This looks interesting but it's horrendously long and my eyes glazed over (need more coffee...). Is there a shorter description of what it does? I.e. what are the keys used for and how are they generated? What is it that's getting encrypted? It sounds like it's supposed to be E2EE for PM's. A two or three sentence description saying how the E2EE works and how the private keys are stored would be very helpful.
this post was submitted on 15 Dec 2025
25 points (100.0% liked)
Privacy
4353 readers
172 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 1 year ago
MODERATORS
If you want E2EE for Mastodon, you need key management to be solved first.
This solves a lot of the key management pain. It's not v1.0 stable yet, but it's finally implemented. I've been working on the spec for nearly 2 years.
I'll take a look when I get a chance, but like you said, it's a public key directory. I thought you were claiming to have a solution to client side keys. Is there trouble with using some existing PK directory scheme?
No, if you read the post it will make more sense.
Or the specification if you're more technical.
I'll see if I can read the post but when I tried this morning, it was way too long. I'll look at the specification. I've been involved in crypto implementation since forever, which is why this looked interesting. But I think the client side also has to be figured out, if it hasn't been yet.
The client side is its own beast. See https://github.com/soatok/mastodon-e2ee-specification?tab=readme-ov-file#components from my initial project (the "key transparency" thing from today slots neatly into the "Federated PKI" hole).
Thanks. I'll look and post comments later if you want them.
Certainly. Thanks <3
It's a public key registry.
That's unhelpful. How is it used? Thanks.
It doesn't do any of the things you have asked about.
It's a building block for a reasonably secure e2ee PM system.
Oh. Tbh that doesn't sound very significant. LDAP might be enough by itself. Thanks.
If you are you are looking for more complex tools that don't do the job sure.
Honestly just read the article before, and some of the linked texts before you continue talking. Or don't. Just please don't be a know it all who doesn't need to read, it's not very appealing.
I've read the article again and am still in a state of confusion. I'll see if I can get through the spec. But there are a ton of unanswered questions that I think could have been cleared up concisely.
White text on a black background ... I didn't even try to read it.
So, dark mode? Nothing outrageous there.
There's always reader / article view if you really can't handle the colour scheme
There is also having the site adjust to match my browser's theme.