@knapjack
How can the sender validate the public key hasn't been tampered with by the instance or server admin?
It is a hard problem. There are solutions but it will be complicated.
#TedUnangst seems to be off the Fediverse (and maybe the web) but linking this here for posterity: https://github.com/timkuijsten/honk/blob/fork/encrypt.go