A probable implementation is that you bootstrap the initial key exchange using web PKI (if you want to talk to Alice@example.com then your client makes a TLS connection to example.com and asks for Alice's public key) and thereafter you use something like the Signal ratchet thing.
A probable implementation is that you bootstrap the initial key exchange using web PKI (if you want to talk to Alice@example.com then your client makes a TLS connection to example.com and asks for Alice's public key) and thereafter you use something like the Signal ratchet thing.
That technical solution is significant and unsolved. I don’t think it would likely work without some major new standards either.
Serving 2+ billion daily users is a technical challenge at least