what if every toot had a qr-like cryptographic signature next to it, so you could even verify toots on screenshots shared somewhere else
what if we had a federated standard for that & signing arbitrary content & fetching keys for a domain and local key identifier
pretty sure that's already part of a PKCS...
Who owns the keys: instance, but an instance could technically let the client keep it for added security and just keep a public key index and confirm ownership of a pubkey for the domain.
@CobaltVelvet Keeping the private key client-side is an interesting idea. No need for Yet Another Protocol for that, the client just needs to send the signed Salmon when it posts/likes/follows.
@emersion the whole second part was to make it work with other protocols. (emails, web forums, blogs or news articles, ...)
The signature would be sent with the toot, but the key ownership verification (common to all uses) would be another protocol.
@CobaltVelvet im sure @gargron is salivating now
@CobaltVelvet
The ideal would probably be that each of us own his key and share information between us giving key transparently.
It's so shame. I think myself, is it a paranoid behaviour, isnt it ?
@Max_PAURON not really, that's how keys work best. But keeping them on the instance also has its uses, the best is to let users choose.
@CobaltVelvet We already have a federated PKI, this is part of the Salmon protocol.