I’m pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implements the Key Transparency specification I’ve be…
I read the post, its very exhaustive and future seems promising. I might have missed the section but why it this separate mechanism needed in the first place? Is it just because of the key lifecycle management? If so, naiive approach of publishing public key on your profile falls short because of this and without public key management everything falls apart sooner than later?
I read the post, its very exhaustive and future seems promising. I might have missed the section but why it this separate mechanism needed in the first place? Is it just because of the key lifecycle management? If so, naiive approach of publishing public key on your profile falls short because of this and without public key management everything falls apart sooner than later?
Because ActivityPub was not designed for E2EE. That’s the simplest answer.
The longer, and more technical answer, is that doing the actual “Encryption” part of E2EE is relatively easy. Key management is much harder.
I initially set out to just do E2EE in 2022, but got roadblocked by the more difficult problem of “which public key does the client trust?”.