OpenPGPSummit 2018: The ecosystem is moving ...

October 22, 2018 by holger

OpenPGPSummit 2018 in Bruxelles just ended but felt like marking a lot of new and promising beginnings. Overall a great collaborative, friendly atmosphere with lots of informal and side-talks … learned a lot. The clearly most important breaking news first: sat together with Kevin, the current mutt maintainer and discussed how to integrate Autocrypt, more specifically muacrypt – feel free to laugh but there is a surprisingly high demand for this combo so we both hope to get to this soon :)

It remained a surprise to many that with DeltaChat you can message any e-mail address and mail app … even though i mentioned this prominently in my plenary 25 minute talk. Seeing Delta<->MUA interaction actually happen produced quite some “Oh, now i get it!” :) Most people just seem to assume “Chat only works with Chat” – understandable if you consider the current “silo-ification” of chat messaging, with their lock-in effects and luring claims of “My island is more beautiful than your island!”.
As some people noted, OpenPGP leaves things to be desired but it’s a working foundation for cross-island communication if you like … cross-project, cross-mail app and cross UI-paradigm compatible message encryption.

I learned and appreciated that there is no lack of interestingly evolving independent OpenPGP implementations. From Golang’s OpenPGP package (part of the core Golang libraries), the new “Seqouia” Rust implementation to a self-contained OCaml implementation … to name just a few … implementors were present and the project interoperate with GnuPG yet do not depend on it.

There was a strong presence of Privacy-oriented Mail providers (Mailfence, ProtonMail, Posteo, Startpage) several of which engage in interoperable PGP offerings, and also explore Autocrypt integrations. There are concrete plans to integrate Mailvelope, the crypto firefox/chrome plugin used with several webmail offerings, with Autocrypt in the next months.

Without staging a dedicated Delta UX session an “OpenPGPSummit” verified Delta group evolved which is still chatting … among them also Paul who gave valuable UI feedback, also on verifications, and then had interesting plans on a new SMS/Delta bot (did you know there is experimental you can chat with today, btw?) … speaking of interest in Delta, also had good conversations with Werner from GnuPG who was curious about DeltaChat and played around with it … or Martijn who is behind “ciphermail”, an encryption gateway … to name just a few.

The Autocrypt topic ran through a lot of sessions and side-talks … in fact the first plenary talk was from Daniel about the Level 1 spec and its strong usability focus. There is an evolving plan to do a “every second thursday of a month” IRC gathering, arrange for some Level 1 compliance checking, and also head for a 3-4 day pre-IFF Autocrypt gathering end of March 2019 in Valencia … not to mention likely partial gatherings around 35c3 and Fosdem before that. That being said this is all less about “Level 2” but rather about Level 1 consolidation and getting more people on board. Things take time but that’s fine … E-Mail is a somewhat messy, diverse, federated eco-system with many different players and several billion people using it … and arranging for usable interoperable encryption is a collaborative challenge on many technical and social levels. My impression was that “usable encryption” and “interoperability” was a shared concern with many acknowledging that it’s the actual outcome for users and less the abstract properties of crypto-protocols that count. But maybe that’s just my bias of seeing things :)

There is more … e.g. I learned about Software Archeology from a younger guy called “Joe” during some of my personal outside sessions – when he rescued a university from loosing access to decades of research data stored in a Solaris 7 System, located in a toilet cabin (!) with the last login from 2006 and still running a functioning internet-reachable SMTP server … while the last two people able to work with the machine were about to retire … and this is just the start of the story. or “g.” who does crypto-research for a quarter century, and who has broken a lot of systems and has a very thorough yet refreshingly pragmatic stance on crypto/security issues … he appreciated and positively commented a lot of the DeltaChat concepts.

To be fair, I am only reporting here on a part of what i encountered … after the three plenary talks saturday morning, there were 20-30 one-hour sessions and countless informal ones … but as my train is finally entering the black forest and it’s long past midnight i am winding down this already long enough blog post, not without saying BIG THANKS to:

see you all around!