If you haven't read this article please do. I couldn't help but admit to myself that choosing open platforms / specs like #email and #DeltaChat was the best decision ever 📧
Keeping platforms open https://seirdy.one/2021/02/23/keeping-platforms-open.html przez @wallabagapp
@avalos @michal While Delta Chat is quite an “open” platform, I would not recommend it because its PGP-based encryption is not as good as Matrix/XMPP+OMEMO, let alone Signal. PGP lacks some critical features for IM platforms such as perfect forward secrecy and channel binding. PGP also has a host of other issues, including a preference for extension rather than versioning resulting in insecure configurations among “weakest link” members of chats. Authentication is also flawed: without DNSSEC, authentication is weak and tied entirely to flawed PGP.
So Delta is open but openness/freedom isn’t all that matters: security does too. I imagine that cryptographers are an underrepresented slice of its user population.
Email is excellent for public forum-like discussion–I make use of its abilities here every day–but not the best tool for secure/private messaging.
@Seirdy @avalos I was vaguely aware of this aspect of Delta Chat so thanks for clarifying. But... what if I set up an email server just for a group of friends so that the messages won't even leave the server. Will it be more secure?
I realize that a private Matrix server would be a better solution but we're talking about non-technical people. Also, they might want to use the said email in different contexts. So having an extra email account would be more practical, wouldn't it?
@Seirdy @michal @avalos note that PGP is an IETF protocol (and we have small security-audited engine in Rust for it) while Forward Security is a app feature. Messengers supporting FS do not interoperate with each other leading to silos and centralization. FWIW the likes of Snowden used PGP for their secure communications so it's maybe better to not reject it wholly :) Delta Chat uses a minimal specified subset of PGP to reduce attack surfaces and confusion, namely https://autocrypt.org
@delta @michal @avalos Okay there’s a lot to unpack here.
Lots of things are IETF protocols, but that doesn’t automatically make them secure. The IETF is actually working on a better solution than PGP for messaging, called Messaging Layer Security (MLS); here’s the 12th draft.
Messengers supporting FS do absolutely interoperate. XMPP+OMEMO supports (admittedly weak) forward secrecy, and Matrix uses the OLM protocol which also supports it. Good TLS 1.2 cipher suites and all of TLS 1.3 support FS as well.
The existence of a Rust implementation of a protocol does not mean the protocol itself is a more secure option.
I don’t know what you mean when you say “Forward Security is an app feature”. Forward Secrecy is a property of key-agreement protocols, used in plenty of open protocols including HTTPS with modern TLS.
The Double Ratchet Algorithm did not exist in 2012-2013, while Snowden was doing his thing. Snowden endorsed Signal in its early days and continues to do so because its cryptography is top-notch. Yes, PGP “worked” for Snowden in that his email bodies weren’t decryptable; however, the fact that PGP isn’t broken isn’t the same thing as saying PGP is nearly as good as other alternatives. Finally, there’s threat modelling: Snowden’s goal was to leak info and get to safety even if it meant putting in serious effort, not hide his trail indefinitely with minimal effort.
Autocrypt helps solve the fact that PGP is unversioned and extensible instead of versioned and iterable, true. Some form of cross-client negotiation of autocrypt versions could make this a useful improvement, but it wouldn’t address the other issues.
@Seirdy @michal @avalos "Messengers supporting FS do absolutely interoperate" -- you can't mean that Signal, Whatsapp and Matrix are interoperable (and whether they implement MLS with interop between messengers needs to be seen) or do you? You are right that it's more precise to talk about FS in messengers and not FS in general. However, we do not share the view that FS in messengers is a must-have feature.
@Seirdy @michal @avalos Thanks for detailing your expert view and considerations. Maybe one day Delta chat will grow FS but for now, it's not a primary concern for several reasons. We are rather focusing on preventing active attacks in a useable way, using the "countermitm" protocols which we are still evolving https://countermitm.readthedocs.io/en/latest/new.html
@michal @Seirdy