This is a post about my thoughts regarding encrypted email providers like and and a bit in general.

@lionirdeadman I concur, and use Migadu too.

Regarding PGP, sharing keys is pretty seamless once you set it up. WKD makes sharing keys from your own site/email domain really easy, without relying on any keyserver; since my email is, PGP programs like GnuPG simply download my public key from When I open a signed/encrypted email for the first time in my mail client (Neomutt), GnuPG automatically fetches keys via WKD, DNS, DANE, and a list of keyservers so I hardly have to lift a finger.

It also helps to expose a public key with IndieWeb microformats2 for better discoverability.


Well, the problems with using WKD is 1) You need to host your own web server 2) It assumes people will know how to set it up and have done so 3) It still requires people to manage and handle the keys.

These barriers to entry make it too hard for me to recommend it to people. Heck, I can't even do it myself because I use GitHub Pages.

I don't know, that's without mentioning the relatively weak encryption of pgp when compared to more modern protocols.

@lionirdeadman I get your point. I still recommend people use PGP if they're able to; email is one of the only open, well-supported, and federated asynchronous communication protocols out there, and is essential to decentralized git workflows.


I like matrix, xmpp is okay but I no longer know anyone who uses it so I just stick to matrix as my go-to for secure messaging.

Btw, does anyone encrypt email in a email git workflow? That sounds like a nightmare.

@lionirdeadman No, there's generally no reason to encrypt anything in a public mailing list. Private projects with multiple contributors are another story.

I'm not a big fan of matrix; the spec is massive both servers are incredibly heavy. A chat daemon should be lightweight to run on a single-board computer, and shouldn't use up an entire VPS. Even ruma doesn't look particularly lightwewight. Matrix also has huge feature creep that makes it difficult to implement a client that renders all messages as intended; making an IRC client is quite easy in comparison.

It's a shame that we don't have a protocol that combines the simplicity of IRC with the privacy and security of OMEMO/Olm (OTR doesn't cut it).

BTW, does github not let you add a ".well-known" directory to your repo? I'm surprised that they block the use of WKD.


I don't use mailing lists but that makes sense, ig.

Heavyness is a Synapse server problem afaik, Dendrite is lightweight enough that they crammed it in browser for the Matrix P2P experiment. Conduit seemed good too.

IRC might be more simple but it's also unusable as a modern chat program imo. IRC's simplicity is its biggest downfall. It can't cut it for mobile and it's just generally a bad experience.

I thought WKD required web server config?

@lionirdeadman For WKD, just add the directories/files and you're GTG. PGP clients will automatically figure out the desired URL from a filepath and download the key.

It's just a web directory with a key; a "Web Key Directory" if you will :akko_wink:.

Some tutorials online suggest some server configs to add a header or mimetype, but doing so isn't really necessary with any decent PGP client I know of. I dropped the directory into /var/www/ without messing with any server configs and it just worked.


Well, that's cool, I suppose. I still can't care enough to do it though, I just know I'll just never do PGP with someone because well, I don't email people.

@Seirdy @lionirdeadman won't work with github pages...

There are in fact two versions of wkd, direct and advanced.

What you suggested is the direct option however what actually happens is that first a lookup at openpgpkeys.$domain is made, then only if that fails the direct lookup is used at $domain/

Now, github fucked up the certs for the openpgpkeys subdomain and hence the lookup is invalid.

There's a rather long thread on the gpg-users mailing list about it.
@reto @lionirdeadman Huh, TIL. I was never much of a fan of GH pages, Netlify, and other alternatives to just running a server; they take away the freedom to do things like this.

The only (very understandable) advantage I see for developers familiar with UNIX is that they're free. I've been thinking about switching from a VPS to a single-board computer like to virtually eliminate hosting costs; it should be able to handle heavy load since my site is 100% static, most pages are under 10kb, and only gets non-deterministic parts are added in CI.
Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.