Hi @mray! So, there are a few layers here in which encryption can apply.

• Of course, the connection between servers can be secured via ssl/tls. It's not the most ideal medium (the SSL CA system can be compromsed and false certificates could be given out without most of us knowing it, and this has been documented to happen), but it at least gives protection against passive montioring.
• There is a non-normative section in the document that leaves open the possibility of using Linked Data Signatures and HTTP signatures. The huge advantage here is that everyone would effectively have a key pinned to their profile, which would allow transforming the federated social network into a web of trust, with less user experience issues than currently exist. In the document, this is described for authentication via signatures (you could verify that X user really did say Y, or use it as a way to authenticate posting between servers... see the text for more information). But of course, once you have public keys, you can do encryption, which is not handled in the spec, but could be added as an extension layer on top of ActivityPub. However, it's not clear that linked data signatures and http signatures will gain significant adoption; the whole "auth space" is unclear, which is why we couldn't make a definitive answer here. But I'm hopeful!

Hope that helps. In other words, there's passive protection for now, but things are left open for us to build a stronger encyrpted communication platform on top.... depending on what happens with the rest of the standards world.