this post was submitted on 15 Dec 2025
25 points (100.0% liked)

Privacy

4353 readers
150 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
25
Announcing Key Transparency for the Fediverse (soatok.blog)
submitted 1 day ago by Ludicrous0251@piefed.zip to c/privacy@lemmy.dbzer0.com
17 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Soatok@pawb.social 3 points 1 day ago (1 children)

If you want E2EE for Mastodon, you need key management to be solved first.

This solves a lot of the key management pain. It's not v1.0 stable yet, but it's finally implemented. I've been working on the spec for nearly 2 years.

[–] solrize@lemmy.ml 2 points 1 day ago (1 children)

I'll take a look when I get a chance, but like you said, it's a public key directory. I thought you were claiming to have a solution to client side keys. Is there trouble with using some existing PK directory scheme?

[–] Soatok@pawb.social 1 points 1 day ago (1 children)

No, if you read the post it will make more sense.

Or the specification if you're more technical.

[–] solrize@lemmy.ml 1 points 1 day ago (1 children)

I'll see if I can read the post but when I tried this morning, it was way too long. I'll look at the specification. I've been involved in crypto implementation since forever, which is why this looked interesting. But I think the client side also has to be figured out, if it hasn't been yet.

[–] Soatok@pawb.social 1 points 1 day ago (1 children)

The client side is its own beast. See https://github.com/soatok/mastodon-e2ee-specification?tab=readme-ov-file#components from my initial project (the "key transparency" thing from today slots neatly into the "Federated PKI" hole).

[–] solrize@lemmy.ml 2 points 1 day ago (1 children)

Thanks. I'll look and post comments later if you want them.

[–] Soatok@pawb.social 1 points 1 day ago

Certainly. Thanks <3