I would like to suggest using unlisted toots to contain the appropriate data for remote users to establish e2ee sessions, replies to those toots to maintain updates (and to provide metadata for what key signs the new key for key continuity), and the use of one account attribute to provide a URL to the toot containing the root of the key continuity chain.
Since this is almost certainly premature as a suggestion (and offered by someone who has only the barest idea of Mastodon's privacy levels), I rather expect that this idea will get either summarily roundfiled, or put on the back burner until someone gets around to tearing holes in it. Still, it seems that it would be useful to do something like keybase did, albeit without forcing the key/account-claim data into everybody's feed.
I would like to suggest using unlisted toots to contain the appropriate data for remote users to establish e2ee sessions, replies to those toots to maintain updates (and to provide metadata for what key signs the new key for key continuity), and the use of one account attribute to provide a URL to the toot containing the root of the key continuity chain.
Since this is almost certainly premature as a suggestion (and offered by someone who has only the barest idea of Mastodon's privacy levels), I rather expect that this idea will get either summarily roundfiled, or put on the back burner until someone gets around to tearing holes in it. Still, it seems that it would be useful to do something like keybase did, albeit without forcing the key/account-claim data into everybody's feed.