2019-01-09 UTC
# 
rialtate[m] As for E2EE if it is a different key for http sigs then the other side needs to know where to look for the e2ee key. Without http sigs naive software can let the user decide if they think the server might have possession of the key (e.g. do they trust the admin is running unmodified server software with no mitm, which could be supplemented with hash type verification schemes)