FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent - - PowerPoint PPT Presentation

fosdem 2019 vincent breitmoser 1 13 intro
SMART_READER_LITE
LIVE PREVIEW

FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent - - PowerPoint PPT Presentation

Nov 17, 2022 163 likes •299 views

FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent Developer of OpenKeychain OpenPGP support in K-9 Mail More holistic approach required 2 / 13 Overview - Goals 1. Make it easy to encrypt e-mail 2. Don't rely on infrastructure 3.

slide-1
SLIDE 1

FOSDEM 2019 Vincent Breitmoser 1 / 13

slide-2
SLIDE 2

Intro

I'm Vincent Developer of OpenKeychain OpenPGP support in K-9 Mail More holistic approach required 2 / 13

slide-3
SLIDE 3

Overview - Goals

  • 1. Make it easy to encrypt e-mail
  • 2. Don't rely on infrastructure
  • 3. Minimize implementation complexity
  • 4. Work on multiple devices

3 / 13

slide-4
SLIDE 4

(for now)

More importantly: Non-Goals

  • 1. Disregard active attackers
  • 2. Stick to a simple trust model
  • 3. Don't impose encryption by default

4 / 13

slide-5
SLIDE 5

UX: Writing Mail

From: To: Subject: Alice <alice@example.org> Bob <bob@example.net> Followup from Thursday's Meeting

Encrypt this message

I think Susan was mistaken

5 / 13

slide-6
SLIDE 6

Overview - Governance

  • 1. This is a community effort!
  • 2. Workflow via Github PRs
  • 3. Where possible, sprints in meetings
  • 4. Spec and implementation side-by-side

6 / 13

slide-7
SLIDE 7

The Autocrypt Header

Autocrypt: addr=alice@gmail.com; keydata=BASE64

Simple attribute-based format Typically ~2KiB in size

For an RSA3072+RSA3072 key Currently moving to Ed25519+Cv25519

Optional and critical attributes

basic forward and backward compatibility

7 / 13

slide-8
SLIDE 8

Recommendation Algorithm

"Unavailable" "Available" "Discouraged" "Encrypt" 8 / 13

slide-9
SLIDE 9

The Autocrypt-Gossip Header

Autocrypt-Gossip: addr=bob@autocrypt.org; keydata=BASE64

Lives in header of encrypted MIME part Contains keys of all Cc'ed recipients

This ensures "reply to all" works

Direct Autocrypt headers take priority! 9 / 13

slide-10
SLIDE 10

Current status

It works Autocrypt headers coming up "in the wild" Support released in: Enigmail K-9 Mail delta.chat 10 / 13

slide-11
SLIDE 11

hps://autocrypt.org autocrypt@lists.mayfirst.org #autocrypt on irc.freenode.net

11 / 13

slide-12
SLIDE 12

Autocrypt Setup Message

Transfer secret key as self-sent message via user's own inbox Symmetric encryption with strong setup code

Please enter the Setup Code displayed by your other e-mail app to proceed: 17__ - ____ - ____ - ____ - ____ - ____ - ____ - ____ - ____ [ Cancel ] [ Import Settings ]

12 / 13

slide-13
SLIDE 13

The Future

Beyond "Level 1" Verification Better multi-device 13 / 13