why do you say coping?

If in 2026 you make generic claims against the feasibility of using #email and #openpgp for secure decentralized messaging, there hardly is a way around taking a deeper look at RFC9850 and RFC9788 and the minimalist Rust-based approach chatmail.at takes. Hammering away at gpg and other crimes of how email-encryption doesnt work well ... frankly does not cut it for making a generic "it can not work" claim. See also chaos.social/@delta/1157966260…

Chatmail

Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!

^chatmail.at

Delta Chat

2025-12-28 10:04:51

Relax 😎! GPG is not OpenPGP!

Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

gpg.fail

^gpg.fail

@delta My blog post was about encrypting emails.

People generally use OpenPGP because they want to encrypt emails, so the topics intersect a lot, but it was about the challenges one faces when trying to use encryption with their mail client software.

If that's not what your team is doing, then the post doesn't apply to you, so there's no need to subtoot about it.

@delta Do you want me to look at it?

Because this is how you get 0days dropped publicly if I look at it

we welcome scrutiny but prefer co-ordinated security-disclosure via

github.com/rpgp/rpgp/security/… and

github.com/chatmail/core/secur…

We'd be surprised if you find a "0day" exploit against standard #deltachat users but certainly prefer you finding something than eg putin/khomeini-aligned hackers.

GitHub

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

^GitHub

@delta My rules of engagement are simple:

If I'm to look at something, I get to do whatever I want with whatever I find. And that means the developers find out when the rest of the world does.

Otherwise, don't bother me.