The basics are pretty easy. Activity Streams 2.0 supports custom MIME types on content, so using a MIME type like `application/encrypted` (OpenPGP) or `application/pkcs7-mime` (S/MIME) would just pass through the ActivityPub system.
For users experienced with exchanging keys out of band, this is probably enough to get started.
1. To be E2E, encryption has to be implemented in the client software. That software has to be able to access keys, use them, and keep them safe. This includes Web clients and mobile clients. 2. To be worth all this trouble, there should really only be one way to do it. 3. Most people are bad at managing keys. So, key management should be automatic. 4. Many people use multiple clients, so there must be a way to share keys between them.
@evan thank you Evan. This confirms a few things for me!
So for my own ideas, I’ve been thinking specifically about enabling video/audio calls.
Looking at it, the ActivityPub spec allows enough metadata etc that the handshaking part for webrtc could be run through ActivityPub and DMs already. Clunky perhaps, but possible!
@evan I'm not sure Signal is a good example. IME when you use signal from your computer, it has to bounce the messages through your phone, which has to be on and available. It's a terrible user experience.
Evan Prodromou
in reply to Dave ✨ • • •The basics are pretty easy. Activity Streams 2.0 supports custom MIME types on content, so using a MIME type like `application/encrypted` (OpenPGP) or `application/pkcs7-mime` (S/MIME) would just pass through the ActivityPub system.
For users experienced with exchanging keys out of band, this is probably enough to get started.
Evan Prodromou
in reply to Evan Prodromou • • •so, let's talk about the hard parts.
1. To be E2E, encryption has to be implemented in the client software. That software has to be able to access keys, use them, and keep them safe. This includes Web clients and mobile clients.
2. To be worth all this trouble, there should really only be one way to do it.
3. Most people are bad at managing keys. So, key management should be automatic.
4. Many people use multiple clients, so there must be a way to share keys between them.
Evan Prodromou
in reply to Evan Prodromou • • •Evan Prodromou
in reply to Evan Prodromou • • •Dave ✨
in reply to Evan Prodromou • • •@evan thank you Evan. This confirms a few things for me!
So for my own ideas, I’ve been thinking specifically about enabling video/audio calls.
Looking at it, the ActivityPub spec allows enough metadata etc that the handshaking part for webrtc could be run through ActivityPub and DMs already. Clunky perhaps, but possible!
Nic Dade
in reply to Evan Prodromou • • •silverwizard
Unknown parent • •silverwizard
Unknown parent • •silverwizard
Unknown parent • •Sure, yes, continuous audit of all jS would become necessary - it would be messy and horrible.
This is definitely not an impossible task - just a monumental beyond imagining one.