Hacker News new | past | comments | ask | show | jobs | submit login

I think this is not about using s3 to serve files, but someone having verified owning s3 on bsky by putting some challenge file in his bucket. My guess, also missing context.



That is correct.

1. Bluesky allows you to use a domain as a handle by creating a TXT record on an _atproto subdomain of the domain you wish to use (see https://mxtoolbox.com/SuperTool.aspx?action=txt%3a_atproto.s... for mine)

2. You can also serve up your DID by having the URL "https://<handle>/xprc/com.atproto.identity.resolveHandle" return the DID.

3. AWS buckets have the URL structure http://s3.amazonaws.com/[bucket_name]/

4. register "xrpc" as an S3 bucket, drop a file named "com.atproto.identity.resolveHandle" with the correct JSON in it

5. boom! your username can now be s3.amazonaws.com

Hope that helps.


Thanks for the explanation. Kinda surprised xrpc hadn't been registered as a bucket name long ago. Or maybe it was.


Just created it yesterday. I don't think there's as much incentive to squat on the S3 namespace like there is for domain names.


Yeah, a bucket name isn't the face of your company.

At a previous company I worked at, every bucket had the company name prefixed. Never had a problem with squatters.

I wonder if Amazon actually has any policies to prevent squatting.


Sounds like Bluesky screwed up by not implementing the https://publicsuffix.org/ list


The root cause here IMHO is more subtle than that, but I do agree that implementing that at some point is probably a good idea.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: