Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:17:20 JST Soatok Dreamseeker

   We should talk about Werner Koch's response https://gpg.fail on the oss-security mailing list.

   https://www.openwall.com/lists/oss-security/2025/12/29/9

   Yes, and actually the only serious bug from their list.

   Koch either didn't watch the talk, he is in such defense of his own ego that he can't see how serious the bugs were, or he's tacitly admitting that PGP is not a serious recommendation.

   Can you distinguish between these three explanations?

   Could it be all of them are true?

   Impact
   
   While this may allow remote code execution (RCE), it definitively causes memory corruption.

   Good research.

   I think this sarcastic quip is what reveals Werner Koch's opinion about the security researchers and their work.

   The rest of his email is measured (and partly responding to other mailing list participants rather than the disclosure directly).

   • Rich Felker repeated this.
   • Embed this notice
     nadja (dequbed@mastodon.chaosfield.at)'s status on Tuesday, 30-Dec-2025 22:24:19 JST nadja

     in reply to

     @soatok I wish I was surprised but no this entirely tracks. PGP in general and GnuPG specifically are the masters of “that's not a bug, you're just holding it wrong”.

     To which I will just quote Maxim 62 of Schlock Mercenary:
     “Anything labeled "This end toward enemy" is dangerous at both ends.”
     To wit, if you can hold it wrong it's dangerous even if held right. Cryptography is too important to only be available in dangerous tools.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:32:50 JST Soatok Dreamseeker

     in reply to

     I think 2026 should be the year that we make PGP irrelevant.

     Not just GnuPG (Koch's implementation), but the entire OpenPGP ecosystem.

     Most cryptographers I talk to gave up on PGP over a decade ago.

     (After seeing the arrogance and dismissiveness that bled through Koch's oss-security email, who can blame them?)

     If you're a country whose government mandates the use of PGP, even in obscure places, let's talk about how to replace PGP.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:34:08 JST Soatok Dreamseeker

     in reply to

     • Bálint Szilakszi

     @szbalint There are government agencies and Linux distribution that mandate PGP usage.

     We should excise PGP from being necessary anywhere we find it.

     I'm happy to work on replacements, even if it means cobbling together a horrid Swiss Army Knift frontend for age, minisign, magic-wormhole, etc. to satisfy use cases that require this kind of stupid tool that PGP users are accustomed to.

   • Embed this notice
     Bálint Szilakszi (szbalint@x0r.be)'s status on Tuesday, 30-Dec-2025 22:34:09 JST Bálint Szilakszi

     in reply to

     @soatok didn’t this already happen?

     At a mid sized company we do not use pgp for anything at all.

     I guess there are some legacy users, hmm maybe this is more of a communications issue

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:40:11 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik We replace email itself with a protocol that doesn't have a plaintext fallback mode, but has the same UX and can optionally yeet ciphertext (without meaningful metadata) over IMAP/SMTP if necessary.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 22:40:12 JST Petr Menšík :fedora:

     in reply to

     @soatok what is the replacement for email encryption then?

   • Embed this notice
     Fabio Valentini (decathorpe@mastodon.social)'s status on Tuesday, 30-Dec-2025 22:42:42 JST Fabio Valentini

     in reply to

     @soatok I'm all for replacing outdated technologies, but I don't think getting rid of OpenPGP entirely could happen any time soon. especially RPM based Linux distros heavily rely on it for package signing ... (but at least things are migrating away from using GnuPG for this purpose)

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:42:42 JST Soatok Dreamseeker

     in reply to

     • Fabio Valentini

     @decathorpe That is precisely where we need to focus our energy to force it to happen.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:43:34 JST Soatok Dreamseeker

     in reply to

     • Morten Linderud

     @Foxboron https://github.com/fedi-e2ee/public-key-directory-specification/blob/main/Specification.md#auxiliary-data

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Tuesday, 30-Dec-2025 22:43:36 JST Morten Linderud

     in reply to

     @soatok

     This is why I would prefer to generalize and move public key distribution to some `well-known` directory.

     https://github.com/C2SP/C2SP/issues/192

     I'm looking at figuring out a convenient abstraction over this in the form of:

     ```
     keys | keys list | keys foxboron@example.org
     keys get -t age foxboron@example.org
     keys fetch foxboron@example.org
     ```

     or something along these lines. Once you have the keys inside a dir and some "identifier" you could work on tooling on top of this.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:43:57 JST Soatok Dreamseeker

     in reply to

     • Fabio Valentini

     @decathorpe That sounds like a solvable kind of vendor lock-in to me.

   • Embed this notice
     Fabio Valentini (decathorpe@mastodon.social)'s status on Tuesday, 30-Dec-2025 22:43:59 JST Fabio Valentini

     in reply to

     @soatok forcing isn't going to work when company you rely on for server infrastructure isn't interested 😅

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 22:47:10 JST Petr Menšík :fedora:

     in reply to

     @soatok wouldn't it be enough to propose RFC for secure email handling by email clients? Creating completely new protocol might hit problems solved already in existing protocols. Or sharing the same problems the old ones failed to solve well enough. For example user friendly, decentralized key distribution has no great solution, if it should be secure at the same time?

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:47:10 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik

     wouldn't it be enough to propose RFC for secure email handling by email clients?

     No. The problems with encrypted email are unsolvable by RFCs.

     Creating completely new protocol might hit problems solved already in existing protocols.

     This is why https://github.com/soatok/awoo-specification is still an empty repo: It's work I planned to do after I solved key transparency for Fedi and E2EE happens.

     For example user friendly, decentralized key distribution has no great solution, if it should be secure at the same time?

     Literally, https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:48:02 JST Soatok Dreamseeker

     in reply to

     • Morten Linderud

     @Foxboron How is that not a server?

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:48:04 JST Soatok Dreamseeker

     in reply to

     • Morten Linderud

     @Foxboron There is no way to solve this without requiring "a server".

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Tuesday, 30-Dec-2025 22:48:04 JST Morten Linderud

     in reply to

     @soatok
     Yes, but a httpdir is simpler.

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Tuesday, 30-Dec-2025 22:48:06 JST Morten Linderud

     in reply to

     @soatok
     I'm aware of that work, but it has a custom tlog implementation and requires a server.

     I think it should be simpler like `wkd`, and then try jam a tlog into this somehow.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:50:25 JST Soatok Dreamseeker

     in reply to

     • Morten Linderud

     @Foxboron Yeah but I'm already working to make this a Fediverse-wide thing.

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Tuesday, 30-Dec-2025 22:50:27 JST Morten Linderud

     in reply to

     @soatok
     I should have been more specific, sorry. It requires it's own server software.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:54:11 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik The PHP is unimportant.

     Once the reference software is stable, I will revive the Go implementation.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 22:54:12 JST Petr Menšík :fedora:

     in reply to

     @soatok I would argue PHP is not the most trusted language for cryptography sensitive tasks. Not everyone has fediverse identity. Solving all problems with fresh new code usually doesn't work so well. I would focus on improving what we have by evolution, not revolution.

   • Embed this notice
     aronowski (aronowski@furry.engineer)'s status on Tuesday, 30-Dec-2025 22:57:02 JST aronowski

     in reply to

     • nadja
     • marmarta

     @soatok @49016 @dequbed IMHO the saddest thing here is that users are expected to go out of their way to "do security" as the sole purpose of their computing for the computing to be secure, because for whatever reason security-oriented software can silently destroy its own purpose - except that I've heard about the opposite, as it should be and does exist, happening in malicious contexts, like proctoring spyware accusing someone of cheating merely because a lawnmower is working outside (of course it is definitely passing encoded answers to an exam with the noise!)

     Might be a good opportunity to link to one of the talks about UX by @marmarta: https://media.ccc.de/v/38c3-ux-for-hackers-why-it-matters-and-what-can-you-do

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:06:23 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik

     I would focus on improving what we have by evolution, not revolution.

     There's little to improve on for Age, Minisign, etc.

     I'm not here to improve PGP. I'm here to kill PGP.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:07:50 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik https://words.filippo.io/keyserver-tlog/

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 23:07:51 JST Petr Menšík :fedora:

     in reply to

     @soatok how does age or mini sign distribute their public keys? How they improved PGP trust model?

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:08:54 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik Also, https://github.com/FiloSottile/age/releases/tag/v1.3.0

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:31:50 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik https://github.com/fedi-e2ee/fedi-pkd-extensions

     I can keep this up all day

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 23:31:51 JST Petr Menšík :fedora:

     in reply to

     @soatok how should be keys distributed for minisign? Has any Linux distribution started using it for signing their packages? Or any other system in somehow mass scale?

   • Embed this notice
     Adam Caudill (adam_caudill@infosec.exchange)'s status on Tuesday, 30-Dec-2025 23:33:14 JST Adam Caudill

     in reply to

     • Petr Menšík :fedora:

     @soatok @pemensik After the last time there was a real push to do something about the state of email security, a dozen+ proposals coming forward, and the entire effort dying in a years-long whimper - I wish I still had your hope that there is any real chance of making progress on this.

     After wasting truly countless hours drafting one of those dozen+ proposals to replace email, I firmly believe that any effort to fix or replace email is doomed. A nice idea, something that should have been possible, but something that’ll face insurmountable resistance.

     I and many others poured thousands of hours into drafting solutions, specifying protocols, analyzing and documenting security properties, addressing usability and interoperability, all for nothing. Every proposal was dismissed, with varying levels of insults directed at the authors, making it clear that those with the most vested interests in the email market would never support any such effort.

     It’s easy to waste far too much time trying to solve this one.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:33:14 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Adam Caudill

     @adam_caudill @pemensik I hear you, and I'm not planning to walk a well-tread path on this one.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:36:53 JST Soatok Dreamseeker

     in reply to

     • Dave Wilburn :donor:
     • Petr Menšík :fedora:

     @DaveMWilburn @pemensik It's like asking how to safely shoot oneself in the foot.

     Email has too many failure modes. Too many people reply to encrypted emails with plaintext, often with a quote-reply of the email sent.

     Signal doesn't have a plaintext mode. That's the primary reason it's superior to Matrix / XMPP.

   • Embed this notice
     Dave Wilburn :donor: (davemwilburn@infosec.exchange)'s status on Tuesday, 30-Dec-2025 23:36:54 JST Dave Wilburn :donor:

     in reply to

     • Petr Menšík :fedora:

     @soatok @pemensik

     It is absolutely maddening that the answer to the question, "how do I send an encrypted email in 2025?" is, "you don't."

     And that when pressed further, the best workaround one can offer is, "just use Signal chat in lieu of email."

     But that's somehow where we are.

     Truly the worst and dumbest timeline.

