🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Senza categoria
44
Post
12
Autori
0
Visualizzazioni
-
@seecurity @Fr333k You’re right that nothing in email crypto is ever “simple” — WKD doesn’t change the complexity of OpenPGP itself. However, it does solve a particular problem that has long blocked adoption: key discovery.
That doesn’t contradict the analogy with HTTPS — it’s about lowering friction, not erasing complexity.
And yes, S/MIME can be smoother in some contexts, but WKD gives domains a way to make OpenPGP more usable in practice.@nicfab @Fr333k Email crypto is extremely complex and because of this, has plenty of attack surface. We published close to 10 papers in the last seven years attacking email and email encryption with OpenPGP and S/MIME.
I am at the point where I find recommending email encryption to be actively harmful. Metadata leaks all over the place, crypto from the '90s, plaintext fallbacks everywhere, user hate it, in particular the gnupg devs are very toxic, mail client developers lack time and (too often) expertise to implement it properly.
Just use Signal. If you got budget, build an app on top of Signal. Heck, just use WhatsApp. Just don't even try to send sensitive information with email encryption.
-
@nicfab @Fr333k Email crypto is extremely complex and because of this, has plenty of attack surface. We published close to 10 papers in the last seven years attacking email and email encryption with OpenPGP and S/MIME.
I am at the point where I find recommending email encryption to be actively harmful. Metadata leaks all over the place, crypto from the '90s, plaintext fallbacks everywhere, user hate it, in particular the gnupg devs are very toxic, mail client developers lack time and (too often) expertise to implement it properly.
Just use Signal. If you got budget, build an app on top of Signal. Heck, just use WhatsApp. Just don't even try to send sensitive information with email encryption.
It’s true: email crypto has flaws and decades of technical debt. But saying “just use Signal or WhatsApp” trades one problem for another — centralized silos controlled by single entities, which is even worse for long-term resilience, governance, and privacy.
WKD won’t magically fix email, but it removes real barriers and raises the baseline. Abandoning open, federated protocols entirely in favor of walled gardens is not a sustainable path.
-
🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab I already have a webserver for my website using my own domain name, do I need a second one or is it possible to combine this somehow?
Really interesting, first I hear of it. Thanks for sharing it!
-
@nicfab I already have a webserver for my website using my own domain name, do I need a second one or is it possible to combine this somehow?
Really interesting, first I hear of it. Thanks for sharing it!
@chiefbongo WKD is for a single domain name only. They cannot be combined, but you can have multiple WKD configurations for numerous domain names on the server.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
This post did not contain any content.
-
@mlinksva also I'm sorry to hear about your dad. Although as far as hobbies go, that seems like a good one.
-
@snow mi ricorda il ministero della pace di 1984...
-
Quando @gifter fa casino coi suggerimenti della tastiera predittiva sullo smartphone e invece di "corrige" gli esce "porridge" adesso ERRATA PORRIDGE è un tormentone. Meno male che poi la cieca sono io. Guardare quando si scrive...
[emoji parlante: fumetto dialogo, toro con le corna, asino con le orecchie lunghe]
-
@mlinksva there are only two nuts on the hazelnut trees this year. I am hoping for more bounty in future seasons.
-
-
@mlinksva this one is under a butternut (Juglans cinerea). It fruited for the first time this year too, although I can't find any on the ground. I think the squirrels made off with the loot before I got anywhere near the tree.
-
silverpill@mitra.social helge@mymath.rocks theoretically it is possible to reduce down any activities your software doesn't understand into a "generic" presentation — it likely needn't be user facing. Though I do think at that point you'd need to save the original AS payload for future processing, potentially.
Realistically I would probably expect implementors to support only their subset of activities and objects. It falls short of the ideal, though the ideal is well worth shooting for.
Post suggeriti
-
È successo di nuovo, anche Linkedin come Facebook e Instagram utilizzano i dati degli utenti per addestrare i modelli IA senza chiedere il consenso esplicito
Senza categoria
2
-
-
-
Why use a URL shortener when you can use a phishy URL extender?https://phishyurl.com/ Keep your security people alert and awake, generate phishing-looking redirecting links#infosec
Senza categoria
1
