Thunderbird and OpenPGP - Autocrypt

holger krekel holger at merlinux.eu
Thu Dec 5 14:38:47 UTC 2019


Hi Kai, 

thanks for writing this up ... one bigger feedback item below ...

On Thu, Dec 05, 2019 at 12:37 +0100, Kai Engert wrote:
> With Thunderbird's integrated OpenPGP implementation, we'd like to
> assist the user in protecting themselves against active adversaries. We
> will not follow the recommendation to automatically replace keys.
> Rather, we intend to inform the user about key change events, and
> encourage the user to verify the keys used by their communication partners.
> 
> While the Autocrypt specification promises to address the active
> adversary scenario in a future version of the specification, it is
> currently unknown how it will work.

Protection against MITM is a **hard** UX problem and virtually all efforts 
in Whatsapp/Signal/Enigmail etc. have failed to achieve it.  In the NEXTLEAP EU 
project cryptographers, implementors and UX researchers had had intense discussions 
around the UX/crypto-challenges involved with MITM, which resulted in this summary: 
https://countermitm.readthedocs.io/en/latest/new.html

Also, the first entry in the Autocrypt FAQ https://autocrypt.org/faq.html
points to an existing experimental implementation (in Delta Chat) that protects 
against active adversaries, based on the UX/Crypto resarch cited.

FWIW Autocrypt was created by people some of which are seriously engaged for
more than a decade into trying better than opportunistic protection.   They 
spent hundreds of hours on maintaining OpenKeychain, gpg in Debian and whatnot. 
Of course it sounds great to get "protection against active adversaries" 
but if it actually leads to more people dropping or not-adopting e-mail 
encryption than more harm has been done than good, despite intentions.  

Therefore i remain critical about introducing Key UX to the
prospective *default* Thunderbird encryption experience. 

On a sidenote, no one has been able to quote me *a single real-life instance* 
of an e-mail provider actively exchanging PGP keys in transit. Let alone
this happening on a mass scale. At this point i'd like to make an offer: 
If anyone can point me to a properly reported case where a commercial or 
activist e-mail provider did a sustained MITM attack, exchanging PGP keys etc, 
i'd gladly hand over 100 EUR (eg via paypal).

holger


More information about the tb-planning mailing list