@eapl.me@eapl.me You asked me for private keys for testing purposes. I have added it to the bottom of this page: https://dm-echo.andros.dev/
It will soon be running. It won’t be long now.

@andros@twtxt.andros.dev Q: Why would you publish the private key? Hmmm 🧐

@prologic@twtxt.net I don’t know, maybe it will be useful for someone 😇

well, I suggested that in https://eapl.me/timeline/conv/k2ob6bq

The idea was to help those following the spec in https://twtxt.dev/exts/directmessage.Html, to replicate the steps and validate whether your implementation gives the same result.

BTW, you could add a link to the spec in the echo web.

I’m also thinking that some kind of tag might be needed to automatically hide twts from unknown extensions. For example our client doesn’t support DMs and always shows the !<nick url><encrypted_message> syntax which is meaningless.

not a big deal as I can skip those messages, but again, it’s an extension, so older clients shouldn’t be affected by a new feature.

@andros@twtxt.andros.dev doesn’t this defeat the point of public cryptography?

@prologic@twtxt.net twtxt DM is not a serious DM protocol.

@eapl.me@eapl.me When it is up and running, I promise to add it to the specification. I will also include some corrections.
The nature of twtxt does not allow us to selectively hide clients. It’s a problem not with DM, but with any extension.
@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.
@xuu@txt.sour.is It’s already much better than Mastodon :P . Maybe we can remove the sender and receiver references with an intermediary register.