Feedback from NLNet (Salty IM Funding Request)

# Feedback from NLNet (Salty IM Funding Request) This is the feedback we got from NLNet from our [NLNet Funding Submission Proposal](https://docs.mills.io/x5LsmDzvQ0CiPdhc94se9g?view) for the [Salty IM](https://salty.im) project. ---- > Hi James, > > sure, here is the review text: > > "Cute and simple indieweb messaging by hosting pubkeys on one’s own domain, POSTing messages to the other’s domain. > > Interesting, but unlikely to get traction in practice; only interesting for people hosting their own domain. > > Compares itself to Signal, but appears to lack security features like forward secrecy and post-compromise. > > Seems equivalent to PGP key autodiscovery (OpenPGP Web Key Directory). Might be better to use/improve that instead of creating a new protocol." > > > - Technical excellence/feasibility (30%): 5 > - Entrust_Fund Relevance/Impact/Strategic potential (40%): 3 > - Cost effectiveness/Value for money (30%): 4 > > Overall weighted score: 3.9 out of 7 (with 5.0 being the threshold). > As is hopefully clear, we highly appreciate the mission of the project, but think it would need more thought and research to make an impact. > > Regarding the comparison with OpenPGP Web Key Directory again, I now have to think of the Autocrypt protocol for (opportunistic) email encryption, and the Delta Chat app which implemented IM via PGP-encrypted email. It’s quite different from SaltyIM’s simple HTTP-based approach, but in case you have not looked into it before it might provide inspiration (e.g. for how one could reuse/improve an existing ecosystem). > > Kind regards, > — Gerben, NLnet