@martin Awesome, thanks. I'll take a look. Besides the "generic" implementation, I would personally like such a service to be content agnostic i.e. it should be rather "dumb" and all data passing should be E2EE. I guess "zero trust" is the right buzzword ;) I created such an implementation for my projects, maybe I find the time to wrap that up and present it in a blog article. Thanks for the initiative and inspiration. Great to see that such a vivid community is pushing these promissing ideas.

@holtwick I agree! Would love to read your thoughts if you write them up. We’re just about to spin up a project to develop a generic e2ee layer for Automerge that will work both with untrusted sync servers and p2p.

@swick @holtwick A partial answer is in this paper: https://eprint.iacr.org/2020/1281 — the algorithm offers similar security to MLS, but decentralised. We’re currently working on filling in the bits that are missing in that paper, especially the group membership algorithm

@martin @holtwick is there a project implementing the ideas from the paper in a language like C or rust?

@martin @swick @holtwick oooh, we're exactly implementing that paper in Rust right now for @p2panda as we've received a grant to do that work, curious to hear about the improvements!

@swick @holtwick Yes, we've recently started work on a Rust implementation! Not yet ready, but I'll post about it when it's out.