Re: End-to-end Encrypted Messaging in ActivityPub

Just found this, in case any encryption-minded folks might know what to do
with it:

ActivityPub for Interoperable Messaging
(with MIMI and MLS)
https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html

“There are some open questions here related to authentication and
authorization, for example:

   - How should servers authenticate each other?¶
   <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.1>
   - How a receiving server knows that an Activity authentically comes from
   the Actor who is supposed to have sent it?¶
   <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.2>
   - What access control policies can a server enforce on inbound messages?¶
   <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.3>

The ActivityPub specification is very light on details on these topics.
However, applications such as Mastodon have likely developed solutions that
could be used as starting points.”

On Fri, May 19, 2023 at 5:28 PM Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> pá 19. 5. 2023 v 16:25 odesílatel Evan Prodromou <evan@prodromou.name>
> napsal:
>
>> I published a blog post about an architecture for end-to-end encrypted
>> messaging in ActivityPub:
>>
>>
>> https://evanp.me/2023/05/19/end-to-end-encrypted-messages-over-activitypub/
>>
>> One option for this group is to publish Note documents. I think
>> developing a standard mechanism for E2EE with multiple implementations
>> could be a huge benefit for social web. I’d be happy to participate in such
>> a subgroup!
>>
>
> You might want to look at nostr.  Right now every user has a key pair.
>
> Generally this is used for signatures, but the keys in question can also
> encrypt messages, and this is used quite often.
>
> For E2E you need a user to hold the keys, but that doesnt happen in AP
> because servers hold the private keys of users, right now
>
>>
>>
>> Evan
>>
> --
Peter Zingg