   • Embed this notice
     Fabio Valentini (decathorpe@mastodon.social)'s status on Tuesday, 30-Dec-2025 23:40:28 JST Fabio Valentini

     in reply to

     @soatok Fedora living on Red Hat provided servers is not solvable, no. I mean, unless we move the project to a different legal entity and get hundreds of thousands of doleros in funding from ~somewhere

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:40:28 JST Soatok Dreamseeker

     in reply to

     • Fabio Valentini

     @decathorpe Then we strong-arm Red Hat.

     PGP needs to die.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 23:41:09 JST Petr Menšík :fedora:

     in reply to

     @soatok do you propose to have keys distributed for every signature types by different protocol or mechanism?

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:41:09 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik https://github.com/fedi-e2ee/fedi-pkd-extensions

     Each key type gets is own extension

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:51:13 JST Soatok Dreamseeker

     in reply to

     • Dave Wilburn :donor:
     • Petr Menšík :fedora:

     @pemensik @DaveMWilburn No.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Tuesday, 30-Dec-2025 23:51:14 JST Petr Menšík :fedora:

     in reply to

     • Dave Wilburn :donor:

     @soatok @DaveMWilburn my signal account required my phone number for an identity. Is it possible to start own signal server interoperable with other clients, with independent user identity?

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:52:24 JST Soatok Dreamseeker

     in reply to

     • Tris

     @tris This is the easiest use case to replace

   • Embed this notice
     Tris (tris@chaos.social)'s status on Tuesday, 30-Dec-2025 23:52:25 JST Tris

     in reply to

     @soatok Still most websites place e-mail and PGP keys for https://en.wikipedia.org/wiki/Security.txt. Also https://internet.nl/article/securitytxt-test-toegevoegd/ :P

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:56:08 JST Soatok Dreamseeker

     in reply to

     • Tokyo Outsider (337ppm)

     @tokyo_0 https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

     I finish the PKD project and move onto replace the long tail of PGP use cases is how.

   • Embed this notice
     Tokyo Outsider (337ppm) (tokyo_0@mas.to)'s status on Tuesday, 30-Dec-2025 23:56:09 JST Tokyo Outsider (337ppm)

     in reply to

     @soatok How do we replace PGP?

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Dec-2025 23:56:39 JST Rich Felker

     in reply to

     @soatok I thought it was irrelevant 20 years ago...

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:56:48 JST Soatok Dreamseeker

     in reply to

     • Rich Felker

     @dalias Governments and Linux distros never seemed to get the memo!

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:58:05 JST Soatok Dreamseeker

     in reply to

     • Tokyo Outsider (337ppm)

     @tokyo_0 No. Email itself is not fixable.

   • Embed this notice
     Tokyo Outsider (337ppm) (tokyo_0@mas.to)'s status on Tuesday, 30-Dec-2025 23:58:06 JST Tokyo Outsider (337ppm)

     in reply to

     @soatok Good luck 👍 Interesting to read about the issues with PGP. I guess people want to encrypt their e-mail because the functionality of e-mail is distinct from messaging platforms like Signal and they also want encryption. Would it be possible to create an update to the e-mail protocol that mandates built-in encryption, which then works like Signal but can be accessed using all e-mail clients compatible with an open standard? 🤔

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Tuesday, 30-Dec-2025 23:58:42 JST Soatok Dreamseeker

     in reply to

     • Tokyo Outsider (337ppm)

     @tokyo_0 To expand on that a little bit:

     https://infosec.exchange/@dymaxion/109344795644687902

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:01:28 JST Soatok Dreamseeker

     in reply to

     @tokyo_0 Because of the thousands of asshole gatekeepers, including at large tech companies, that don't want change.

   • Embed this notice
     Tokyo Outsider (337ppm) (tokyo_0@mas.to)'s status on Wednesday, 31-Dec-2025 00:01:29 JST Tokyo Outsider (337ppm)

     in reply to

     @soatok I don't understand why mandating encryption with an open standard wouldn't prevent the "oops I copied a bunch of people after decrypting your message" problem.

   • Embed this notice
     Tokyo Outsider (337ppm) (tokyo_0@mas.to)'s status on Wednesday, 31-Dec-2025 00:02:42 JST Tokyo Outsider (337ppm)

     in reply to

     @soatok The hurdles would be significant, for sure.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:02:42 JST Soatok Dreamseeker

     in reply to

     • Tokyo Outsider (337ppm)

     @tokyo_0 No, we replace email or we do nothing. They will not allow change.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:03:27 JST Soatok Dreamseeker

     in reply to

     • maswan
     • Dave Wilburn :donor:
     • Petr Menšík :fedora:

     @maswan @DaveMWilburn @pemensik Nah, I got something in the works.

   • Embed this notice
     maswan (maswan@mastodon.acc.sunet.se)'s status on Wednesday, 31-Dec-2025 00:03:29 JST maswan

     in reply to

     • Dave Wilburn :donor:
     • Petr Menšík :fedora:

     @DaveMWilburn @soatok @pemensik And thus we continue to use plaintext email for yet another decade while people invent various replacements in the form of walled gardens that at most solves 10% of the relevant usecases.

   • Embed this notice
     ⠠⠵ avuko (avuko@infosec.exchange)'s status on Wednesday, 31-Dec-2025 00:13:09 JST ⠠⠵ avuko

     in reply to

     • Bálint Szilakszi

     @soatok @szbalint

     And signify?

     https://github.com/aperezdc/signify

     Anyway, I had a convo with Zimmermann years ago about pgp, and what I remember from thinking back now, is that he didn’t think it was good (enough) or suitable for how (and by who) it is now being used.

