๐ Every unencrypted email is readable by 10+ entities and stored forever.
-
@Blort
Sorry for the misunderstanding.
I strongly believe that everyone should communicate exclusively via encrypted email, and I have held this position for many years.
I published several posts on my blog on that topic.@nicfab I take full credit / blame for any misunderstanding there! I forgot Masto would automatically @ you in any reply, and didn't think about how it would look like I was directing the question at you. My bad!
I'd love to see a wider discussion of this though, as the ramifications could be groundbreaking to private communications.
If there's one thing my professional life has taught me, it's how making things even a tiny bit easier / harder can have huge ramifications on what people actually do (or not).
This seems like it could genuinely make encrypted email easy after decades of adoption being very hard. That gets me very interested in the strengths and limitations of the approach and how it's adoption could be encouraged.
Could it be extended to something like @delta chat?
-
@nicfab seeing https://wkd.dp42.dev referenced has made my day!
@chimbosonic I mentioned your tool in my article. Read it! ๐
Congratulations on your work! Great resource! -
@nicfab I take full credit / blame for any misunderstanding there! I forgot Masto would automatically @ you in any reply, and didn't think about how it would look like I was directing the question at you. My bad!
I'd love to see a wider discussion of this though, as the ramifications could be groundbreaking to private communications.
If there's one thing my professional life has taught me, it's how making things even a tiny bit easier / harder can have huge ramifications on what people actually do (or not).
This seems like it could genuinely make encrypted email easy after decades of adoption being very hard. That gets me very interested in the strengths and limitations of the approach and how it's adoption could be encouraged.
Could it be extended to something like @delta chat?
@Blort @nicfab we know about wkd and some of us have engaged with it in earlier times. Our current trajectory of #chatmail developments is not directly fitting as we are aiming to hide all cryptographic identity information from the transport layer (email servers). Wkd rather reinforces the central role of email servers in managing and controlling a users cryptographic identity. Besides there are error cases (wkd down/erroring), stale keys and other issues that cause UX challenges.
-
๐ Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab I did not know of this, and find it fascinating. I use proton with a custom domain, so I don't benefit from it based on the article. Next project: setting up my wkd server!
Only downside: I make extensive use of catch-all addresses, and I suppose wkd doesn't account for a "default user inbox" if it relies on username hashes like the article explains. But still worth setting up!
-
@Blort @nicfab we know about wkd and some of us have engaged with it in earlier times. Our current trajectory of #chatmail developments is not directly fitting as we are aiming to hide all cryptographic identity information from the transport layer (email servers). Wkd rather reinforces the central role of email servers in managing and controlling a users cryptographic identity. Besides there are error cases (wkd down/erroring), stale keys and other issues that cause UX challenges.
-
@nicfab I did not know of this, and find it fascinating. I use proton with a custom domain, so I don't benefit from it based on the article. Next project: setting up my wkd server!
Only downside: I make extensive use of catch-all addresses, and I suppose wkd doesn't account for a "default user inbox" if it relies on username hashes like the article explains. But still worth setting up!
@PierricD You can set up WKD with your domain name even if the MX records are on Proton. You need a server.
-
@nicfab @Blort we know there is an IETF doc about wkd. Delta is probably one of the most standards based messengers out there https://github.com/chatmail/core/blob/main/standards.md
But that doesn't mean any IETF standard is unconditionally a good idea for resilient decentralized messaging. -
@PierricD You can set up WKD with your domain name even if the MX records are on Proton. You need a server.
-
๐ Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
-
๐ Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab @koehntopp Sounds too good. Hope it's not. ๐๐
-
@nicfab @koehntopp Sounds too good. Hope it's not. ๐๐
@micha @koehntopp Why not?
