[messaging] Autocrypt 1.0
look at my.amazin.horse
Thu Dec 21 13:46:51 PST 2017
good tidings we bring, to you and your kin: The Autocrypt 1.0 spec was
Autocrypt is an effort to improve usability of encrypted email, which boils
down to a set of guidelines that attempt to automate both public and secret key
management on top of OpenPGP, and provide a basis for a more unified user
experience across clients.
At its core, Autocrypt-capable clients aggressively distribute their public
key, by placing them in the headers of outgoing mail. However, encryption
happens only upon user request, which means either manual opt-in per message,
when replying to an encrypted message, or by default if *all* involved parties
enable a preference to that effect.
It's worth mentioning that there is pretty much no technical novelty in
Autocrypt. We don't attempt to solve search in encrypted messages, or keyring
sync, or forward secrecy, or trust models, or any other of the tough problems
other than key distribution. The scope is further narrowed down by (mostly)
disregarding active adversaries, and discouraging advanced workflows like
signed-only or encrypted-only mail. The work we put into the spec consists
almost exclusively of carefully thinking through email workflows, trying to
offer encryption wherever possible while staying out of the user's way, and
weighing those consideration against an implementation complexity that we hope
can actually be achieved in reasonable time.
Our hope is to get a number of established MUAs to implement this spec (it's in
the works for Enigmail and K-9 Mail), and spread naturally from there to other
clients that like the workflow and want to adopt it.
I'll leave it at this to avoid a wall of text, and encourage you to check out
our spec instead. The spec itself is just a dozen or so pages, and we tried to
make it as approachable as possible.
We'd love to hear your feedback!
Happy holidays to all of you
More information about the Messaging