Just a random thought experiment. Let’s say I have my account on a lemmy instance: userA@mylemmy.com. One day I decide to stop paying for the domain and move to userA@mynewlemmy.com, and someone else gains it and also starts up a lemmy instance.
If they make their own userA@mylemmy.com, how do federated instances distinguish who’s who?
Have I misunderstood the role of domain names in this?
Sure, but if you lose your domain you already lost. That’s it, game over.
I do agree it would make sense to issue every Lemmy instance and every user an asymmetric key pair they can sign against, just for extra security. But that might also break things because instances per domain are no longer unique. You can have lemmy.ml@publickey1 and then lemmy.ml@publickey2 and then lemmy.ml@publickey3 and so on. It would be an absolute mess.
This doesn’t even have to be an attack. A new instance owner might decide to re-setup their instance and nuke everything or they simply lost the data. Or on a faulty Lemmy update things break and the private key gets regenerated or jumbled up. Especially right now in the early stages of this platform where things are bound to go wrong you don’t want to accidentally nuke an entire instance.
What do you do then if a legitimate owner sets up the instance under the same domain again?
Besides that, if an instance really gets removed (which basically happens if someone takes over the domain, they don’t have access to the instance data itself) other instances can simply defederate in an emergency. Though the only damage would be moderator accounts on other instances. The content is dead the moment the instance dies anyway (there just isn’t a mechanism yet to clean it up if there is no delete events being sent, but that will probably come).