[messaging] Axolotl for email

Tankred Hase mail at tankredhase.de
Thu Jun 23 03:39:31 PDT 2016 

I’ve only seen this thread just now, so please excuse my late reply. Thomas from Mailvelope and me have been thinking about using the Signal protocol for email for a while now as well. FWIW there was a discussion about it during Q&A at a talk I held on email encryption lessons learned at whiteout.io and OpenPGP.js [1].

I agree that there is value in bringing forward secrecy and a modern cipher suite to email. But I also don’t see an easy solution to the multi MUA problem already discussed in this thread. Messages in Signal are ephemeral and stored on the user’s device. If those messages are deleted or lost that’s not a big issue for most use cases. This is why a forward secure protocol works well here. 

Email is a different beast entirely and requires storage of messages, in certain cases up to 10 years due to compliance requirements. Even if the messages were stored only on a single MUA, there would have to be a backup of the mailstore on some server. Which would require a long lived key or passphrase for encryption. If you look at how WhatsApp handles long-lived storage, they basically delegate the issue to an optional iCloud/Google-Drive backup feature, which store data in the clear :/

When people talk about using the Signal protocol for email, I think what they are mostly referring to is the painless user experience for key distribution. Which is why I think we should borrow UX concepts for email that have proven to work at scale for Signal. Our first attempt at this for Mailvelope is a very simple key server that allows reliable TOFU/auto-lookup (no key transparency included). We’re planning to launch integration in the Mailvelope extension in July. More info and links to the code here [2].

It’s still early days, but I’ve been showing the key server to others in the GPG/OpenPGP community like GPGtools and Enigmail and there is interest to use this concept to allow interoperability between our OpenPGP plugins. Nothing final yet though. Discussion and talks for key exchange are planned at the OpenPGP Summit in July [3] and probably also at OpenPGP.conf [4]. Hope to see some of you there, so we can continue the discussion :)

Tankred


[1] https://www.youtube.com/watch?v=tcRPsWP6bEQ
[2] https://keys.mailvelope.com
[3] https://wiki.gnupg.org/OpenPGPEmailSummit201607
[4] https://gnupg.org/conf/

More information about the Messaging mailing list