Autocrypt: Email Encryption for Everyone
|Autocrypt: Email Encryption for Everyone|
|Presenter(s)||holger krekel, Ksenia Ermoshina, Daniel Kahn Gillmor, Azul|
|Organization(s)||merlinux, ACLU, CNRS|
|Project(s)||Autocrypt, NEXTLEAP, LEAP|
|Country(ies)||Germany, US, Russia|
|2017 theme||Tools & Technology|
We'd like to show and discuss prototypes, use cases and the approach of the current "Email Encryption for Everyone" effort. We'll present results and show how this brand-new scheme works in theory and practise. Unlike some other approaches it only requires support from client-side mail programs and you can use it with any mail provider. Encryption keys are managed and discovered through regular mails. The specification, while still under development, became much more concrete during discussion and tested at the hackathon and unconference December 2016 at the Onion Space Berlin offices.
The approach follows ideas from the post-Snowden on Opportunistic Security and focuses first on protecting against passive network/provider attacks and in particular aims to:
- liberate users from having to manually manage encryption/decryption keys
- early integrate user feedback and results from useability testing into the protocol design
- manage key discovery through mails people send each other (no keyservers, no dependency on extra services)
- be easy to standardize and seeking agreement from mail app developers
- implement multi-device sharing of secrets through pairing
In this session we show the state of the Autocrypt spec, existing prototypes and discuss use cases and test useability aspects with the audience, seeking feedback and critique from interested users, designers, and fellow developers.
|Target Groups||Developers and Activists interested in encrypted mail|