-
๐ Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
-
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 1/6
Your analysis hits the nail on the head. The fundamental architecture of email predates modern cryptography, and what we do today is essentially retrofitting security onto a protocol from the 1970s. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 2/6
The lack of PFS is indeed critical: every encrypted email becomes a time capsule waiting for quantum computers or a key compromise. Unlike Signal or Matrix, which utilize double-ratchet algorithms to ensure both forward and backward secrecy, email encryption remains static โ a single key leak compromises entire email histories. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 3/6
And metadata exacerbates the issue: even with PGP/S/MIME, headers expose communication patterns, timestamps, and relationships that can be more revealing than the message content itself. WKD is pragmatic incrementalism: it solves the decades-old โchicken and eggโ of key distribution, but itโs still polishing brass on the Titanic. Real progress requires a protocol redesign. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 4/6
Possible directions include:
โข MLS (Messaging Layer Security) for federated asynchronous messaging with PFS
โข Post-quantum key exchange (already in TLS 1.3 trials)
โข Encrypted headers and padding to mitigate traffic analysis
โข Ephemeral identities to reduce long-term correlation -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 5/6
The hard part is backward compatibility: emailโs universality is both its strength and its prison. Perhaps the way forward is dual: incremental improvements (e.g., WKD, Autocrypt) to make current email โsecure enough,โ while simultaneously building truly secure alternatives that could eventually replace SMTP. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isnโt encrypted mail also stored forever and readable in the future? As e-mail lacks PFSโฆ
Iโm more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while weโre on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 6/6
So the real question is: migration by evolution or by revolution? -
-
@thedarktangent @yawnbox This article is not about email security but about WKD. I have already written about email security and will likely revisit the topic in the near future.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@Alviro Putroppo mi dicono fonti MOLTO attendibili che la Seasalvia ha preso per il c*** tutti รจ ha finito di caricare stamattina. Ora รจ giร in viaggio.๐คฆโโ๏ธ
-
Fate girare per favore ๐ stanno rischiando la loro vita per valori che credevamo nostri.
-
@paoloredaelli
Io tutti quelli che conosco lavorativamente ci sono e pubblicano praticamente solo cose "quanto sono figo" ,non mi piacciono gli ambienti cosรฌ
@prealpinux
-
Dopo il blocco della petroliera Seasalvia il 25 settembre, anche il 26 sera e nella serata odierna lavoratori e cittadini sono tornati davanti alle banchine per fermare il rifornimento di greggio destinato allโaviazione militare israeliana. il nostro porto รจ coinvolto in operazioni che alimentano conflitti armati.Il porto e il polo industriale di Taranto devono servire la pace, il lavoro dignitoso e la transizione ecologica, non i bombardamenti.
La nostra cittร rifiuta ogni complicitร .
-
Genova, in migliaia invadono le strade per Gaza e la Flotilla, Salis: "Palestina libera". E i portuali bloccano "container pericolosi" diretti in Israele https://www.ilfattoquotidiano.it/2025/09/28/genova-in-migliaia-invadono-le-strade-per-gaza-e-la-flotilla-salis-palestina-libera-e-i-portuali-bloccano-container-pericolosi-diretti-in-israele/8141961/
-
@muffa io guardo solo quella femminile e sono fan di Myriam Sylla e Alessia Orro, spiaze
-
Ho 2 server (oltre a snowfan.masto.host che รจ in hosting gestito). Ogni tanto mi guardo i log dei tentativi di accesso e noto alcuni recidivi che erano giร stati bannati, evidentemente i 10 minuti di default e i 10 tentativi in un'ora non li fanno demordere. Devo ringraziarli, mi รจ servito a ristudiarmi #Fail2ban e irrigidirlo.๐
-
Giornata mondiale per lโaborto libero e sicuro: lโivg in pillole
@anarchia
Da 47 anni in Italia esiste una legge che consente il diritto allโinterruzione volontaria di gravidanza: la legge 194 del 1978.ย E da 47 anni le donne continuano a dover richiedere alle istituzioni e ai https://www.rivoluzioneanarchica.it/giornata-mondiale-per-laborto-libero-e-sicuro-livg-in-pillole/
