dest4
commented
5 years ago For the record, there is an ongoing standardization of secured E2E messaging system. AFAIK, federation (i.e. non centralization) is on the table. https://datatracker.ietf.org/wg/mls/documents/
Hi,
I did read that Tutanota does not use pgp because it doesn’t support forward secrecy nor yet quantum-resistant crypto algorithms (of which none has been yet standardized afaik). It does neither support features such as deniability, automatic padding or standards about group messaging. However any of these can be implemented using pieces of pgp standards: respectively per-message subkeys distributed with previous message, new standardized algorithms (ECC, including ed25519 were included in several implementations recently, and when quantum-resistant crypto algorithms will be standardized they will probably come too), encrypted meta-data to be symmetrically sign with (hmac), etc.
However, without having taken the time to look at the source code (it’s been a long time I didn’t read javascript, and I’m quite busy as well as dissipated and disorganized these times), I don’t see a particular standard for asynchronous exchange end-to-end encryption mentioned anywhere, as well as any way of using asymmetrical encryption in a non-centralized (around tutanota) way. Is it planned to develop one, or is it planned to stay centralized?