Follow
Note sure if the latter is a good approach as E2EE is notoriously difficult to implement and comes with a massive pain-in-the-ass requirements such as key verification. I would let Mastodon do one thing - ActivityPub - well and leave E2EE to projects that specialise in direct secure comms.