   • Embed this notice
     FurryBeta (furrybeta@shark.community)'s status on Wednesday, 31-Dec-2025 00:13:14 JST FurryBeta

     in reply to

     @soatok It’s amazing to me how many people think email is secure, with or without the S/Mime extension. Even people who should know better (HR, finance, etc).

     I continually have to tell people that email is like a postcard sent through postal service. Anyone who has access to it can read it. “Would you feel comfortable sending a postcard with your credit card information plainly written on it?”

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:22:12 JST Soatok Dreamseeker

     in reply to

     • FurryBeta
     • RootWyrm 🇺🇦:progress:

     @rootwyrm @FurryBeta TLS 1.3 gives transport-layer encryption.

     The fact that TLS isn't already universally a thing for email is annoying.

     But the thing we're talking about (and why PGP keeps coming up) is folks want their emails confidential from their provider.

     And, sorry, that's just not doable. Experts routinely reply to PGP-encrypted emails with plaintext, often quote-replying the email that was encrypted.

   • Embed this notice
     RootWyrm 🇺🇦:progress: (rootwyrm@weird.autos)'s status on Wednesday, 31-Dec-2025 00:22:13 JST RootWyrm 🇺🇦:progress:

     in reply to

     • FurryBeta

     @FurryBeta @soatok oh, that's nothing. I have yelled repeatedly because email CAN be secure. We fucking have TLS1.3 transport. We've had good local filtering mechanisms since the 1990's.

     And guess what? The big three are the biggest fucking impediment by refusing to enforce TLS, intentionally sabotaging known secure methods, and continually misleading users and customers.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:51:39 JST Soatok Dreamseeker

     in reply to

     • elrido

     @elrido No! Not at all!

   • Embed this notice
     elrido (elrido@social.dssr.ch)'s status on Wednesday, 31-Dec-2025 00:51:55 JST elrido

     in reply to
     @soatok so, are you suggesting we switch to alternative openpgp implementations, such as sequoia or a different email encryption standard, such as S/MIME? I've refrained from using the latter in the past because it is not a web-of-trust solution, but requires trusted third parties, which generally means paying some blessed organization. I'd consider using it if there were non-commercial signing entities, like letsencryt does for TLS. Till now I've rather supported efforts of replacing gpg with sq, for example helping to package that for alpine.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:52:25 JST Soatok Dreamseeker

     in reply to

     • elrido

     @elrido https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 00:52:47 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • brainwashed by lentils

     @pelle @pemensik No.

   • Embed this notice
     brainwashed by lentils (pelle@veganism.social)'s status on Wednesday, 31-Dec-2025 00:52:48 JST brainwashed by lentils

     in reply to

     • Petr Menšík :fedora:

     @soatok @pemensik
     #deltachat

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 01:32:46 JST Soatok Dreamseeker

     in reply to

     • maryjane :fediverso:

     @maryjane https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

   • Embed this notice
     maryjane :fediverso: (maryjane@social.coletivos.org)'s status on Wednesday, 31-Dec-2025 01:32:47 JST maryjane :fediverso:

     in reply to

     @soatok Honest question, since it is one of the main uses for OpenPGP regardless of implementation:

     How do you replace package signing?

     Just stick with checksums?

   • Embed this notice
     just_one_bear (just_one_bear@mastodon.social)'s status on Wednesday, 31-Dec-2025 03:19:46 JST just_one_bear

     in reply to

     @soatok So Werner isn't satisfied unless someone publishes a full RCE PoC for every memory corruption found? Like, don't worry about missing bolts on the door plug, it only matters after a plug blows out of the aircraft in a commercial flight...

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 03:20:02 JST Soatok Dreamseeker

     in reply to

     • just_one_bear

     @just_one_bear That's how I interpreted his quip, yeah

   • Embed this notice
     Gyroplast (gyroplast@furry.engineer)'s status on Wednesday, 31-Dec-2025 04:25:46 JST Gyroplast

     in reply to

     • Bálint Szilakszi

     @soatok @szbalint
     I cannot help myself but think of GnuPG's UI/UX to be somewhat similar to the pre-Steam Dwarf Fortress.

     A horrible, inscrutable mess by anyone's standard, not even pretending to follow any rhyme or reason. People stare in awe (or pity) at those who not only trained themselves to use the fractally-broken, inconsistent mish-mash of key combinations, but even find joy in it, and relish the mantle of obscurity and aura of reverence by those who don't know better.

     If you need evidence for Stockholm Syndrome in software users, look no further than OG DF "players". No need to credit me in your SocSci paper, thank you.

     Oh, and I love DF! Been playing for… oh. 14 years. Welp. There goes my credibility.

     At least I can get rid of PGP in my life, I needed the kick. No point in keeping a liability around, with no actual benefit. I still mentally cling to encrypted email, but it's so demonstrably chock-full of foot 'nade launchers to make an old curmudgeon reconsider. Thanks!

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 04:35:18 JST Soatok Dreamseeker

     in reply to

     • F4GRX Sébastien
     • Petr Menšík :fedora:

     @f4grx @pemensik Nope.

