Hey folks, good tidings we bring, to you and your kin: The Autocrypt 1.0 spec was released today!
See https://autocrypt.org Autocrypt is an effort to improve usability of encrypted email, which boils down to a set of guidelines that attempt to automate both public and secret key management on top of OpenPGP, and provide a basis for a more unified user experience across clients. At its core, Autocrypt-capable clients aggressively distribute their public key, by placing them in the headers of outgoing mail. However, encryption happens only upon user request, which means either manual opt-in per message, when replying to an encrypted message, or by default if *all* involved parties enable a preference to that effect. It's worth mentioning that there is pretty much no technical novelty in Autocrypt. We don't attempt to solve search in encrypted messages, or keyring sync, or forward secrecy, or trust models, or any other of the tough problems other than key distribution. The scope is further narrowed down by (mostly) disregarding active adversaries, and discouraging advanced workflows like signed-only or encrypted-only mail. The work we put into the spec consists almost exclusively of carefully thinking through email workflows, trying to offer encryption wherever possible while staying out of the user's way, and weighing those consideration against an implementation complexity that we hope can actually be achieved in reasonable time. Our hope is to get a number of established MUAs to implement this spec (it's in the works for Enigmail and K-9 Mail), and spread naturally from there to other clients that like the workflow and want to adopt it. I'll leave it at this to avoid a wall of text, and encourage you to check out our spec instead. The spec itself is just a dozen or so pages, and we tried to make it as approachable as possible. https://autocrypt.org/autocrypt-spec-1.0.0.pdf We'd love to hear your feedback! Happy holidays to all of you - V _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
