Well, exactly. My point is that in a constrained use-case NaCl would be sufficient.
If you want to rotate keys, then simply delete your private key and since we trust Bluesky so much we can use the PDS to share new pubkeys once we rotate. In fact, this would work for signing keys too! Then the PDS wouldn't be able to write messages for you if it wanted to.
For group messaging you simply encrypt the message to each recipient.
If they want to upgrade to a Axolotl from this, great! But starting with plain text is not private messaging, it is group messaging with your PDS admins and whoever they want to share that data with.
I agree there are more layers you can add on top of TweetNaCl to improve security.
I'm going to personally add you to the list of people Bluesky should hire to get this implemented without the consent of the Bluesky employees. If they choose to hire both of us perhaps we can figure out how to implement this for them.
I will not commit to putting on a furry suit. But I've been known to try everything once. And bonus I live right next to the furry convention center and have always wondered what the heck is going on at the Hyatt while you guys are here.
I won't go out of my way to find out if you don't want it known. If you decide you want to know what's going on in the hotel, there's probably lots of video on YouTube from whichever convention it is.
If you want to rotate keys, then simply delete your private key and since we trust Bluesky so much we can use the PDS to share new pubkeys once we rotate. In fact, this would work for signing keys too! Then the PDS wouldn't be able to write messages for you if it wanted to.
For group messaging you simply encrypt the message to each recipient.
If they want to upgrade to a Axolotl from this, great! But starting with plain text is not private messaging, it is group messaging with your PDS admins and whoever they want to share that data with.