Soatok Dreamseeker@pawb.social to Technology@lemmy.worldEnglish · 3 days agoAnnouncing Key Transparency for the Fediverse - Dhole Momentssoatok.blogexternal-linkmessage-square9fedilinkarrow-up179arrow-down12cross-posted to: [email protected][email protected]
arrow-up177arrow-down1external-linkAnnouncing Key Transparency for the Fediverse - Dhole Momentssoatok.blogSoatok Dreamseeker@pawb.social to Technology@lemmy.worldEnglish · 3 days agomessage-square9fedilinkcross-posted to: [email protected][email protected]
minus-squareSoatok Dreamseeker@pawb.socialOPlinkfedilinkEnglisharrow-up1·2 days ago why it this separate mechanism needed in the first place? Because ActivityPub was not designed for E2EE. That’s the simplest answer. The longer, and more technical answer, is that doing the actual “Encryption” part of E2EE is relatively easy. Key management is much harder. I initially set out to just do E2EE in 2022, but got roadblocked by the more difficult problem of “which public key does the client trust?”.
Because ActivityPub was not designed for E2EE. That’s the simplest answer.
The longer, and more technical answer, is that doing the actual “Encryption” part of E2EE is relatively easy. Key management is much harder.
I initially set out to just do E2EE in 2022, but got roadblocked by the more difficult problem of “which public key does the client trust?”.