Recent searches
Search options
@J12t@social.coop so, I think the rough architecture will be that we adapt an abstract protocol using ActivityPub as a low-level layer.
That would mean adding new ActivityPub types and properties that would be transmitted over the network. It might also mean additional collections or other properties, probably discoverable through the actor, with fallbacks using the default API.
@J12t@social.coop I think the three leading candidates for the abstract protocol are:
- OpenPGP. Very straightforward, easiest to implement.
- Signal. Much more complex, not a formal standard, but very widely used for messaging.
- MLS. Also complex. A formal standard. Much less widely used.
My big concern is that if we choose a complex abstract protocol, very few developers will implement it. I'd rather have something less featureful and widely implemented than something fancy that nobody uses.
@evan @J12t OpenPGP lacks perfect forward secrecy. You could use it to do something like signing a Diffie-Hellman key exchange though. That would probably be okay-ish?
How do you coordinate the keys across a user's clients without the server having access to it though?
I don't know enough about Signal or MLS to comment on those.
@J12t @evan Though now that I think more about it. If you're worried about your Diffie-Hellman exchange being MitM'd, using PGP only kicks that can down the road. Sure, you can manually validate PGP keys or use a web-of-trust, but the average person isn't going to want to do that (or even know that they need to).
Edit: proofreading? What's that?