[messaging] Axolotl for email
weihaw at gmail.com
Mon Jun 27 03:28:04 PDT 2016
Thanks very much for the reply, and the pointers on where you folks are
On 23 June 2016 at 03:39, Tankred Hase <mail at tankredhase.de> wrote:
> I’ve only seen this thread just now, so please excuse my late reply.
> Thomas from Mailvelope and me have been thinking about using the Signal
> protocol for email for a while now as well. FWIW there was a discussion
> about it during Q&A at a talk I held on email encryption lessons learned at
> whiteout.io and OpenPGP.js .
> I agree that there is value in bringing forward secrecy and a modern
> cipher suite to email.
Well more specifically that Axolotl will for a single pass authenticated
encryption pass to work (instead of traditional sign/encrypt passes in PGP
or S/MIME) as well reducing the need for revocation.
> But I also don’t see an easy solution to the multi MUA problem already
> discussed in this thread. Messages in Signal are ephemeral and stored on
> the user’s device. If those messages are deleted or lost that’s not a big
> issue for most use cases. This is why a forward secure protocol works well
> Email is a different beast entirely and requires storage of messages, in
> certain cases up to 10 years due to compliance requirements.
Even if the messages were stored only on a single MUA, there would have to
> be a backup of the mailstore on some server.
While I understand it's useful to think about the complete system and
multiple MUA case, and you point out it becomes easy to get tied into a
knot. It may be easier to distinguish and partition transport vs MUA
> Which would require a long lived key or passphrase for encryption. If you
> look at how WhatsApp handles long-lived storage, they basically delegate
> the issue to an optional iCloud/Google-Drive backup feature, which store
> data in the clear :/
> When people talk about using the Signal protocol for email, I think what
> they are mostly referring to is the painless user experience for key
> distribution. Which is why I think we should borrow UX concepts for email
> that have proven to work at scale for Signal. Our first attempt at this for
> Mailvelope is a very simple key server that allows reliable
> TOFU/auto-lookup (no key transparency included). We’re planning to launch
> integration in the Mailvelope extension in July.
I agree a key server is pretty hard to avoid especially when usability
becomes paramount. I've been trying to follow the discussion about this IETF
> More info and links to the code here .
> It’s still early days, but I’ve been showing the key server to others in
> the GPG/OpenPGP community like GPGtools and Enigmail and there is interest
> to use this concept to allow interoperability between our OpenPGP plugins.
> Nothing final yet though. Discussion and talks for key exchange are planned
> at the OpenPGP Summit in July  and probably also at OpenPGP.conf .
> Hope to see some of you there, so we can continue the discussion :)
>  https://www.youtube.com/watch?v=tcRPsWP6bEQ
>  https://keys.mailvelope.com
>  https://wiki.gnupg.org/OpenPGPEmailSummit201607
>  https://gnupg.org/conf/
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging