The basics are pretty easy. Activity Streams 2.0 supports custom MIME types on content, so using a MIME type like `application/encrypted` (OpenPGP) or `application/pkcs7-mime` (S/MIME) would just pass through the ActivityPub system.
For users experienced with exchanging keys out of band, this is probably enough to get started.
1. To be E2E, encryption has to be implemented in the client software. That software has to be able to access keys, use them, and keep them safe. This includes Web clients and mobile clients. 2. To be worth all this trouble, there should really only be one way to do it. 3. Most people are bad at managing keys. So, key management should be automatic. 4. Many people use multiple clients, so there must be a way to share keys between them.
@evan thank you Evan. This confirms a few things for me!
So for my own ideas, I’ve been thinking specifically about enabling video/audio calls.
Looking at it, the ActivityPub spec allows enough metadata etc that the handshaking part for webrtc could be run through ActivityPub and DMs already. Clunky perhaps, but possible!
@evan I'm not sure Signal is a good example. IME when you use signal from your computer, it has to bounce the messages through your phone, which has to be on and available. It's a terrible user experience.
Evan Prodromou
•For users experienced with exchanging keys out of band, this is probably enough to get started.
Evan Prodromou
•1. To be E2E, encryption has to be implemented in the client software. That software has to be able to access keys, use them, and keep them safe. This includes Web clients and mobile clients.
2. To be worth all this trouble, there should really only be one way to do it.
3. Most people are bad at managing keys. So, key management should be automatic.
4. Many people use multiple clients, so there must be a way to share keys between them.
Evan Prodromou
•Evan Prodromou
•Dave ✨
•So for my own ideas, I’ve been thinking specifically about enabling video/audio calls.
Looking at it, the ActivityPub spec allows enough metadata etc that the handshaking part for webrtc could be run through ActivityPub and DMs already. Clunky perhaps, but possible!
Nic Dade
•silverwizard
silverwizard
silverwizard
This is definitely not an impossible task - just a monumental beyond imagining one.