I don’t think e2e encryption is warranted here for the first iteration. Generally, keypair management is too hard, today, everyone I know who used encrypted Element chat has lost their keys lmao. (I endorse element chat, but I don’t endorse making every channel you use encrypted, you will lose your logs!), and keypairs alone are a terrible way of doing secure identity. Keys can be lost or stolen, and though that doesn’t happen every day, the probability is always too high to build anything serious on top of them. I’m waiting for a secure identity system with key rotation and some form of account recovery process (which can be an institutional service or a “social recovery” thing) before building anything important on top of e2e encryption.
Possibly incidental, but if people were successfully maintaining continuous secure access to their signal account you wouldn’t even notice because it doesn’t even make an attempt to transfer encrypted data to new sessions.
I don’t think e2e encryption is warranted here for the first iteration. Generally, keypair management is too hard, today, everyone I know who used encrypted Element chat has lost their keys lmao. (I endorse element chat, but I don’t endorse making every channel you use encrypted, you will lose your logs!), and keypairs alone are a terrible way of doing secure identity. Keys can be lost or stolen, and though that doesn’t happen every day, the probability is always too high to build anything serious on top of them. I’m waiting for a secure identity system with key rotation and some form of account recovery process (which can be an institutional service or a “social recovery” thing) before building anything important on top of e2e encryption.
I mean, Signal messenger has worked pretty well in my experience.
Possibly incidental, but if people were successfully maintaining continuous secure access to their signal account you wouldn’t even notice because it doesn’t even make an attempt to transfer encrypted data to new sessions.