Brainstorming some notes
-
Brainstorming some notes
"How do you know you have e2ee?"
A studied problem in both Tor onions (with an interesting adversarial directory threat model in V3)
And signal safety numbers (with different amounts of forward secrecy)
"How do you trust another actor"
I mean, if you remove the external channel that easily solves it since you already knew your friend on a different one? Or they were a journalist who already controlled a domain enough for you to trust it's them? (Fun 1984 Goldstein problem)
Certificate transparency? Like let's encrypt or sigstore, but on a different scale.
Or, well, that new fedi e2ee key server, with ways to monitor for tampering, same as with how let's encrypt works.
Or in p2p networks with Sybil resistant keyspaces.
Is your threat model the NSA or just a nosey admin?