   • Embed this notice
     F4GRX Sébastien (f4grx@chaos.social)'s status on Wednesday, 31-Dec-2025 04:35:21 JST F4GRX Sébastien

     in reply to

     • Petr Menšík :fedora:

     @soatok @pemensik you cant do that. Email is a de facto standard that works *everywhere*. You cant ditch that for another protocol before decades, and thats supposing tge new stuff has all the required features

     It's good to be idealist but the industrial world needs practical solutions. I would love a good replacement for PGP, but lets be honest, there is no tool that can protect files and email before transfer NOW.

     Maybe the path forward is fixing pgp, not yeeting it.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 04:38:54 JST Soatok Dreamseeker

     in reply to

     • F4GRX Sébastien
     • Petr Menšík :fedora:

     @f4grx @pemensik You cannot fix emails. I'm sorry, but that's just not going to happen.

     You either replace email or you give up entirely. There's too much political power in the hands of people that do not want anything solved.

     PGP is downstream of that mess. People have tried for years to fix PGP. That's what Sequoia allegedly was going to be.

     That still hasn't happened, because PGP implementations refuse to say "we only support the newest stuff, and only the features and use cases that need to exist".

     Why was the \f flag even in GnuPG? That shouldn't be a feature. If you designed a CTF challenge with that feature the judges would tell you it's too obvious and stupid, and to go back to the drawing board.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 08:55:28 JST Soatok Dreamseeker

     in reply to

     • holga

     @hpk Despite the domain name being GPG focused, some of gpg.fail affected other implementations.

     The only people who still want PGP to be a thing are in a fucking cult, I swear

   • Embed this notice
     holga (hpk@chaos.social)'s status on Wednesday, 31-Dec-2025 08:55:30 JST holga

     in reply to

     @soatok Why do the failures of gpg imply that openpgp and rfc9580 are bad? Have you looked at modern ways of doing openpgp and email like https://chatmail.at does it?
     See also https://chaos.social/@delta/115796626066185436

     There are also many broken ways to implement signal protocols but they are not useful as examples for discrediting signal.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Wednesday, 31-Dec-2025 08:58:55 JST Petr Menšík :fedora:

     in reply to

     • F4GRX Sébastien

     @soatok @f4grx I am software engineer working on RHEL. What you demand is never going to work. Marking old and insecure features obsolete and disabled by default is a way to go. It takes a lot of time. But any serious improvement cannot be done by re-inventing the wheel. It might be too slow in your opinion. But industry works that way for a good reason. Dnsflagday.org might be example how to move it forward.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 08:58:55 JST Soatok Dreamseeker

     in reply to

     • F4GRX Sébastien
     • Petr Menšík :fedora:

     @pemensik @f4grx We'll see.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:05:27 JST Soatok Dreamseeker

     in reply to

     • adb

     @adbenitez Didn't ask

   • Embed this notice
     adb (adbenitez@mastodon.social)'s status on Wednesday, 31-Dec-2025 09:05:28 JST adb

     in reply to

     @soatok what I don't get is why you take this opportunity to attack #pgp in general, like taking the opportunity to push for some agenda, the site is called gpg.fail, GPG not PGP, most of the problems are related to gpg or some C code implementation bug, or using gpg and others in the command line and getting tricked by some ansi printing in the terminal, how that translates to "let's kill pgp"? ex. none of the listed problems affect #DeltaChat at all

     (I was present in the gpg.fail talk btw)

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:10:45 JST Soatok Dreamseeker

     in reply to

     • Arch :arch:

     @arch What are your PGP use cases?

   • Embed this notice
     Arch :arch: (arch@floofy.tech)'s status on Wednesday, 31-Dec-2025 09:10:46 JST Arch :arch:

     in reply to

     @soatok I am going to be pushing for better options at work. We have a lot of PGP/GPG around and it's a pain in the ass to deal with. Especially since it's been around so long, so it's managed to acrue technical debt.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:25:43 JST Soatok Dreamseeker

     in reply to

     • Xe :verified:
     • Morten Linderud

     @Foxboron @cadey Tell me more about what's wrong with SSH's UX?

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Wednesday, 31-Dec-2025 09:25:45 JST Morten Linderud

     in reply to

     • Xe :verified:

     @cadey @soatok
     Honestly, `openssh` could be that tool if they just cared about their UX :/

   • Embed this notice
     Xe :verified: (cadey@pony.social)'s status on Wednesday, 31-Dec-2025 09:25:47 JST Xe :verified:

     in reply to

     @soatok I just want a single command "sign this fucking file" command like age

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:28:01 JST Soatok Dreamseeker

     in reply to

     • F4GRX Sébastien
     • Petr Menšík :fedora:
     • vvelox

     @vvelox @f4grx @pemensik I stand by the following:

     1. Encrypted email is doomed.
     2. PGP is not worth salavaging.
   • Embed this notice
     vvelox (vvelox@goatdaddy.net)'s status on Wednesday, 31-Dec-2025 09:28:05 JST vvelox

     in reply to

     • F4GRX Sébastien
     • Petr Menšík :fedora:

     @f4grx @pemensik @soatok As some one familiar with the whole stack when it comes to email, it is not that there is any political power holding back adding in something to replace PGP with a working RFC, it is that there is a stupidly large number of projects involved to make it all work and it requires getting every one on board. It is why new RFCs tend to get adopted slowly for it. Takes it's way to make it through the entire ecosystem.

