🔐 Every unencrypted email is readable by 10+ entities and stored forever.
-
@seecurity @Fr333k You’re right that nothing in email crypto is ever “simple” — WKD doesn’t change the complexity of OpenPGP itself. However, it does solve a particular problem that has long blocked adoption: key discovery.
That doesn’t contradict the analogy with HTTPS — it’s about lowering friction, not erasing complexity.
And yes, S/MIME can be smoother in some contexts, but WKD gives domains a way to make OpenPGP more usable in practice.@nicfab @Fr333k Email crypto is extremely complex and because of this, has plenty of attack surface. We published close to 10 papers in the last seven years attacking email and email encryption with OpenPGP and S/MIME.
I am at the point where I find recommending email encryption to be actively harmful. Metadata leaks all over the place, crypto from the '90s, plaintext fallbacks everywhere, user hate it, in particular the gnupg devs are very toxic, mail client developers lack time and (too often) expertise to implement it properly.
Just use Signal. If you got budget, build an app on top of Signal. Heck, just use WhatsApp. Just don't even try to send sensitive information with email encryption.
-
@nicfab @Fr333k Email crypto is extremely complex and because of this, has plenty of attack surface. We published close to 10 papers in the last seven years attacking email and email encryption with OpenPGP and S/MIME.
I am at the point where I find recommending email encryption to be actively harmful. Metadata leaks all over the place, crypto from the '90s, plaintext fallbacks everywhere, user hate it, in particular the gnupg devs are very toxic, mail client developers lack time and (too often) expertise to implement it properly.
Just use Signal. If you got budget, build an app on top of Signal. Heck, just use WhatsApp. Just don't even try to send sensitive information with email encryption.
It’s true: email crypto has flaws and decades of technical debt. But saying “just use Signal or WhatsApp” trades one problem for another — centralized silos controlled by single entities, which is even worse for long-term resilience, governance, and privacy.
WKD won’t magically fix email, but it removes real barriers and raises the baseline. Abandoning open, federated protocols entirely in favor of walled gardens is not a sustainable path.
-
🔐 Every unencrypted email is readable by 10+ entities and stored forever.
Web Key Directory (WKD) changes this: automatic encryption using your domain name. No manual keys. No central servers. Just cryptographic certainty.
WKD makes encrypted email as simple as HTTPS made web browsing secure.
https://www.nicfab.eu/en/posts/wkd2/
#WebKeyDirectory #WKD #EmailEncryption #Privacy #InfoSec #Cryptography #OpenPGP
@nicfab I already have a webserver for my website using my own domain name, do I need a second one or is it possible to combine this somehow?
Really interesting, first I hear of it. Thanks for sharing it!
-
@nicfab I already have a webserver for my website using my own domain name, do I need a second one or is it possible to combine this somehow?
Really interesting, first I hear of it. Thanks for sharing it!
@chiefbongo WKD is for a single domain name only. They cannot be combined, but you can have multiple WKD configurations for numerous domain names on the server.
-
@thedarktangent @yawnbox I share your concern — past attempts (PGP in DNS, DANE, SMILE, etc.) struggled with adoption. WKD isn’t a complete solution, but it’s worth setting up: it removes a key barrier and makes encrypted mail more usable, even if challenges like local search and subject-line leaks remain.
-
@thedarktangent @yawnbox I don't know.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
L’ingresso di nuovi partner appare problematico per la delicata architettura giuridica e industriale del programma. A differenza del consorzio #FCAS — rallentato da tensioni tra #Dassault e #Airbus per il controllo della proprietà intellettuale e la distribuzione dei carichi di lavoro — il #GCAP ha mantenuto una governance agile. L’inserimento di un nuovo attore comporterebbe ritardi e rinegoziazioni su sicurezza informatica e con potenziali sui vincoli geopolitici.
-
@francescotoniolo A breve termine, no. Accetterò i progetti occasionali che arrivano, ma ormai non mi illudo più di poter vivere così. Sto cercando anche altro, ma non ho altre skill: sono un traduttore, leggo e studio tanto ma non so nulla di contabilità o altro. Forse prenderò dei CFU di lett. ing. per poi fare i 60 CFU e accedere al concorso insegnanti, ma ci vuole tempo.
-
Mica ho detto che condividevo le sue parole.
Il problema è quello.
Vogliono che Israele sparisca? Auguri!L'età media in Israele è 30 anni, gran parte dei suoi abitanti sono nati lì, dopo la guerra del '48.
Sono 8 milioni. Che volemo fa'?Non posso certo dire ai palestinesi come combattere le loro battaglie, ma posso dire quali non mi piacciono.
-
Ah, quindi il segretario di Clownlandia ha radunato generali e ammiragli per invitarli a non essere woke e che si vis pacem para bellum? Utilissimo.
-
-
#FCAS #GCAP #Leonardo
https://scenarieconomici.it/guerra-fcas-airbus-dassault-vantaggio-gcap-italia/
-
@ltratt @bremner I'm not sure about your regulations, but here any time a train hits an animal, or anything really, it is mandatory to stop the train and make sure that all of the blood comes indeed from an animal and no human was killed
and possibly also to collect evidence to be able to find the owner of the animal to fine them, but I believe in your case this would be the king, and thus he will not be fined?
