I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension
@andros@twtxt.andros.dev My only comment so far is to use Ed25519 keys for crypto.
It would also be great if you put up a PR against twtxt.dev 🙏
interesting idea. I’m not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.
I’d suggest to enable the Discussion section in your Github repo to receive comments, as we did for timeline https://github.com/sorenpeter/timeline/discussions
my first thought is that encrypting messages with Elliptic keys is not as easy as with RSA, although I tried doing something similar a few months ago with ECIES
https://github.com/eapl-gemugami/owl/blob/main/src/app/controller/ecies_demo.php
another one would be to allow changing public keys over time (as it may be a good practice [0]). A syntax like the following could help to know what public key you used to encrypt the message, and which private key the client should use to decrypt it:
!<nick url> <encrypted_message> <public_key_hash_7_chars>
Also I’d remove support for storing the message as hex, only allowing base64 (more compact, aiming for a minimalistic spec, etc.)
I haven’t read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn’t make sense to me. It of course depends on the threat model, but wouldn’t one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)