Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
@fj Verifying messages is important / critical in a federated network. In ActivityPub it's required to technically conform to the standard, though how you do it is somewhat looser; eg if you "share" a message, and that message is embedded and comes from a different origin, the most minimalist approach is to check the source and make sure it matches.
But signatures are better... [... contd ...]
@fj The "right" way to do it is definitely to sign messages as you pass them along the network. We include a section for this using Linked Data Signatures and HTTP Signatures https://www.w3.org/TR/activitypub/#authorization-lds
Unfortunately, it's non-normative. The specs need more use and "proof in implementation" before they can become the de-facto way. It would have been way better to make it the definitive way to do it (but at least a method is presented)
@mikegerwitz I'm not sure about PGP's web of trust stuff specifically, but one sekret aspect of the Verifiable Claims work is it might allow a federated network to *turn into* a web of trust, without the usual WoT user experience issues.
(I haven't thought about how to integrate with existing PGP WoT tho)
I see you're also talking about the concern of "delegating" key trust to a server... that's a whole topic itself...