need that here, and in fact recovery keys in offline storage + a server, is safer than a non-rotatable keyon your internet connected device, even if we do great job encrypting it at rest

But note; I am only talking about Authentication so far.

The Ring signer app does more than that, it Authorizes access to the Homeserver.

I can't tell how would authorization work yet because I am not focused on Homeservers at all, and not even assuming they will exist.

But my assumption is that authorization is just a thing you do after you authenticate... So it could be that you don't need an app for that either, instead you authenticate to the Homeserver UI then manage authorization from there.

Similarly if an app wants to ask for permissions from your Homeserver, it should know your Homeserver address from the Nameserver records, and it can redirect you there like apps redirect you to authorization from Gmail account.

All in all, you might not need an app at all, if you are not managing any keys yourself... Recovery key written on a piece of paper might be just enough.

I mean think about it, passkeys usually work by you registering passkeys in the database of an account you already have ....

Well why not registering these passkeys in your DNS records... In fact I think this should be doable in normal DNS except that;
1. Most people don't have domains at all.
2. DNS by default is not authenticated, and even if you use DNSSEC, you are relying on certificates by central authorities.

I don't know yet. My basic assumption is that for most users who don't want to have self custody they won't need an app, they will use a web app they sign in to with a Passkey and ask their Namespace to update their records when they need... So not unlike Bluesky in that regard.

Possibly they download a recovery key that helps them recover if the Registrar and or Nameserver dies.

If they try to take custody of their own keys, then the app could be an app that doubles as a 2FA app like Google authenticator... That doesn't do more than manage the identity.

But another harder alternative would be something like Peergos app or Google Drive or Proton Drive, where you manage both identity but also access control in a central place.

The later is obviously much harder than the former, and not needing any apps is easier than all.

Simplest solution is to register your devices passkeys in your records in your Nameserver, and then sign in by writing your name, and the web app resolves your passkeys and prompt you to login with passkeys and check if the passkey you used is in your signed records

Of course in practice, both your Registrar and Nameserver will be the same as the Homeserver, which in turn is most likely would be the default server of the developer of App you downloaded and possibly paying for... So really not very different from just buying a domain from a hosting provider... But you can move from their to a better more sovereign place... Or not!

Which is by the way why Mlkut Homeservers and the rest of the protocol should support ICANN domains, if some people are hell bent on not having self sovereignity ever, might as well get a nice subdomain? But maybe encouraging this ends up being a big mistake.

Counting as a DAO would be an objective thing just like counting as a company, regardless of my opinion. And my opinion doesn't matter specifically, since I am not familiar with Defi much more very interested. I just want more orgs with some legal arbitrage to compete in the market, because if/when I need them, I want a non-kyc options as much as possible.

Ungodly amount of text... More relevantly it is what Bluesky did (ignoring that the registry is fully centralized) and we know that only a handful of 40 millions cared to get any level of custody or recovery options... People don't care. But that's ok, they have the right not to. As long as the ones who do are empowered.

Well, I hear about Aave a lot and they seem somewhat functional. But I remember that Bisq is also some sort of a DAO, maybe I am wrong. But at the end of the day a DAO is a decentralised shareholders with a treasury... So if Bisq is going to reimburse, they are either a DAO or a company, and I think they are the former.

Why is that important? Because I want to allow servers to basically claim a whole range of IDs with one small transaction that only includes the keys that the server is going to use to edit the information of any of these IDs.

But I also want the server to be able to show users a random set of IDs to choose from, without all looking the same with one change at the last couple characters...

Basically like how Urbit planets or whatever are randomly distributed over stars or whatever, but without the ungodly amount of onchain data that would require.