Wiktor Kwapisiewicz
wiktor's pfp

Contacting Wiktor Kwapisiewicz

Federation handle:

@@wiktor@metacode.biz

Wiktor Kwapisiewicz's Information

Codeberg

codeberg.org/wiktor

GitHub

github.com/wiktor-k

GitLab

gitlab.com/wiktor

ArchLinux GitLab

gitlab.archlinux.org/wiktor

📍

🌌 ☀️ 🌍 🇪🇺 🇵🇱

Wiktor Kwapisiewicz's Bio

I work on cryptographic software and integration with hardware security modules (TPMs, PKCS#11...) primarily in 🦀 Rust:

tss-esapi
cryptoki
ssh-agent-lib
several other crates

I have been involved in several OpenPGP projects and co-authored the book 📚 “OpenPGP for application developers”.

A significant portion of my projects have been financed via the 🇪🇺 Next Generation Internet program thanks to substantial help from the NLnet Foundation.

I ❤️ open-source and try to contribute wherever I can. Check out my links! When no-one is watching I'm developing ActivityPub software...

Wiktor Kwapisiewicz's Posts

Wiktor Kwapisiewicz has 2 posts.


Wiktor Kwapisiewicz

In response to this post

Just for the record: it’s still possible to get a free S/MIME cert nowadays e.g. https://www.actalis.com/s-mime-certificates — not affiliated, but checked it today and got a valid one, it’s still a bit of a hassle clicking through the forms there :-/

If it would be more convenient I guess regular people wouldn’t mind it being centralized. The same way as domain TLS certificate authorities operate now.

As for PGP, the current “schism” where GnuPG forked OpenPGP into their own, proprietary https://librepgp.org/ won’t help the interoperability, I’m afraid :(


@wiktor
@octade
I *really* appreciate your input here. The purpose of this thread is to venture into opportunities to improve traditional email in a way that doesn't suck (as @soatok also states in depth in his blog post that for socially working end-to-end confidentiality sucks). It is also not about other tools (like Signal, Bitmessage, Briar, ...).

This is about potential for or mon-repudiation use cases of email. PGP flavours, S/MIME or something else?

by Guy ;

Likes: 0

Replies: 1

Boosts: 0

Wiktor Kwapisiewicz

In response to this post

S/MIME has two problems: it’s harder to get a free certificate (Let’s Encrypt for S/MIME could really help here) and, AFAIK, it still technically is not using modern cryptographic cipher suites (e.g. no AEAD).

It would be cool to know these problems are being resolved.

FWIW in my experience S/MIME is also quite well supported in e-mail clients. Additionally due to centralized CA nature there are no questions whether the certificate is good or not.


@wiktor
Yes. Centralisation and the strong corporate flavour are my main issues with S/MIME. And for those reasons there's not been much of an urge to make free/low-cost certs available.

by Guy ;

Likes: 0

Replies: 1

Boosts: 0