[yarg]

> LE has nothing to do with this?

You probably want a CA signing the public keys that you store on the site.

> They can potentially inject a "listening key"

You mean a MITM attack? Isn't that the reason for certificate authorities?

[librexpr]

Sorry, you seem to be confusing HTTPS with E2EE. Mastodon already uses HTTPS for all its traffic, including the traffic between servers.

[yarg]

No, I'm not (I'm not a total fucking idiot).

What I'm suggesting is that the same certificate infrastructure that is used to secure the connection between a server and a client could also be used to secure the connections between users.

There's nothing specific to HTTPS about CAs and trust chains.

[cycomanic]

But for encrypted DMs you need per user keys that are stored on the users computer, otherwise the owner of the server has control over the key and we're back at square one. Or am I somehow misunderstanding you?

[yarg]

You can use client side symmetrical crypto to allow for the private key to be stored on the server.

It means that weak keys are a problem, but that's been the case since the dawn of time.