[Autocrypt] Autocrypt Level 1 gathering notes
holger at merlinux.eu
Wed Jun 14 11:01:50 EDT 2017
The Autocrypt Level 1 Freiburg gathering just closed up ...
it was my great pleasure to have azul, bjoern, dkg, florian, neal,
oliver, patrick and vincent here the last couple of days with a
few people chiming in remotely or doing pull-requests from afar.
I enjoyed the many loose and concentrated discussions which
led to what i consider very significant outcomes:
- first, what about "Level 0" you say? "Level 0" is and always was
"Level 1" according to Autocrypt's history-rewriting committee.
This must be true if you consider that releasing version 1 of the
spec clearly makes more sense because we are also talking about
"type=1" keys (there never was a "p" -- why should there have been?)
and, besides, counting from one is more user-friendly and less-programmer
oriented. So those claiming there was something like "level 0" are
off-by-one which fortunately happens a lot in programming.
- simplified "prefer-encrypt" attribute in Autocrypt headers which
is a bi-state now: "nopreference" (the default) and "mutual".
The latter means that Autocrypt recommends encrypt-by-default only
when both sides of a fresh mail-under-composition have
- much refined Autocrypt account setup process which is specified
in the "Setup Message" section. A "Setup Code" is used to secure
the secure the transmission of secret key material between user's
devices. The "Setup Code" has a specified format (9x4 numbers).
And the setup message is done in such a way that a way that
apps can add custom data (e.g. crypto or other information about
contacts) without interferences.
It's true that MUA implementors will need to spent some effort
around this issue but luckily all present MUA developers at the
gathering agreed it really makes sense considering the eco-system as
a whole (incompatible and conflicting autocrypt MUAs could
prove otherwise a major annoyance for everyone, let alone
the missing ability to update from one version to another).
Btw, please feel free to post questions to the mailing list
and chats if you don't understand the spec or have questions:
- the new optional "key gossipping" helps to accelerate key
distribution when sending encrypted mail to multiple
recipients and it also helps with encrypted replies aka
"damn, i can't reply encrypted because i have a key missing"
which is then hopefully gone, for how to use the new
optional Autocrypt-Gossip header see ...
- clarify MUAs should use passphrase-less keys because of
usability and overall "secret keys at rest" considerations, see:
which is based on older list thread:
- Autocrypt tuesdays continue and every other week we'll discuss
on #autocrypt at 4pm berlin time -- next Autocrypt IRC
is June 27th, aiming to release version "0.9" of the spec.
For preparing this step, please see milestone-1 planning:
The prospective "0.9" i guess is then already a good base for
new MUA implementors to chime in and implement Autocrypt.
There are still some pending rewordings and restructurings
which would improve readability and simplicity of the spec.
After "0.9" not much is to change then before the eventual
1.0rc1 and then 1.0 release ... speaking of which ...
- ... end of september we are likely heading for a "Level 1"
release party by which we'll hopefully have some releases
in the wild. It also then marks a potential start for
further automating and simplifying multi-device pairing,
out-of-band verification and incorporating feedback from
usability tests (azul aims to post more on this soon).
- As autocrypt-supporting apps are starting to appear
(https://delta.chat deployed it in real-life already,
currently still in this weird "level 0" version that
everybody knows doesn't exist) it becomes time we re-org
the autocrypt.org web page to help end users. If anyone wants
to step in to drive redesigning the web page towards this goal,
and test it with unsuspecting users, that'd be much much much
much appreciated. As you saw in separate mails Gero is finalizing
the logo now (here the Freiburg gathering also helped to move on).
So much for now, see you all soon again some way or the
other (personal question: anybody at SHA2017, maybe even
on the side, Autocrypt's breakfast experts proved through scientific
experimenting that using cold water on boilt eggs ("deterring eggs"
or "abschrecken" in german) DOES NOT help with peeling. It's clearly
an urban myth and always has been fake news. Through unrelenting
self-critique we also came up with several improvements to further
experiments which I hope dkg finds the time to post from his notes ...
because this is clearly much more significant on a world scale,
compared to some messages being encrypted or not.
More information about the Autocrypt