Separate from my proposal for key transparency for the Fediverse (which I’ve certainly blogged about a lot), the W3C has been working on building out end-to-end encryption (E2EE) for Activity…
The user would be unable to use E2EE as soon as the key is swapped, so the only real issue here is impersonation.
If an admin mitms all the messages then they can re-encrypt using the users original/real public key, leaving the user unaware that they have been hacked and able to use encryption as normal, or am I missing something?
If an admin mitms all the messages then they can re-encrypt using the users original/real public key, leaving the user unaware that they have been hacked and able to use encryption as normal, or am I missing something?