hmm, I don't know tbh.
basically - a standalone app that signs, but also holds all your group chat state? then other apps just call into it to get data to display and request signatures?
feel's li...
Yes, but the signer doesn't store chat data, just the key state. Clients then download and decrypt chat data when they need. Similar interface as any nostr signer.
Nostr clients are used to keep decrypted data that cannot be verified if leaked safe. So that should be a problem.
Then users wouldn't need to ask themselves if each MLS chat app is safe or not. They just trust the signer or verify that the signer is safe once. And go crazy testing chat app interfaces.
MLS apps are way too bloated already because the interface requires them too. Lots of dependencies that can be points of attack to steal the keys. That bloat is a massive rusk.
Putting keys in a separate, protected OS process that maybe doesn't even have access to the network is key.
Nostr clients are used to keep decrypted data that cannot be verified if leaked safe. So that should be a problem.
Then users wouldn't need to ask themselves if each MLS chat app is safe or not. They just trust the signer or verify that the signer is safe once. And go crazy testing chat app interfaces.
MLS apps are way too bloated already because the interface requires them too. Lots of dependencies that can be points of attack to steal the keys. That bloat is a massive rusk.
Putting keys in a separate, protected OS process that maybe doesn't even have access to the network is key.