- From: Benjamin Goering <ben@bengo.co>
- Date: Wed, 24 May 2023 09:53:39 -0700
- To: Peter Zingg <peter.zingg@gmail.com>
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Evan Prodromou <evan@prodromou.name>, "public-swicg@w3.org" <public-swicg@w3.org>
- Message-ID: <CAN+OhBPBJ_Utzj_FPeW2c8WWxUyGz4Qgbx8ybNuk5RvwF5m2EA@mail.gmail.com>
Anyone interested in this topic should consider following MIMI. https://datatracker.ietf.org/wg/mimi/about/ e.g. "Matrix as a Messaging Framework <https://www.ietf.org/archive/id/draft-ralston-mimi-matrix-framework-01.html>" authored by an employee of Matrix.org Foundation proposes "For increased interoperability, Matrix would adopt MLS [I-D.ietf-mls-protocol <https://www.ietf.org/archive/id/draft-ralston-mimi-matrix-framework-01.html#I-D.ietf-mls-protocol> ] instead, likely with minor changes to support decentralized environments" or "Identity for E2E-Secure Communications" <https://datatracker.ietf.org/doc/html/draft-barnes-mimi-identity-arch-00#name-an-architecture-for-e2e-ide> https://datatracker.ietf.org/wg/mimi/documents/ [image: Screenshot 2023-05-24 at 9.45.12 AM.png] On Wed, May 24, 2023 at 9:23 AM Benjamin Goering <ben@bengo.co> wrote: > Great share, Peter! I missed that. > > That uses the ietf message layer security I linked to in my earlier > message. (aka 'MLS') > https://datatracker.ietf.org/wg/mls/about/ > https://messaginglayersecurity.rocks/ > > To my knowledge, this MLS approach is one of the best out there, so I'm > thrilled to see this. Thanks again. > > > > > > > On Wed, May 24, 2023 at 3:11 AM Peter Zingg <peter.zingg@gmail.com> wrote: > >> Just found this, in case any encryption-minded folks might know what to >> do with it: >> >> ActivityPub for Interoperable Messaging >> (with MIMI and MLS) >> https://bifurcation..github.io/mimi-aim/draft-barnes-mimi-aim.html >> <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html> >> >> “There are some open questions here related to authentication and >> authorization, for example: >> >> - How should servers authenticate each other?¶ >> <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.1> >> - How a receiving server knows that an Activity authentically comes >> from the Actor who is supposed to have sent it?¶ >> <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.2> >> - What access control policies can a server enforce on inbound >> messages?¶ >> <https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#section-6.3-2.3> >> >> The ActivityPub specification is very light on details on these topics. >> However, applications such as Mastodon have likely developed solutions that >> could be used as starting points.” >> >> On Fri, May 19, 2023 at 5:28 PM Melvin Carvalho <melvincarvalho@gmail.com> >> wrote: >> >>> >>> >>> pá 19. 5. 2023 v 16:25 odesílatel Evan Prodromou <evan@prodromou.name> >>> napsal: >>> >>>> I published a blog post about an architecture for end-to-end encrypted >>>> messaging in ActivityPub: >>>> >>>> >>>> https://evanp.me/2023/05/19/end-to-end-encrypted-messages-over-activitypub/ >>>> >>>> One option for this group is to publish Note documents. I think >>>> developing a standard mechanism for E2EE with multiple implementations >>>> could be a huge benefit for social web. I’d be happy to participate in such >>>> a subgroup! >>>> >>> >>> You might want to look at nostr. Right now every user has a key pair. >>> >>> Generally this is used for signatures, but the keys in question can also >>> encrypt messages, and this is used quite often. >>> >>> For E2E you need a user to hold the keys, but that doesnt happen in AP >>> because servers hold the private keys of users, right now >>> >>>> >>>> >>>> Evan >>>> >>> -- >> Peter Zingg >> >
Attachments
- image/png attachment: Screenshot_2023-05-24_at_9.45.12_AM.png
Received on Wednesday, 24 May 2023 16:53:57 UTC