Skip to main content

Much of what is commonly said about #email and #openpgp is wrong. It can very well be fast and secure and that's a claim backed by working code and deployments and audits (#chatmail servers and the #deltachat family of apps). There is no both-sides-have-opinions game to be played here. Internet-scale messaging alternatives are arguably either centralized or brittle. There is however much room for further improvements including deep changes in how we commonly understand email today. Stay tuned 😀
#email #deltachat #openpgp #chatmail
in reply to Delta Chat

Jonathan Lamothe
Jonathan Lamothe

@Delta Chat to be fair, PGP doesn't encrypt metadata (including the subject line) and lacks perfect forward secrecy.

Still it's better than nothing.

@Delta Chat
in reply to Jonathan Lamothe

Delta Chat
Delta Chat
subject lines are encrypted with delta since 2018 ;) for more info see delta.chat/en/help#message-met… and the whole section around encryption.

Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...
delta.chat
This entry was edited (4 days ago)
in reply to Delta Chat

Martin Schmitt #NochNieCDU
Martin Schmitt #NochNieCDU
@me Crosspoint had PGP-encrypted email subjects in what must have been 1992 or 93. 🤔
@Jonathan Lamothe
in reply to Martin Schmitt #NochNieCDU

Jonathan Lamothe
Jonathan Lamothe
@Martin Schmitt #NochNieCDU @Delta Chat I'm actually surprised about that. That said, the perfect forward secrecy bit remains. Also, it doesn't do anything to mask who you're communicating with (which is admittedly difficult to do).
@Martin Schmitt #NochNieCDU @Delta Chat
in reply to Jonathan Lamothe

Delta Chat
Delta Chat
@me @unixtippse signal also doesn't have "sealed recipients": When a client sends a message signal server knows precisely who are the recipients including their verified phone numbers.
@Jonathan Lamothe @Martin Schmitt #NochNieCDU
in reply to Delta Chat

Schneckbert 🐌
Schneckbert 🐌
@me @unixtippse security and privacy are in many -if not most- cases not the same. everyone needs to evaluate their own threat model and choose the tools that fit best - this often comes with a certain level of inconvenience
@Jonathan Lamothe @Martin Schmitt #NochNieCDU
in reply to Jonathan Lamothe

Δж➂
Δж➂

perfect forward secrecy while nice to have, i think will depend on your threat-model. if someone has a hold of my device it's already over and i have bigger problems.

the metadata i feel is threat-model specific. i'm okay with someone knowing my deltachat email is bld3jjasdjjhf@rando.server.today it's still somewhat of an abstraction

in reply to Δж➂

Delta Chat
Delta Chat
@ax3 @me we may eventually return to the topic of forward secrecy ... it is doable but details matter which we won't discuss much here. Please do note that up until today, nobody has come up with federated PFS protocols in real life messengers that would be as reliable as Signal. For now, PFS means centralization and that's a very high price to pay.
@Jonathan Lamothe @Δж➂

Delta Chat reshared this.

in reply to Delta Chat

Δж➂
Δж➂

> Please do note that up until today, nobody has come up with federated PFS protocols in real life messengers that would be as reliable as Signal.

i do keep up with this, and yes it's not been done in a way that works well. i enjoy delta for what it is. it's less infrastructure i have to maintain and i'm not concerning myself with what goes in and out of signal's blackbox(es) for personal communications.

in reply to Delta Chat

Delta Chat
Delta Chat
To be fair, we should have mentioned #xmpp as an internet scalable solution that exists and works but maybe it could be said it doesn't reach pervasive end-to-end encryption? Anyways, sorry for not incorporating its existence better in what was posted.
#xmpp
in reply to Delta Chat

Daniel Gultsch
Daniel Gultsch
I don’t have the numbers (Maybe we can try digging some up) but my best guess is that the overwhelming majority of messages flowing through the public XMPP network are OMEMO encrypted these days. (Excluding those to and from public channels, obviously)
Yes there are clients that don’t have OMEMO but I don’t think they are responsible for a lot of the traffic.
in reply to Daniel Gultsch

Delta Chat
Delta Chat
@daniel thanks for the insight! We'll see to better phrase things in the future .... As you know we are cooperating with xmpp messenger devs and do think there are interesting things to do together ... For example, bridging with end-to-end encryption may be doable if the right people manage to sit together and sort it out.
@Daniel Gultsch
in reply to Delta Chat

Daniel Gultsch
Daniel Gultsch

All good. I didn’t even have any issues with your original post.
Things that have existed and evolved for 25 years are brittle.
The question is do you look at the 2-3 clients we actually recommend or everything under the sun that calls itself #XMPP.

I’m not holding Delta Chat responsible for mutt+gnupg even though it would probably be somewhat compatible.

#xmpp
in reply to Delta Chat

Daniel Gultsch
Daniel Gultsch

That’s actually the one thing I’m most looking forward to when I can finally make Ltt.rs my primary email client: Good, native #autocrypt / #openpgp support.

The OpenPGP spec or even the libraries aren’t the problem. It’s just bad clients that treat E2EE as an afterthought.

#JMAP

#openpgp #autocrypt #JMAP
This entry was edited (4 days ago)
in reply to Daniel Gultsch

Delta Chat
Delta Chat
@daniel if you engage there let us know if you need help. The @rpgp lib we use is top notch and security audited but autocrypt and higher level handling us in the deltachat rust core. Could be factored out into an own crate probably.
@Daniel Gultsch @rPGP
Unknown parent

Delta Chat
Delta Chat
@wiktor @daniel @rpgp @vanitasvitae fair point and great that there are multiple choices 😀
@vanitasvitae @Wiktor Kwapisiewicz @Daniel Gultsch @rPGP
in reply to ejim

Delta Chat
Delta Chat
@ejim No ETA, but work on post-quantum encryption for OpenPGP is in progress at datatracker.ietf.org/doc/draft…, eventually it gets standardized and implemented in rPGP, so it will be possible to generate PQ keys.

Post-Quantum Cryptography in OpenPGP

This document defines a post-quantum public-key algorithm extension for the OpenPGP protocol. Given the generally assumed threat of a cryptographically relevant quantum computer, this extension provides a basis for long-term secure OpenPGP signatures…
IETF Datatracker
@ejim
in reply to Delta Chat

vanitasvitae
vanitasvitae
@ejim it'll be interesting to see, how the OpenPGP schism plays out in the long run. Right now it looks like there might be two competing, almost identical PQC drafts, one from GnuPG (LibrePGP) and one from BSI/MTG/Proton (ietf.org/archive/id/draft-ietf…).

Post-Quantum Cryptography in OpenPGP

This document defines a post-quantum public-key algorithm extension for the OpenPGP protocol. Given the generally assumed threat of a cryptographically relevant quantum computer, this extension provides a basis for long-term secure OpenPGP signatures…
www.ietf.org
@ejim
in reply to vanitasvitae

Delta Chat
Delta Chat
@vanitasvitae @ejim we are mostly engaged with OpenPGP players because this is where multi-party collaboration happens today, including advances on various specs, discussing questions etc. We experience discussions there as in good faith. People listen to each other and move jointly. The whole point of standardization is to have multi-party agreements and compliant implementations, after all.
@vanitasvitae @ejim
in reply to Delta Chat

Heiko
Heiko
@ejim fwiw, I'd expect the IETF OpenPGP PQC format to land in rPGP in the first half of this year
@ejim

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.