does anyone know whats the status of end to end encryption in #activitypub
-
does anyone know whats the status of end to end encryption in #activitypub
like is it already implemented??? -
does anyone know whats the status of end to end encryption in #activitypub
like is it already implemented???With the current architecture, it's meaningless. TLS does a good enough job securing server to server communication.
So the first step would be to separate the device, i.e. the thing in the users hands, from the ActivityPub actor. Until devices have a meaningful identity in the Fediverse talking about E2EE is meaningless.
-
does anyone know whats the status of end to end encryption in #activitypub
like is it already implemented???valorzard@mastodon.gamedev.place as far as I know there is no E2EE in ActivityPub yet, although it is focus of the SWF
-
@julian @valorzard we have a spec and we are looking for implementers.
-
@julian @valorzard we have a spec and we are looking for implementers.
-
With the current architecture, it's meaningless. TLS does a good enough job securing server to server communication.
So the first step would be to separate the device, i.e. the thing in the users hands, from the ActivityPub actor. Until devices have a meaningful identity in the Fediverse talking about E2EE is meaningless.
@helge @valorzard I am planning to implement this: https://codeberg.org/silverpill/feps/src/branch/main/0806/fep-0806.md
-
@helge @valorzard I am planning to implement this: https://codeberg.org/silverpill/feps/src/branch/main/0806/fep-0806.md
silverpill@mitra.social oh don't tell me we're going to have competing E2EE implementations too!
-
@helge @valorzard I am planning to implement this: https://codeberg.org/silverpill/feps/src/branch/main/0806/fep-0806.md
@silverpill @helge is this compatible with the MLS stuff?
-
@silverpill @helge is this compatible with the MLS stuff?
@valorzard @helge The mechanism described in the proposal is much simpler, but in theory MLS is also compatible with with portable / client-signed messages. I've seen some MLS-related work on the Nostr network, they are trying to do exactly that.
-
@valorzard @helge The mechanism described in the proposal is much simpler, but in theory MLS is also compatible with with portable / client-signed messages. I've seen some MLS-related work on the Nostr network, they are trying to do exactly that.
So the first step would be to separate the device, i.e. the thing in the user's hands, from the ActivityPub actor.
Let me reiterate on this and how FEP 0806 achieves it. Each device gets a private key, public key pair. The public key is encoded in the
did:keyformat. Then one can achieve secure communication between two devices as long as they know each other's public keys.This is an important step to take. Unfortunately, it is not user friendly. Nobody wants to be exposed to public keys (or track them).
-
So the first step would be to separate the device, i.e. the thing in the user's hands, from the ActivityPub actor.
Let me reiterate on this and how FEP 0806 achieves it. Each device gets a private key, public key pair. The public key is encoded in the
did:keyformat. Then one can achieve secure communication between two devices as long as they know each other's public keys.This is an important step to take. Unfortunately, it is not user friendly. Nobody wants to be exposed to public keys (or track them).
@helge @valorzard FEP-0806 is a proof of concept. Like other nomadic identity stuff, it is intended for power users who don't mind key management.
But once we figure out the basics, we can make it user friendly:
- Use DID methods that support key rotation instead of
did:key
- Use better key agreement mechanisms for E2EE
- Create password-protected key backups to sync keys between devices.
