I am starting to think MLS/Marmot needs to be a Signer app, not a Nostr client.
Clients just talk to the signer to encrypt/decrypt without ever having view or control of the inner secrets and ratchet states of MLS.
Which means poorly implemented Clients can't leak your MLS state while consistently sharing chat rooms among them in an interoperable fashion. Users can start a conversation in Amethyst and reply on Primal or WhiteNoise because they are all being signed, encrypted and decrypted by the same ratchet-holding app.
The MLS signer then can be super lean and take absolute control over the privacy of that data while clients can go crazy in chat designs and other nostr features.
Would it be feasible, @JeffG ?
Clients just talk to the signer to encrypt/decrypt without ever having view or control of the inner secrets and ratchet states of MLS.
Which means poorly implemented Clients can't leak your MLS state while consistently sharing chat rooms among them in an interoperable fashion. Users can start a conversation in Amethyst and reply on Primal or WhiteNoise because they are all being signed, encrypted and decrypted by the same ratchet-holding app.
The MLS signer then can be super lean and take absolute control over the privacy of that data while clients can go crazy in chat designs and other nostr features.
Would it be feasible, @JeffG ?
71❤️1✔️1❤️1👀1
