evanp
commented
2 months ago There aren't a lot of great ways to do this. The best options I know of are:
- Out-of-band confirmation of public key IDs, maybe using a human-readable fingerprint.
- A web of trust, with signed keys.
"As an ActivityPub user, I can confirm that the conversation I’m in is truly end-to-end encrypted and that no intermediate man-in-the-middle has access to the contents, so I and my correspondent can use untrusted servers."