Suche
Beiträge, die mit autocrypt getaggt sind
In 2014 @matthew_d_green wrote "What's the matter with PGP?" https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
We'd like to humbly report completion of its main suggestions. Better late than never! :)
- Key management is automatic through #securejoin and #autocrypt protos
- #chatmail relays form an end-to-end encrypted email enclave interoperable with any e-mail address using proper end-to-end encryption.
- RFC 9580 "cryptorefresh" is rolled out in current releases and will be activated soon.
One to go? ;)![screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.](https://friendica-leipzig.de/photo/preview/600/892997 "screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.")
We'd like to humbly report completion of its main suggestions. Better late than never! :)
- Key management is automatic through #securejoin and #autocrypt protos
- #chatmail relays form an end-to-end encrypted email enclave interoperable with any e-mail address using proper end-to-end encryption.
- RFC 9580 "cryptorefresh" is rolled out in current releases and will be activated soon.
One to go? ;)
![screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.](https://assets.chaos.social/media_attachments/files/114/307/254/860/811/510/original/2fea951f4754e8ea.png "screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.")
What’s the matter with PGP?
Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google’s end-to-end email extension. This is a Big Deal. With providers like Google and Yahoo onboa…A Few Thoughts on Cryptographic Engineering
not that we know off. As far as we know thunderbirds current extension model does not allow even an #autocrypt compliant plugin let alone all the rest that delta offers. #enigmail used to offer full autocrypt support but when thunderbird changed the plugin model and integrated openpgp into thunderbird they went back to the old idea of "users have to consciously manage their encryption keys" ... An unfortunate old tradition. We aim for modern usable security like signal delivers.
#chatmail servers are fully interoperate with classic e-mail servers. But end-to-end OpenPGP encryption is required (#autocrypt or #securejoin) and not all e-mail apps manage it in the automatic way that Delta Chat does it. Chatmail servers are minimal Postfix/Dovecot setups, fully FOSS, and anyone can run an chatmail server instance permission free without telling us.