Luka

MLS makes rotation fairly cheap, i.e. removing someone from a group is O(log n) complexity.

Interesting, will have to think about that more!

HMAC would require everyone in the bucket to agree to the same key, so you would likely need a GKA protocol like MLS, right?

I like this quite a bit, the buckets idea maps somewhat cleanly to MLS groups, though there is of course still a lot of unanswered questions.

Right the message in this case is only the metadata that we want to protect

Yeah and that's a very hard problem space from what I can gather. Essentially how can we send a private message from A to B, C, and D across servers? All without the servers trusting each other and without leaking metadata.

I like this a lot, keeps a lot of the existing infrastructure. I could see something like this working well with E2EE data as well. The metadata leakage is somewhat unfortunate, but unless we add some sort of authenticated relay, I'm not sure there is a better way.

I think that narrows down the solutions space quite a bit then, no? If that kind of metadata shouldn't be public then that also eliminates publishing anything to the firehose for that content and we would need some kind of separate notification system so that an AppView can know of the new content.

I think this is good! I've been thinking about this space for a while and I think having permissioned data like this could be used for both e2ee and non-e2ee systems. Though, crucially I think how that data goes from the PDSs to the AppViews should also take into account e2ee and non-e2ee systems.

Do you have some links to where the prototyping is happening? I would be interested to collaborate!

In any sane system you would not want to perform expensive queries for analytics purposes on the real-time parts of your storage layer

Amazing! I've been trying to decide between Ente and Immich as well, might have to try this out!

GitHub - fedi-e2ee/pkd-server-go: Reference implementation - server-side software for the Fediverse Public Key Directory Specification Reference implementation - server-side software for the Fediverse Public Key Directory Specification - fedi-e2ee/pkd-server-go

This is all old news. What's new is this:

There is now a first draft reference implementation of the Public Key Directory specification, written in Go.

github.com/fedi-e2ee/pk...

Very exciting!

Side note I wrote about something pretty similar many years ago here: typelevel.org/blog/2018/11...

And more general the cardinality of a function A => B is B to the power of A.

In this example:
1^X = 1
X^1 = X

To add to this you can think of cardinalities as how many different implementations can there be for this signature.
So Boolean -> Unit has one possible implementation, whereas Unit -> Boolean has two

Barking Up The Ratchet Tree – MLS Is Neither Royal Nor Nude One of the first rules you learn about technical writing is, "Know your audience." But often, this sort of advice is given without sufficient weight or practical examples. Instead, you're ushered quickly onto the actual tactile aspects of writing--with the hope that some seed was planted that will sprout later in your education. Science communication is famously a hard problem.

Barking Up The Ratchet Tree – MLS Is Neither Royal Nor Nude

One of the first rules you learn about technical writing is, "Know your audience." But often, this sort of advice is given without sufficient weight or practical examples. Instead, you're ushered quickly onto the actual tactile aspects of…

GitHub - CHURPTeam/CHURP: Decentralize your secrets! Decentralize your secrets! Contribute to CHURPTeam/CHURP development by creating an account on GitHub.

It did lead me to find about CHURP though and that to me looks like a great solution for backup: github.com/CHURPTeam/CH...

Funnily enough I came across this yesterday as well. It looks great although to me the fact that you still need to remember a password is a bit of a downside. I think id rather just use a PBKDF at that point

GitHub - LukaJCB/ts-mls: A Messaging Layer Security (RFC 9420, MLS) implementation in TypeScript A Messaging Layer Security (RFC 9420, MLS) implementation in TypeScript - GitHub - LukaJCB/ts-mls: A Messaging Layer Security (RFC 9420, MLS) implementation in TypeScript

Just published 1.0.0 of ts-mls, a library implementation of MLS written in typescript, put a lot of work into this and really with how it turned out! github.com/LukaJCB/ts-mls

The Web Crypto API for browsers and Node does this by basically treating HMAC and signatures the same way with a sign and verify function for each

No worries, thank you for fixing it!

I tried to create an account for atproto.wiki, but I never got the verification email so I can't complete the sign up

Would love to collaborate on this, I'll have to give it a full read soon. I'm currently also working on creating a TypeScript MLS library that is almost complete that should make prototyping a lot easier!

Private, non-shared data in repo? · bluesky-social atproto · Discussion #3363 I have a use-case for keeping private data in a repo, i.e. data that does not leave the repo via the standard sharing mechanisms, and before I leap into modifying the code to support it, I'd like t...

I'm really glad someone is thinking about this! I wrote a prototype of using MLS to create E2EE content in ATProto recently that I've described in a GH issue here:
github.com/bluesky-soci...

Hello world!