🔐 Every unencrypted email is readable by 10+ entities and stored forever.
-
@nicfab I did not know of this, and find it fascinating. I use proton with a custom domain, so I don't benefit from it based on the article. Next project: setting up my wkd server!
Only downside: I make extensive use of catch-all addresses, and I suppose wkd doesn't account for a "default user inbox" if it relies on username hashes like the article explains. But still worth setting up!
@PierricD You can set up WKD with your domain name even if the MX records are on Proton. You need a server.
-
@nicfab @Blort we know there is an IETF doc about wkd. Delta is probably one of the most standards based messengers out there https://github.com/chatmail/core/blob/main/standards.md
But that doesn't mean any IETF standard is unconditionally a good idea for resilient decentralized messaging. -
@PierricD You can set up WKD with your domain name even if the MX records are on Proton. You need a server.
-
🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
-
🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab @koehntopp Sounds too good. Hope it's not. 😃👍
-
@nicfab @koehntopp Sounds too good. Hope it's not. 😃👍
@micha @koehntopp Why not?
-
🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
-
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 1/6
Your analysis hits the nail on the head. The fundamental architecture of email predates modern cryptography, and what we do today is essentially retrofitting security onto a protocol from the 1970s. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 2/6
The lack of PFS is indeed critical: every encrypted email becomes a time capsule waiting for quantum computers or a key compromise. Unlike Signal or Matrix, which utilize double-ratchet algorithms to ensure both forward and backward secrecy, email encryption remains static — a single key leak compromises entire email histories. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 3/6
And metadata exacerbates the issue: even with PGP/S/MIME, headers expose communication patterns, timestamps, and relationships that can be more revealing than the message content itself. WKD is pragmatic incrementalism: it solves the decades-old “chicken and egg” of key distribution, but it’s still polishing brass on the Titanic. Real progress requires a protocol redesign. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 4/6
Possible directions include:
• MLS (Messaging Layer Security) for federated asynchronous messaging with PFS
• Post-quantum key exchange (already in TLS 1.3 trials)
• Encrypted headers and padding to mitigate traffic analysis
• Ephemeral identities to reduce long-term correlation -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 5/6
The hard part is backward compatibility: email’s universality is both its strength and its prison. Perhaps the way forward is dual: incremental improvements (e.g., WKD, Autocrypt) to make current email “secure enough,” while simultaneously building truly secure alternatives that could eventually replace SMTP. -
@nicfab I appreciate every attempt to make the web more secure by default.
What is your opinion on if I would state: Isn’t encrypted mail also stored forever and readable in the future? As e-mail lacks PFS…
I’m more concerned about that and things like headers being not encrypted and therefore, leaking meta data, than getting my keys to ppl.
If things must change it is probably SMTP that needs a successor with things like double ratchet session keys and key exchange parameters. And while we’re on it, probably some post quantum ability would fit the timeline we are in.
What do you think?
@lennybacon 6/6
So the real question is: migration by evolution or by revolution? -
-
@thedarktangent @yawnbox This article is not about email security but about WKD. I have already written about email security and will likely revisit the topic in the near future.
-
@nicfab @Blort we know there is an IETF doc about wkd. Delta is probably one of the most standards based messengers out there https://github.com/chatmail/core/blob/main/standards.md
But that doesn't mean any IETF standard is unconditionally a good idea for resilient decentralized messaging.@delta @Blort 1/3 - Absolutely right — IETF standards aren't automatically the best fit for every use case. DeltaChat is actually a great example of this nuanced approach: it leverages email infrastructure creatively while adding features like Autocrypt and ChatMail servers to address some of email's inherent limitations.
-
@nicfab @Blort we know there is an IETF doc about wkd. Delta is probably one of the most standards based messengers out there https://github.com/chatmail/core/blob/main/standards.md
But that doesn't mean any IETF standard is unconditionally a good idea for resilient decentralized messaging. -
@nicfab @Blort we know there is an IETF doc about wkd. Delta is probably one of the most standards based messengers out there https://github.com/chatmail/core/blob/main/standards.md
But that doesn't mean any IETF standard is unconditionally a good idea for resilient decentralized messaging. -
@thedarktangent @yawnbox This article is not about email security but about WKD. I have already written about email security and will likely revisit the topic in the near future.
@nicfab @yawnbox I have lived through essentially the same issues with PGP keys in DNS, hashes of SMime keys in DNS, MTA-STS, DANE for SMTP, automatic SMIME using SMILE, etc.
I hope WKD does better! But I fear that without a solution to local email search it will be a victim of its own success, or you will have to put so much information in the subject line to remind you what is in the encrypted body that some privacy is lost.
-
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Attinenza
Firefox spesso propone contenuti interessanti, pur non profilandoti. Ieri mi ha proposto «La tenuta delle famiglie si basa spesso sul ricatto emotivo (e chi ha una comunicazione aperta è "la pecora nera")»L'articolo sarebbe anche interessante; solo non ho capito che attinenza abbia la foto in evidenza che mostra una persona in una Chiesa Cattolica, con un sacerdote sull'altare.
La tenuta
https://monodes.com/predaelli/2025/09/28/attinenza/
#Catholicism #Ethics
-
Christos Margiolis is preparing for his presentation: Re-decentralizing the Internet with BSD
-
@snow snow@snowfan.masto.host @snow beh 10 minuti sembrano pochi, ma col brute force vogliono dire ere geologiche a colpi di 10 minuti :) cmq sono curioso, che hai fatto?
-
And here I'm just checking out the hook while the DJ revolves it…
-
@informapirata @informatica il governo e questo pseudo ministro non ne fanno una giusta neanche per errore
-
@FraEmme che poi andarsene e scappare sono due concetti molto diversi.
-
A good use for a car
#cat #catsofmastodon #catstodon
-
The Canadian Federation of Nurses Unions has written a letter to Prime Mark Carney demanding an end to Canada's free trade agreement with Israel and "diplomatic and economic support for apartheid in Israel." ✊
