I will say that some of the smartest people working on Mastodon and the fediverse right now are working on this very problem, and I'm pretty excited to see it become part of the stack.
I use Fediverse direct (mentioned only) messages for authentication in Owncast. Having these messages e2e encrypted would be a huge plus for this particular case. How do I get involved with this on a Fediverse (not Mastodon) level? At least I'm hoping it's not Mastodon only thing.
@gabek I think I have something that can fit your requirements.
I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can r... show more
@gabek I think I have something that can fit your requirements.
I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.
The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.
My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.
Why do you want to encrypt posts? They are meant to be publicly available. DMs are not e2eed on Mastodon too (at least it is the case on the server which I have chosen and it is written in the ToS). But I don't find it bad anyway.
That is a feature not a bug, right? I think there are better tools for privacy communication. But global communities should be open (non-encrypted) by default to encourage discovery.
I don't care about sending a DM in the clear, but the UI leads to embarrassing errors. For example if you mention someone in a DM now they're brought into the DM. Also it should be a distinct button not part of a list. More than once I've clicked on the wrong option with horrible results. I think there needs to be better segregation of the entire function.
I'm surprised, with all the advances in techniques and knowledge we have, and all those chat applications, that email remains basically unchanged since the times of RFC821/822 (both of 1982 vintage).
Heck, most of the people I work with weren't even born when these two RFC were written!
Regarding #Email, they are end-to-end encrypted if the email application supports #SMIME.
As you know, this isn't commonplace because of the rise of centralized emails servers that simply won't allow said functionality due to its incompatibility with their #SurveillanceCapitalism based business models.
Luckily, more email is happening via Apple Mail, courtesy of #iOS, which actually fully supports S/MIME for digitally signing and/or encrypting emails.
mcc
•Evan Prodromou
•Mori
•Evan Prodromou
•Gabe Kangas
•Evan Prodromou
•Phillip Hallam-Baker
•I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can r... show more
I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.
The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.
My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.
:heart_pan: jo
•Kirill Ivanov
•Kofu
•Neil E. Hodges
•Evan Prodromou
•Mike Fraser :Jets:
•Attila Kinali
•Heck, most of the people I work with weren't even born when these two RFC were written!
METADESTROYER !! (He/Him)
•IllTemperedCaviar
•Evan Prodromou
•IllTemperedCaviar
•Phillip Hallam-Baker
•I have the technlogy.
Dr. Matt Lee
•Evan Prodromou
•Dr. Matt Lee
•Evan Prodromou
•Eric G.
•Dr. Matt Lee
•:heart_pan: jo
•Content warning: Secret Caesar
Uryyb pna lbh urne zr guvf vf irel frperg cyf qba’g gryy
Evan Prodromou
•Content warning: Secret Caesar
Kingsley Uyi Idehen
•As you know, this isn't commonplace because of the rise of centralized emails servers that simply won't allow said functionality due to its incompatibility with their #SurveillanceCapitalism based business models.
Luckily, more email is happening via Apple Mail, courtesy of #iOS, which actually fully supports S/MIME for digitally signing and/or encrypting emails.