     If you want a closer to home example, look at the encryption stuff you've mentioned working on for ActivityPub/Mastodon. So once you get it implemented for Mastodon, there is still every other ActivityPub server that also needs to support it as well.

     And here we are talking about a ecosystem that is incredibly small compared to the entire stack that is email.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:37:13 JST Soatok Dreamseeker

     in reply to

     • Xe :verified:
     • Morten Linderud

     @Foxboron @cadey This sounds like a very easy fix.

     Make two binaries:

     ssh-sign
     ssh-verify

     Literally make them just do the same thing.

   • Embed this notice
     Morten Linderud (foxboron@chaos.social)'s status on Wednesday, 31-Dec-2025 09:37:14 JST Morten Linderud

     in reply to

     • Xe :verified:

     @soatok @cadey
     I mean, can you remember the command to sign and validate the signature from the top of your head?

     I remember age, no issue. But ssh?

     `ssh-keygen -Y sign -n file -o signature.sig file`? I think?

     And to validate it's uhh
     `ssh-keygen -Y verify` and then I have to check the man page?

     Why is keygen doing this. What is `-Y`? What is `-n file` and why do you have to remember this across the sign and verify commands?

     Score: 2/10

     gpg is literally easier.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 09:42:53 JST Soatok Dreamseeker

     in reply to

     • Xe :verified:
     • Arch :arch:

     @arch @cadey Minisign and Signify are both that.

   • Embed this notice
     Arch :arch: (arch@floofy.tech)'s status on Wednesday, 31-Dec-2025 09:42:54 JST Arch :arch:

     in reply to

     • Xe :verified:

     @cadey @soatok Feels like that's what minisign is supposed to be if I'm not mistaken. I swear there was something else but it escapes me now.

   • Embed this notice
     Fabio Valentini (decathorpe@mastodon.social)'s status on Wednesday, 31-Dec-2025 15:31:52 JST Fabio Valentini

     in reply to

     @soatok good luck 😅

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Christopher Snowhill (chris@social.losno.co)'s status on Wednesday, 31-Dec-2025 15:31:52 JST Christopher Snowhill

     in reply to

     • Fabio Valentini

     @decathorpe @soatok Maybe someone needs to blackhat the whole PGP world to death first before anyone will listen.

   • Embed this notice
     Momo (momo@social.linux.pizza)'s status on Wednesday, 31-Dec-2025 15:32:01 JST Momo

     in reply to

     @soatok
     Since OS repositories rely on gpg for validating package signatures I took the liberty to forward the talk to my support contact at SUSE. He called me half an hour later stating that he's half through the talk and had already forwarded it to their internal security maillist because it's like a bad car accident you know you shouldn't stare at but you just can't stop watching... and I'm pretty sure Red Hat is watching, too.

     Soatok Dreamseeker repeated this.
   • Embed this notice
     David Leadbeater (dgl@infosec.exchange)'s status on Wednesday, 31-Dec-2025 15:33:27 JST David Leadbeater

     in reply to

     • Xe :verified:
     • Arch :arch:

     @cadey @soatok @arch https://paepcke.de/signify/ is go stdlib only deps and does signify and minisign. The API feels like it could be cleaner but the code is relatively simple.

   • Embed this notice
     Xe :verified: (cadey@pony.social)'s status on Wednesday, 31-Dec-2025 15:33:29 JST Xe :verified:

     in reply to

     • Arch :arch:

     @soatok @arch Can you do minisign signatures in go?

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 17:05:00 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik It's not my research. @49016 and its friends did the work.

     I'm just looking at that mess and deciding to make "Society has progressed past the need for PGP" a reality, even if it means doing a fuckton of thankless work to make it manifest.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Wednesday, 31-Dec-2025 17:05:02 JST Petr Menšík :fedora:

     in reply to

     @soatok most of these issues are in gnupg. Rpm in Fedora is switching to sequoiah. How many of these issues are in that code too and how they can be fixed? Were they reported to sequoiah before the Christmas with enough time to fix them? RH crypto team is on holidays now, just as majority of EU or US developers. They would certainly thank you for publishing important CVEs during this time. I hope I just didn't get it right. I expect some reaction after the New Year.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Wednesday, 31-Dec-2025 17:23:52 JST Petr Menšík :fedora:

     in reply to

     @soatok @49016 is there a date times, when those issues were reported to gnupg *and* sequoiah? Did they have embargoed time long enough before publishing? Why are we discussing them now after Christmas?

     I value your contributions, but until you realize email is the most used messaging system on this planet and cannot be skipped only, your contributions won't have impact you are trying to archieve.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 17:23:52 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik @49016 I disagree. Let's leave it at that for today.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 18:36:46 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik Maybe read the website where each vulnerability actually explains the disclosure timeline and stop asking questions that have already been answered?

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Wednesday, 31-Dec-2025 18:36:47 JST Petr Menšík :fedora:

     in reply to

     @soatok @49016 okay, from link https://www.openwall.com/lists/oss-security/2025/12/28/2 I assume this was indeed published only directly at the conference, without announce to oss-security or better to embargoed distros list. Please avoid publication of vulnerabilities this way, especially this time. If there is something to improve, this is definitely it.

