OpenPGPSummit 2018: The ecosystem is moving ...
October 22, 2018 by holger
OpenPGPSummit 2018 in Bruxelles just ended but felt like marking a lot of new and promising beginnings. Overall a great collaborative, friendly atmosphere with lots of informal and side-talks … learned a lot. The clearly most important breaking news first: sat together with Kevin, the current mutt maintainer and discussed how to integrate Autocrypt, more specifically muacrypt – feel free to laugh but there is a surprisingly high demand for this combo so we both hope to get to this soon :)
It remained a surprise to many that with DeltaChat you can message any
e-mail address and mail app … even though i mentioned this prominently in my
plenary 25 minute talk. Seeing Delta<->MUA interaction actually happen
produced quite some “Oh, now i get it!” :) Most people just seem to assume
“Chat only works with Chat” – understandable if you consider the
current “silo-ification” of chat messaging, with their lock-in effects
and luring claims of “My island is more beautiful than your island!”.
As some people noted, OpenPGP leaves things to be desired but it’s a working foundation for cross-island communication if you like … cross-project, cross-mail app and cross UI-paradigm compatible message encryption.
I learned and appreciated that there is no lack of interestingly evolving independent OpenPGP implementations. From Golang’s OpenPGP package (part of the core Golang libraries), the new “Seqouia” Rust implementation to a self-contained OCaml implementation … to name just a few … implementors were present and the project interoperate with GnuPG yet do not depend on it.
There was a strong presence of Privacy-oriented Mail providers (Mailfence, ProtonMail, Posteo, Startpage) several of which engage in interoperable PGP offerings, and also explore Autocrypt integrations. There are concrete plans to integrate Mailvelope, the crypto firefox/chrome plugin used with several webmail offerings, with Autocrypt in the next months.
Without staging a dedicated Delta UX session an “OpenPGPSummit” verified Delta group evolved which is still chatting … among them also Paul who gave valuable UI feedback, also on verifications, and then had interesting plans on a new SMS/Delta bot (did you know there is experimental firstname.lastname@example.org you can chat with today, btw?) … speaking of interest in Delta, also had good conversations with Werner from GnuPG who was curious about DeltaChat and played around with it … or Martijn who is behind “ciphermail”, an encryption gateway … to name just a few.
The Autocrypt topic ran through a lot of sessions and side-talks … in fact the first plenary talk was from Daniel about the Level 1 spec and its strong usability focus. There is an evolving plan to do a “every second thursday of a month” IRC gathering, arrange for some Level 1 compliance checking, and also head for a 3-4 day pre-IFF Autocrypt gathering end of March 2019 in Valencia … not to mention likely partial gatherings around 35c3 and Fosdem before that. That being said this is all less about “Level 2” but rather about Level 1 consolidation and getting more people on board. Things take time but that’s fine … E-Mail is a somewhat messy, diverse, federated eco-system with many different players and several billion people using it … and arranging for usable interoperable encryption is a collaborative challenge on many technical and social levels. My impression was that “usable encryption” and “interoperability” was a shared concern with many acknowledging that it’s the actual outcome for users and less the abstract properties of crypto-protocols that count. But maybe that’s just my bias of seeing things :)
There is more … e.g. I learned about Software Archeology from a younger guy called “Joe” during some of my personal outside sessions – when he rescued a university from loosing access to decades of research data stored in a Solaris 7 System, located in a toilet cabin (!) with the last login from 2006 and still running a functioning internet-reachable SMTP server … while the last two people able to work with the machine were about to retire … and this is just the start of the story. or “g.” who does crypto-research for a quarter century, and who has broken a lot of systems and has a very thorough yet refreshingly pragmatic stance on crypto/security issues … he appreciated and positively commented a lot of the DeltaChat concepts.
To be fair, I am only reporting here on a part of what i encountered … after the three plenary talks saturday morning, there were 20-30 one-hour sessions and countless informal ones … but as my train is finally entering the black forest and it’s long past midnight i am winding down this already long enough blog post, not without saying BIG THANKS to:
Patrick from Enigmail for contacting and pulling people together for this summit,
Salman and Patrick from Mailfence who organized and funded the nice location, food and drinks,
Renewable Freedom Foundation for funding the saturday evening dinner
to all the great and fun people attending!
see you all around!