ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

Matthew Green

I’m really excited about the idea of someone deploying encrypted DMs on this thing. Need a good plan for key distribution and identity binding (makes me sad Keybase got eaten by Zoom, oops) and then the rest is just Signal protocol?

I love saying things like “then the rest is just…” :)

The two things applied crypto needs in general:
1. Good, reliable identity/key binding and key transparency.
2. Hardware-backed key storage with MPC aimed at consumers, for protecting keys with passwords.
I feel like Keybase got a lot of the way there on (1) but never quite got the whole system running. (2) doesn’t exist yet.

@matthew_d_green Funnily enough a lot of cryptocurrency startups are trying to do 2 to some extent. Would be interesting to see some of the applied work there be used for different contexts.

@matthew_d_green Having ID keys and pre keys living on the home server seems easy enough

@matthew_d_green I think another aspect of this is a way to like, pin versions of the web client.

Although, if you're using the mobile app this isn't an issue.

(I wrote about this kind of thing a while back cronokirby.com/posts/2021/06/e)

cronokirby.comEnd-to-End Encryption in Web Apps - Cronokirby - Read more: https://cronokirby.com/posts/2021/06/e2e_in_the_browser/