The Long Tail of Work Left Until ActivityPub Has E2EE

13 points by PuercoPop


maduggan

As someone who uses ActivityPub a lot I certainly encourage this work. I'm not really skilled enough in cryptography to be able to materially contribute to a lot of it. As someone who implements cryptographic solutions in applications but doesn't create new ones, my read of this feels sorta overkill?

Like I understand not trusting the server operator, but could we do some sort of immutable ledger anchoring or multi-witness verification to say "hey this key has changed" and have the client alert you? I understand this wouldn't prevent a situation where multiple servers were compromised, but it seems statistically unlikely given how there's little coordination between server administrators. I understand this would require someone to host the ledger but that seems doable. It wouldn't be a guard against state-level attacks but it would allow for faster implementation of E2EE.

Or could you do something even more simple like "locally sign a statement S = sign_K(userKey, actorURL || pubKey || timestamp), put it on a website you control or automate the publishing to a gist or Keybase or something and then allow the client to check that when they look at the key on your profile"? This requires some effort from the user, but it feels like something you could like mostly automate for people? Like this feels like a perfect usecase for WebAuthn-backed keys.

This is mostly my own curiosity, not an attack on the work this person is doing. I just read this as sorta positioning ActivityPub messaging as a Signal alternative, which is fine, but seems like a very ambitious goal vs the common use-case of these messages which is exchanging text between two people.