this post was submitted on 15 Dec 2025
78 points (97.6% liked)

Technology

78002 readers
2193 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
78
Announcing Key Transparency for the Fediverse - Dhole Moments (soatok.blog)
submitted 1 week ago by Soatok@pawb.social to c/technology@lemmy.world
8 comments fedilink hide all child comments
top 8 comments
sorted by: hot top controversial new old
[–] kubofhromoslav@lemmy.world 12 points 1 week ago* (last edited 1 week ago)

What would world do without furries? ☺️

[–] Madiator2011@piefed.social 8 points 1 week ago (1 children)

Biggest issue is that people do not understand encryption. Even Matrix has same issue and they try to add hidden encryption. Though ye e2e will make web more secure. BTW great blog post was nice to read.

[–] majster@lemmy.zip 4 points 1 week ago

People also don't understand IP, TCP, DNS, TLS etc. and yet can use programs that use all of that. I find e2ee still pretty cumbersome in the long run.

[–] joyjoy@lemmy.zip 7 points 1 week ago (1 children)

Is this e2ee or just public signing? Signing sounds most doable to make sure a message came from the server it claims is from. 

[–] Soatok@pawb.social 15 points 1 week ago

It's a building block to make E2EE possible at Fediverse scale.

I've written about this topic pretty extensively: https://soatok.blog/category/technology/open-source/fediverse-e2ee-project/

If you can build in Federated Key Transparency, it's much easier to reason about "how do I know this public key actually belongs to my friend?" which in turn makes it much easier to get people onboarded with E2EE without major risks.

[–] Imgonnatrythis@sh.itjust.works 6 points 1 week ago

Great post. Looking forward to a more secure fediverse. This more important now than ever.

[–] majster@lemmy.zip 1 points 1 week ago (1 children)

I read the post, its very exhaustive and future seems promising. I might have missed the section but why it this separate mechanism needed in the first place? Is it just because of the key lifecycle management? If so, naiive approach of publishing public key on your profile falls short because of this and without public key management everything falls apart sooner than later?

[–] Soatok@pawb.social 1 points 1 week ago

why it this separate mechanism needed in the first place?

Because ActivityPub was not designed for E2EE. That's the simplest answer.

The longer, and more technical answer, is that doing the actual "Encryption" part of E2EE is relatively easy. Key management is much harder.

I initially set out to just do E2EE in 2022, but got roadblocked by the more difficult problem of "which public key does the client trust?".