Is autocrypt a good idea?

[tapete]

Dear Delta chat team,

I really love the idea of this app. But I wonder if it is a good Idea to use autocrypt. If the user uses autocrypt, he thinks his message is absolutly save. But autocrypt seems to be not really save as there is no authentication of the key implemented. I think the user needs to know that. In my case I prefer to use no encryption so everyone knows that the connection is not save. And I even love the app without encryption.

See https://www.privacy-handbuch.de/handbuch_32w1.htm regarding autocrypt (german). What do you think?

[testbird]

I have no answer, just a pointer to another, possibly relevant issue: https://github.com/deltachat/deltachat-core/issues/75

[Hocuri]

Well, I think that most users do not want to have to care about keys too much, therefore I think that Autocrypt is quite a good choice (although IMHO PEP would also have been a choice).

I just created a wiki page to collect ideas how to Secure DC against MitM attacks, I hope that this is OK: https://github.com/deltachat/deltachat-android/wiki/Secure-DC-against-MitM-attacks

[stefan-niedermann]

Dear @tapete,

have you read this: https://autocrypt.org/background.html ?

I think there are goodies and badies about autocrypt, all in all i think it is better then nothing to make generaldata sniffing harder.

[r10s]

@Hocceruser interesting, thank you very much. in fact, you may have noticed that there are commits towards a qr code validation to protect against MitM since the last version, you can test it already today by setting a hidden switch. however, this is subject to change.

@tapete My answer to the question: yes :) Autocrypt offers PGP protection to people that have not used it before - or not even heard about it. Esp. in the case of Delta Chat. Autocrypt's aim is not to replace super-high-level-security - Autocrypt's aim is to replace cleartext mails.

Why a new approach to e-mail encryption? Encrypted e-mail has been around for decades, but has failed to see wide adoption outside of specialist communities, in large part because of difficulties with user experience and certification models. Autocrypt first aims to provide convenient encryption that is neither perfect nor as secure as traditional e-mail encryption, but is convenient enough for much wider adoption.

From https://autocrypt.org/background.html (EDIT: @stefan-niedermann just noticed you posted the same link before. sorry for duplication, however, it's a good link :)

I personally also think for most users, the main threat is mass surveillance, so i think it is a reasonable approach to target this issue first.

All this is only my personal opinion. I do not speak in the name of other Delta Chat contributors.

[tapete]

@stefan-niedermann @r10s Thank you for the link. I just read the background story. As I understand the text, autocrypt is to stop the automatic passiv data collection. Therefor I think it is quit good. Now I wonder if the users of delta chat should be told that autocrypt is no full protection but is capable to reduce mass surveillance.

I am PGP user since the early 90s so I know the problem of save and easy key exchange and I also have no reasonable answer. But I was interested in other opinions regarding this topic so thank you all for your replies.

[holgerjakobs]

@tapete Please don't mix up "save" and "safe". Consult a dictionary if necessary.

[tapete]

@holgerjakobs Thank the Lord you found this mistake.

[r10s]

as the initial questions seems to be discussed and there is nothing new for weeks, i think this issue can be closed.

btw. autocrypt and active attacks: http://countermitm.readthedocs.io/en/latest/

also Delta Chat will have some verification functions in the next releases (they're already available as "Labs" features)