@anildash I am working on adding end-to-end security support across multiple user devices.
This is making use of the Mathematical Mesh framework that I have already built:
My approach is completely different to all existing PKIs. This is not just public key infrastructure, it is private key infrastructure and it makes use of threshold cryptography new ways.
This is not your traditional PGP/SMIME type user experience. The only acceptable user experience for security as far as I am concerned is zero-effort. If the user has to do anything different to get security they are not going to use it. So I do not do security usability studies, I design the system so that the secure interface looks no different from the traditional one.
The only changes I allow are to make things easier. So my tool allows you to configure your email for S/MIMe and OpenPGP on one device. To configure the second, all you need to do is connect it to the first via a QR code interaction (or console equivalent). And it doesn't just deliver your cryptographic credentials, it sets up your mail services as well. Same for SSH, etc. etc.
The approach is fully grounded in open standards and makes use of the IRTF X.448/Ed448 curves for elliptic curve cryptography. I also have code for PQC algorithms Kyber and Dilithium which will be worked in to form a hybrid at some point (none of the PQC algorithms support threshold yet).
The immediate goal is to build an end-to-end secure synchronous client with Signal like properties that is not a walled garden approach.
But the key management capabilities and in particular, the ability to use keys across multiple devices with ease can be applied to any cryptographic application. So, this could be used to enable end-to-end secure Mastodon and Mastodon DMs.
There are of course many, many issues involved in such an undertaking. But I have been doing Web Security longer than anyone else. I was the security guy on the CERN Web team and I started specializing in security before the Web took off. I have spent 30 years building PKIs.