Re: End-to-end Encrypted Messaging in ActivityPub from Benjamin Goering on 2023-05-24 (public-swicg@w3.org from May 2023)

From: Benjamin Goering <ben@bengo.co>
Date: Wed, 24 May 2023 09:23:44 -0700
To: Peter Zingg <peter.zingg@gmail.com>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Evan Prodromou <evan@prodromou.name>, "public-swicg@w3.org" <public-swicg@w3.org>
Message-ID: <CAN+OhBM=Jx6yZ3N75+vDGe1f6uF-ytvh5F6jw+1-nvt82op=-Q@mail.gmail.com>

Great share, Peter! I missed that.

That uses the ietf message layer security I linked to in my earlier
message. (aka 'MLS')
https://datatracker.ietf.org/wg/mls/about/
https://messaginglayersecurity.rocks/

To my knowledge, this MLS approach is one of the best out there, so I'm
thrilled to see this. Thanks again.






On Wed, May 24, 2023 at 3:11 AM Peter Zingg <peter.zingg@gmail.com> wrote:

> Just found this, in case any encryption-minded folks might know what to do
> with it:
>
> ActivityPub for Interoperable Messaging
> (with MIMI and MLS)
> https://bifurcation..github.io/mimi-aim/draft-barnes-mimi-aim.html
> <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html>
>
> “There are some open questions here related to authentication and
> authorization, for example:
>
>    - How should servers authenticate each other?¶
>    <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.1>
>    - How a receiving server knows that an Activity authentically comes
>    from the Actor who is supposed to have sent it?¶
>    <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.2>
>    - What access control policies can a server enforce on inbound
>    messages?¶
>    <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.3>
>
> The ActivityPub specification is very light on details on these topics.
> However, applications such as Mastodon have likely developed solutions that
> could be used as starting points.”
>
> On Fri, May 19, 2023 at 5:28 PM Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> pá 19. 5. 2023 v 16:25 odesílatel Evan Prodromou <evan@prodromou.name>
>> napsal:
>>
>>> I published a blog post about an architecture for end-to-end encrypted
>>> messaging in ActivityPub:
>>>
>>>
>>> https://evanp.me/2023/05/19/end-to-end-encrypted-messages-over-activitypub/
>>>
>>> One option for this group is to publish Note documents. I think
>>> developing a standard mechanism for E2EE with multiple implementations
>>> could be a huge benefit for social web. I’d be happy to participate in such
>>> a subgroup!
>>>
>>
>> You might want to look at nostr.  Right now every user has a key pair.
>>
>> Generally this is used for signatures, but the keys in question can also
>> encrypt messages, and this is used quite often.
>>
>> For E2E you need a user to hold the keys, but that doesnt happen in AP
>> because servers hold the private keys of users, right now
>>
>>>
>>>
>>> Evan
>>>
>> --
> Peter Zingg
>

Received on Wednesday, 24 May 2023 16:24:01 UTC