evanp
commented
3 months ago This is kind of explicitly avoiding the style of encrypted messaging people know from PGP in the 90s and 2000s: generating keys, sharing them, using key servers, signing keys, making downloadable versions, including them in your email signature, etc.
This functionality should be opaque to the user:
- creating a key
- associating a key with your ActivityPub identity
- fetching the key for a remote user
- revoking a key
It should be possible to verify the list of keys for yourself or a remote user, but it shouldn't be required to use the system.
"As an ActivityPub user, I don't want to be responsible for managing my encryption keys, because I don't have to do that with other E2EE messaging systems, and it's so easy to make mistakes."