A thing running on my computer should be able to communicate on a way no intermediary can decrypt with your computer.
This is not nearly so fuzzy as you imply. Signal gets it. Plenty of online systems can advertise & do end to end encryption. Your softened down incorrect definition is a mis-example: end to server to end is not e2e encryption.
Security keys should be useful on the web for end encryption. They are not. There is nothing to debate about this situation, itcs well defined & clear. The web is missing a huge gap.
Signal is a chat app (a very good one!), not a generic application layer like HTTP. When we're talking about the breadth of the services available on the web, there are plenty of contexts in which TLS is an E2E scheme. Not every use of TLS is E2E, but I didn't claim that.
I dont know what case you are trying to make? Should we not create cryptographic storage on the web? Is that not ok? Do you think there's anything that would keep us from using secure keys for encrypting storage? Is there some barrier you perceieve to why the web couldnt make use of such a capability?
I have no clue why you are building a case out for the web being something special & different & weird & hard to expect basic common sense secure cryptography from. Nitrokey had a pretty basic simple sensible early draft spec. Having some storage & a key that alone cam decrypt it seems trivially obvious. Not sure what kind of smoke you are attempting to blow on this idea.
TLS has absolutely nothing to do with this. The idea of e2e messaging usually is that you could send the message over untrusted links just fine. The other party could validate & decrypt it. Discussion on TLS seems wildly off topic/tangenti to the kind of e2e storage that messaging apps do, and that secure end to end storage entails.
Edit: to your credit, the MLS link you have above is indeed relevant.
A lot of very wrong immoral & silent downvoters: you are degrading the web & attacking society. Explain your downvotes & leave somrthing contestable & arguable. Why all the cheapass anti-security dowvotes? Why sign up to degrade security like this? What the frag?
I downvoted because your posts are vague complaints containing little details, and when people engage in good faith you respond with scorn because those poor idiots haven't understood you properly. I'd argue this is because you haven't explained your point very well. And this kind of attitude is specifically the type of thing that's not appreciated on HN.
I suspect many people are down voting your tone. Regardless of the merit of your arguments, and I make no claim about them, incivility and petulance will always undermine them.
This is not nearly so fuzzy as you imply. Signal gets it. Plenty of online systems can advertise & do end to end encryption. Your softened down incorrect definition is a mis-example: end to server to end is not e2e encryption.
Security keys should be useful on the web for end encryption. They are not. There is nothing to debate about this situation, itcs well defined & clear. The web is missing a huge gap.