Support standard GnuPG signing/encryption instead or in addition to Autocrypt

[ghost]

After looking at

• https://autocrypt.org/en/latest/features.html
• https://tools.ietf.org/html/rfc7435.html#section-1.2

I decided that Autocrypt is not for me. From reading those docs I get the impression that Autocrypt not only by design ditches any attempt at protection against MITM attacks but also will make it very hard to detect them ("Don’t ask users anything about keys, ever. ")

In https://github.com/deltachat/deltachat-core/issues/59 some of the problems of the GnuPG and public key server approach were explained. Some of those problems can also be easily fixed. I explained in that issue how to fix the problem asking for keyids and this same approach also provides detection for the (currently exorbitantly unlikely) case that someone uploaded a fake key in your name to a public keyserver.

Remains the privacy problem and that of spam if users upload their keys to a key server:

• spam (from people finding addresses at public key servers) is not currently a problem and should it become a problem deltachat already seems to have its own provisions to deal with spam?
• for privacy reasons I personally would create a new account for deltachat only and not upload any real name. So the public key server would only know one of my many email aliases and the public key associated with it - not a big problem for me.

Also, I am not excited about yet another ~30MB binary on my phone, presumably a large part of it because the app does not want to use OpenKeyChain

[r10s]

Thank you for your post.

Well, MitM is targeted by OOB-Verification, which is also possible already today in Delta Chat. Of course, this may be improved, but at least, it is there.

The main scope of the current Autocrypt level is to target mass surveillance and to raise the overall level of encryption.

We should not forget that encrypted e-mail has been around for decades, but has failed to see wide adoption outside of specialist. And Delta Chat wants to be a simple messenger for the masses, and definitely not a program for specialists :)

So, if we support standard GnuPG, we would raise the level of complexity for all users. I do not believe, this is a good approach.

However, as already mentioned, if there are some additional volunteers willing to work on classic PGP implementation in Delta Chat, we can go into the details again. But for me, at the moment, this is out of scope - and not useful IMHO :)

BTW: The OpenPGP implmentation in Delta Chat uses OpenSSL for crypto. This library is already needed by IMAP/SMTP, so, all in all, OpenPGP is complex, but only adds a few additional KB of code, far away from "yet another ~30MB".

[ghost]

We should not forget that encrypted e-mail has been around for decades, but has failed to see wide adoption outside of specialist. And Delta Chat wants to be a simple messenger for the masses, and definitely not a program for specialists :)

aren't there enough simple messengers with all kind of security and deniability? What makes DeltaChat unique is that it could cooperate well with classical Email - if the encryption would be compatible. Inventing a competing less secure solution won't help either of the solutions I am afraid.

So, if we support standard GnuPG, we would raise the level of complexity for all users. I do not believe, this is a good approach.

after playing with OpenKeyChain and k9mail I know what you mean. I have been spoiled by the mutt and .gpg config which I copied from somewhere time ago.. and works. Apparently it is quite possible to do it very simple for the user "in most cases".

So my impression is it would be doable in a messenger like DeltaChat to generate a key and operate with other instances of itself using a sane subset of OpenPGP keeping the simplicity of the current UI. For advanced uses like messaging with strange MUAs, people with multiple keys etc it could be more complicated and it would be ok to leave that for later.

BTW: The OpenPGP implmentation in Delta Chat uses OpenSSL for crypto. This library is already needed by IMAP/SMTP, so, all in all, OpenPGP is complex, but on adds a few additional KB of code, far away from "30 additional MB".

I was comparing the size with that of OpenKeyChain+K9Mail which together weigh less than 20MB. k9Mail also has SSL for the same reasons like DeltaChat but apparently uses the java implementation, not OpenSSL - does that explain the size difference?

[r10s]

What makes DeltaChat unique is that it could cooperate well with classical Email - if the encryption would be compatible.

But the encryption used by Delta Chat is compatible to PGP. You can send your Delta key to a normal MUA and the normal MUA can encrypt to Delta and Delta can decrypt it. The other way round, all the MUA has to do is to put its own key into an header instead of attaching it. In fact, the next versions of Thunderbird, K-9 and others will support exactly this feature.

So, the encryption has not changed with Autocrypt, only the key exchange.

Apart from that, in "classical Email", the encryption standard is not to end-to-end-encrypt. I fear 99.9% or more of all emails send are not encrypted. So, even if Delta Chat or Autocrypt would implement something completely different, it would still be compatible to a huge majority or users ...

[r10s]

Inventing a competing less secure solution won't help either of the solutions I am afraid.

Well, Autocrypt may be less secure that raw-PGP is some senses, however, as the latter is not really used "in the wild", the overall level of encryption will grow.

I do not see how this can be done while sticking on raw-PGP which is too complicated for many people.

If you have ideas here, or just want to talk about different approaches or backgrounds, it might be better if you discuss eg. on the Autocrypt mailing list. I am in deep contact with most of the other Autocrypt people and I can tell you that ideas and thoughts are always welcome there.

For Delta Chat, however, Autocrypt is the way we go currently. The rough Autocrypt-approach is the one I already had in mind when I started with Delta before I met the Autocrypt team. And the Autocrypt team has implemented the idea so much better than I ever could have done alone. So, if you want other encryption in Delta Chat, you have to change Autocrypt :)

[r10s]

aren't there enough simple messengers with all kind of security and deniability?

There is no open-source, e2ee, decentral one that allows me to reach billions of people out-of-the box.

[ghost]

On Mon, Nov 20, 2017 at 03:57:52PM +0000, Björn Petersen wrote:

What makes DeltaChat unique is that it could cooperate well with classical Email - if the encryption would be compatible.

But the encryption used by Delta Chat is compatible to PGP. You can send your Delta key to a normal MUA and the normal MUA can encrypt to Delta and Delta can decrypt it.

sorry, did not realise this.

The other way round, all the MUA has to do is to put its own key into an header instead of attaching it. In fact, the next versions of Thunderbird, K-9 and others will support exactly this feature.

so that requires each MUA to be changed to support key exchange via message headers and for those that don't support it saving the raw message and some manual work for the initial key exchange?

I could imagine a script doing this for mutt although it strikes me as rather inconvenient to do that much of trickery instead of attaching the keys to the message or getting it from a key server.

[r10s]

sorry, did not realise this.

No problem, you're welcome.

so that requires each MUA to be changed to support key exchange via message headers and for those that don't support it saving the raw message and some manual work for the initial key exchange?

Yes, changes are required if you want the MUA to support Autocrypt. For normal MUAs not supporting Autocrypt, the Autocrypt headers stay "invisible" and Autocrypt will not encrypt to these clients. So, there is no need to decrypt sth. manually.

Regarding mutt: It would be great if someone creates a ready-to-use-Autocrypt-script, I know of some people using mutt and Autocrypt, but theses setups seems to be a little weired :) ... maybe also a question for the Autocrypt mailing list.

[r10s]

also see comments in https://github.com/deltachat/deltachat-android/issues/284