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Wednesday, 31-Dec-2025 19:07:07 JST Petr Menšík :fedora:

     in reply to

     @soatok okay. Vulnerability publication on 2025-12-21 has very bad timing. I saw no indication whether or not they contacted other PGP implementations, ie. sequoiah too. And when. This seems well deserved shaming on #gnupg, but I fail to see why that means #OpenPGP in general is beyond repair.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 31-Dec-2025 19:07:07 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik Dude, go be a reply guy to someone else

   • Embed this notice
     David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Thursday, 01-Jan-2026 06:35:28 JST David Chisnall (*Now with 50% more sarcasm!*)

     in reply to

     • Momo

     @momo @soatok

     This is why the signatures in the FreeBSD pkg tool don’t use PGP. The security officer looked at PGP and PGP implementations and said words to the effect of ‘no way in hell is that going anywhere near critical infrastructure for the project’.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 01-Jan-2026 07:34:04 JST Soatok Dreamseeker

     in reply to

     • Momo
     • William D. Jones
     • David Chisnall (*Now with 50% more sarcasm!*)

     @cr1901 @david_chisnall @momo I know OpenBSD uses signify.

   • Embed this notice
     William D. Jones (cr1901@mastodon.social)'s status on Thursday, 01-Jan-2026 07:34:05 JST William D. Jones

     in reply to

     • Momo
     • David Chisnall (*Now with 50% more sarcasm!*)

     @david_chisnall @momo @soatok What does FreeBSD use?

     (Context: I only use GPG for password-store. It'd be nice to get off it, but Idk alternatives. And I'd somehow need to properly script a conversion.)

   • Embed this notice
     kgndiue (kgndiue@mastodon.social)'s status on Friday, 02-Jan-2026 01:35:13 JST kgndiue

     in reply to

     @soatok Cool, so the whole signature cache & impersonation thing is not a serious bug? Totally trustworthy...

   • Embed this notice
     Simo ✔️ (simo5@fosstodon.org)'s status on Friday, 02-Jan-2026 01:37:19 JST Simo ✔️

     in reply to

     @soatok it has been said many times, but nobody worked out an alternative that cover its use cases. Either alternatives are too complicated, not agile or too rigid to cover all the uses openpgp covers.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 01:44:04 JST Soatok Dreamseeker

     in reply to

     • Simo ✔️

     @simo5 I'm aware of this argument, but it's a stupid argument.

     Believe it or not, the openpgp "swiss army knife" approach of having one tool that does many cryprography things is precisely why PGP sucks.

     Even if it was ever considered "pretty good" in the past, the ballooned scope and complexity and 90s era cryptography design have never adapted or evolved.

     PGP is the exact antithesis to the UNIX philosophy. I don't get FOSS people who like PGP.

     If you want a monolith, swiss army knife crypto system, nobody sane is working on a replacement for that.

     Each use case people have shoehorned PGP into should have its own tool. And thus, https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

     The people who believe they need One Tool To Rule Them All for cryptography have learned bad habits from PGP's cargo cult and we should be focusing effort to rehab then, not bending to their demands.

     A better future is possible without PGP.

   • Embed this notice
     Simo ✔️ (simo5@fosstodon.org)'s status on Friday, 02-Jan-2026 01:57:07 JST Simo ✔️

     in reply to

     @soatok I do not care for pgp, but all alternatives are either as complicated or just don't fit the purpose pgp has been used for.
     Regularly people cry that openpgp sucks, but no good alternatives are produced.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 01:57:07 JST Soatok Dreamseeker

     in reply to

     • Simo ✔️

     @simo5 No???

     Age is drop dead fucking simple.

     Minisign and signify are too.

   • Embed this notice
     Orman (orman@furry.engineer)'s status on Friday, 02-Jan-2026 06:06:13 JST Orman

     in reply to

     • Petr Menšík :fedora:

     @soatok @pemensik you wouldn't be able to solve all problems but surely you'd still have some improvements if you could eg mandate encrypted payloads

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Friday, 02-Jan-2026 06:14:46 JST Sophie Schmieg

     in reply to

     • Clemens
     • Simo ✔️

     @simo5 @neverpanic @soatok this is one of my pet peeve rants: we have signature formats. (Several of them, even). Cryptographic standards define functions that map a collection of byte strings to some other byte strings. Files can store byte strings. What we are somewhat lacking is fully specified public key formats, but even that we have some (Tink defines it's own and can read/write many of the existing formats). The signature should just be the byte string given as the output of the signing algorithm. It's the public key that needs the information for verifying the signature.

     So if I give you a public key (including a definition of the full algorithm used, all the hash functions and security parameters etc), then you can verify a signature.

     If you want crypto agility, then the thing you need is support for key sets, i.e. multiple, equally trusted keys. That allows you to add, promote, and delete keys in a distributed environment. You have two options for the signature format in this case (and Tink supports both): either you keep the unmodified signature, try all public keys and call the signature verified if it verified under one of the public keys (great for comparability), or you put a short and meaningless identifier in front of the signature, which allows you to directly jump to the right public key. Better performance, but not compatible with libraries that don't support key sets in the same way.

     In both cases, this composite algorithm retains EUF-CMA/SUF-CMA as long as all keys in the key set are trusted and have EUF-CMA/SUF-CMA.

     Interestingly, pretty much all other types of signature formats, such as JWT (and as far as I know PGP) violate EUF-CMA and definitely violate SUF-CMA, so I argue (fairly strongly, given all the attacks due to these violations), that the Tink way of supporting key sets and signatures is the correct approach.

   • Embed this notice
     Simo ✔️ (simo5@fosstodon.org)'s status on Friday, 02-Jan-2026 06:14:47 JST Simo ✔️

     in reply to

     • Sophie Schmieg
     • Clemens

     @neverpanic @sophieschmieg @soatok it is not clear that it defines a signatire standard, seem like it only offers a signature API.
     Have to say the presentation is quite vague.

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Friday, 02-Jan-2026 06:14:48 JST Sophie Schmieg

     in reply to

     • Clemens

     @neverpanic @soatok tbf, the PQC specs came out about a year ago, and FIPS takes about a year. We'll see a lot more FIPS validated implementations across the board in 2026.

     When it comes to crypto agility, have you tried Tink (https://developers.google.com/tink)? It is IMHO the far superior way to solve this issue (full disclosure, it is developed by my team, so I'm extremely biased)

   • Embed this notice
     Simo ✔️ (simo5@fosstodon.org)'s status on Friday, 02-Jan-2026 06:14:48 JST Simo ✔️

     in reply to

     • Sophie Schmieg
     • Clemens

     @sophieschmieg @neverpanic @soatok we do not lack good cryptographic libraries, but a good signature format schemes that works fully offline and does not try to impose complicated/online setups both for signing and verification.

     I find sigstore exceedengly complicated for simple software signing cases for example.

     I do not mind additional transparency ledgers or assurances if they are additive properties.

     Algoritmic agility and design that makes it easy to use with HSMs is a must.

   • Embed this notice
     Clemens (neverpanic@chaos.social)'s status on Friday, 02-Jan-2026 06:14:48 JST Clemens

     in reply to

     • Sophie Schmieg
     • Simo ✔️

     @simo5 @sophieschmieg @soatok It seemed to me as if tink does at least some of those things, although I have to admit it wasn't obvious until I started reading the "Overview > Understand key concepts" docs.

   • Embed this notice
     Clemens (neverpanic@chaos.social)'s status on Friday, 02-Jan-2026 06:14:49 JST Clemens

     in reply to

     @soatok Wholeheartedly agree. But: For the distro package signing problem, minisign doesn't support PQC or crypto agility (ed25519 wasn't FIPS until recently, Common Criteria requires curves >= 384), sigstore doesn't have PQC either, only a Go implementation (no FIPS until recently), and it's offline verification is somewhat lacking AIUI.

     That's the reason we're still on OpenPGP.

     We'd need a crypto-agile age for signatures.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 06:16:17 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Orman

     @orman @pemensik And there's half a century of legacy baked into the email RFC and software that implements it.

     Most end users don't care about RFCs or protocols. They care about their user experience.

     Thus, I'm going to write an encrypted alternative to email, rather than try to fix email itself.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 07:21:52 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox

     @vvelox @orman @pemensik No. This is separate than the encrypted messaging projects I'm involved in, and I am not underestimating it. Why do you said I'm starting this this year, not finishing it with any deadline?

   • Embed this notice
     vvelox (vvelox@goatdaddy.net)'s status on Friday, 02-Jan-2026 07:21:53 JST vvelox

     in reply to

     • Petr Menšík :fedora:
     • Orman

     @orman @pemensik @soatok If you don't mind me saying, you are looking are likely looking at creating a encrypted messaging system than a actual alternative to email.

     Saying you are creating a alternative to email means tackling a whole hell of a lot of infrastructure that needs replacing.

     I'm not saying you should not start work on something like that, I just think you massively underestimate how much is involved or some of the unique issues bodies the server can't parse as they are encrypted bring(such as it makes adversarial handling much harder as writing a replacement for Spamassassin needs to use headers only then, meaning you now need to split it in two as you need part to run on the server and part to run on the viewing client). Writing a replacement for Sieve means similar issues as well.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 07:52:24 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox

     @pemensik @vvelox @orman I don't need the IETF's permission to do anything

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Friday, 02-Jan-2026 07:52:26 JST Petr Menšík :fedora:

     in reply to

     • Orman
     • vvelox

     @soatok @vvelox @orman is there any IETF WG formed already to create successor of the email?

   • Embed this notice
     Petr Menšík :fedora: (pemensik@fosstodon.org)'s status on Friday, 02-Jan-2026 07:56:15 JST Petr Menšík :fedora:

     in reply to

     • Orman
     • vvelox

     @soatok @vvelox @orman no, you don't. But if your serious work should ever get serious acceptance, I think you should onboard at least some people there

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 07:56:15 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:

     @pemensik Didn't ask.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 07:58:05 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox

     @vvelox @pemensik @orman https://github.com/C2SP/C2SP I will not bother with the IETF

   • Embed this notice
     vvelox (vvelox@goatdaddy.net)'s status on Friday, 02-Jan-2026 07:58:11 JST vvelox

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox
     @orman @pemensik @soatok That is what publishing a RFC is for.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 08:02:20 JST Soatok Dreamseeker

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox

     @vvelox @pemensik @orman Anyway, no sense talking about this until I find time to write my proposal

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 02-Jan-2026 08:19:57 JST Soatok Dreamseeker

     in reply to

     • vvelox

     @vvelox Yeah, I realize

   • Embed this notice
     vvelox (vvelox@goatdaddy.net)'s status on Friday, 02-Jan-2026 08:19:58 JST vvelox

     in reply to

     • Petr Menšík :fedora:
     • Orman
     • vvelox

     @orman @soatok You realize you are having a completely different coversation with @pemensik than me?

     I'm the one that originally said fuck the IETF in this part and said the important part was the RFC. I agreed with you.