Re: End-to-end Encrypted Messaging in ActivityPub from nightpool on 2023-05-20 (public-swicg@w3.org from May 2023)

From: nightpool <eg1290@gmail.com>
Date: Fri, 19 May 2023 23:04:26 -0500
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Evan Prodromou <evan@prodromou.name>, "public-swicg@w3.org" <public-swicg@w3.org>
Message-ID: <CAJY4u8E7PuJ2jQSnCh9JG285h2K7MS8g0CEQU4H-atO2hjb_xg@mail.gmail.com>

The issue with users holding the private keys is 1) ID space, this is
solvable but you need to make sure that users aren't signing messages that
attest for @ids that front-run other user's messages, e.g. if I have a
private key and I sign a message with an @id of
https://mastodon.social/@gargron/1203 then gargron's status with that ID
will never be able to be seen by anybody 2) i don't think any modern E2EE
protocol can be considered safe by users if it doesn't have forward secrecy
and deniability—this is the table stakes for any secure messaging app in
2023. The HTTP/LD-signature specs we have in place right now don't provide
any of those features, they're designed around a single master key that
represents you with no real consideration given to ratcheting or
deniability.

However, the biggest obstacle to e2ee is none of the above—it's that the
most common fediverse client apps are all web clients, and web clients are
fundamentally insecure in an e2ee scenario, because malicious admins can
serve different javascript to different users silently without any warning.
As a threat model, E2EE relies on audited, public apps as provided by e.g.
mobile app walled gardens or open source package repositories. So the fact
that web clients can't securely provide E2EE makes it really hard to drive
adoption. In fact, Mastodon shipped the server-side version of E2EE based
on the Signal Protocol in 2020, but no app developers took us up on
implementing it. There's documentation here explaining the protocol in more
detail from a client's perspective:
https://gist.github.com/Gargron/ef09c05cd81580b8b9f4597c458bee1b.

On Fri, May 19, 2023 at 7:28 PM Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> pá 19. 5. 2023 v 16:25 odesílatel Evan Prodromou <evan@prodromou.name>
> napsal:
>
>> I published a blog post about an architecture for end-to-end encrypted
>> messaging in ActivityPub:
>>
>>
>> https://evanp.me/2023/05/19/end-to-end-encrypted-messages-over-activitypub/
>>
>> One option for this group is to publish Note documents. I think
>> developing a standard mechanism for E2EE with multiple implementations
>> could be a huge benefit for social web. I’d be happy to participate in such
>> a subgroup!
>>
>
> You might want to look at nostr.  Right now every user has a key pair.
>
> Generally this is used for signatures, but the keys in question can also
> encrypt messages, and this is used quite often.
>
> For E2E you need a user to hold the keys, but that doesnt happen in AP
> because servers hold the private keys of users, right now
>
>>
>>
>> Evan
>>
>

Received on Saturday, 20 May 2023 04:04:53 UTC