From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: Autocrypt support Date: Mon, 28 Aug 2017 22:47:29 +1000 Message-ID: References: <87pobgog62.fsf@riseup.net> <87pobgf2qw.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a113cdf0c99a4070557cfb2a7" X-Trace: blaine.gmane.org 1503924501 28715 195.159.176.226 (28 Aug 2017 12:48:21 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 28 Aug 2017 12:48:21 +0000 (UTC) To: Emacs developers Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Aug 28 14:48:12 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmJSX-0006cp-HK for ged-emacs-devel@m.gmane.org; Mon, 28 Aug 2017 14:48:05 +0200 Original-Received: from localhost ([::1]:39704 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dmJSe-0002VT-7U for ged-emacs-devel@m.gmane.org; Mon, 28 Aug 2017 08:48:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45747) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dmJS1-0002VB-Ur for emacs-devel@gnu.org; Mon, 28 Aug 2017 08:47:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dmJS0-0006K6-Is for emacs-devel@gnu.org; Mon, 28 Aug 2017 08:47:34 -0400 Original-Received: from mail-oi0-x22b.google.com ([2607:f8b0:4003:c06::22b]:32822) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dmJS0-0006JQ-Bd for emacs-devel@gnu.org; Mon, 28 Aug 2017 08:47:32 -0400 Original-Received: by mail-oi0-x22b.google.com with SMTP id r203so2984860oih.0 for ; Mon, 28 Aug 2017 05:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=suVP1WfaxQiRHVi7pWReKWO6wO4Wsrwqo3NPZecouRo=; b=WkOtRFt74ah7QpVoiaq+0KsygNK240eDSMiw+P/kC3jb9GAQLb2jDhLKySyxkS5zsJ kQqi7CKddbFBKlSuMfO0vLMgrYjbbt8s+JrUnUx3nvu4ajtxsjjlZXr7qkYigqOBGCzy PQWJjLOIx49rW+MllwCv2UzWCDEy/wC+xOhpCE9tuW2ZIPi0v0O6QzNcZiVJ4/YibTon HaTin4aGhQ1KAuP62i8YL/FxsQXfJ+ckQdVpAVWAqgpYC7JzA9raMr+/uj1ux0iBaAH3 p7oWu0BCP2OYi3inBjwWlYAfWiGWSNYfEBE/q79cfIbr01D3w7gCsO05NJl6DH3rwoHC VY/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=suVP1WfaxQiRHVi7pWReKWO6wO4Wsrwqo3NPZecouRo=; b=iEklECpF5tXRr5dTBBUjDpSTngL+zlKBNGxlQmE2uKq8J4SXjdOXD3M1+5TVMcSZl8 oS0f//eaq2b6ndSUg1soA2itd75G9BsMTfF2jVHKpq4qpq/iuzggJeasbY0dVdOqRUtO 9mO9tW+l2iXAllpS0O38K9lDImjNrHPmBLvquutNMysLf3UqBiRvKAsTMWp62cEMbfwp nIzKfv3UeitfylhF3pBVP5mjQ5ma1+/FUTe4tnwx6t0OUsrPvaF8jzMhlqLjTRyn4z13 tBLQFoGf0JRcBCJX6qx49aPemuORr/SaxBIJj17AjoRJDWD7RoTcp9qhcbuXTHVGPUXi feuA== X-Gm-Message-State: AHYfb5ie2zzqkPfKAjohJ+2shifgZCNG1YgpGjVtknohnN7nuVoyPnzM a5fSJINyNzo7iifcc1TLD+LtFJj4nujf X-Received: by 10.202.169.145 with SMTP id s139mr458055oie.62.1503924449811; Mon, 28 Aug 2017 05:47:29 -0700 (PDT) Original-Received: by 10.168.72.129 with HTTP; Mon, 28 Aug 2017 05:47:29 -0700 (PDT) In-Reply-To: <87pobgf2qw.fsf@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4003:c06::22b X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217866 Archived-At: --001a113cdf0c99a4070557cfb2a7 Content-Type: text/plain; charset="UTF-8" I agree. This spec looks very under developed yet and I'm not sure it actually addresses the key issue which prevents more universal adoption of end-to-end encrypted email. The problem is and remains one of key management and humans, which becomes even more difficult because it is trying to retro-fit encryption to a protocol which has no support for it. The real challenge for specs like this is that they mean nothing unless a majority of mail clients support them. Getting them added is going to be extremely difficult - near impossible. It is more likely we will just see people move to different comms channels which are secure rather than trying to retro fit traditional email. A bigger problem is that their spec for level 1 only deals with users using a single mail client. I'm not sure in this day of multiple devices this will be sufficient. The reason I moved to an imap based setup is that I regularly use 3+ different mail clients on 4+ different devices. I need to be able to access my email from all of these devices and this spec will fail to provide that. Level 2 looks like where this functionality will be targeted. However, the problem is that level 1 may not get the uptake/momentum needed to get to level 2. Note that I'm not meaning to disparage the effort - it is a good/meaningful effort. However, I think it needs to mature a fair bit before any real implementation/support can be added to existing mail clients. It is likely efforts like this are what is needed to work out a better solution, but this spec so far seems to lack some meat. It needs to provide more detail on exactly what the key problems are which prevent automatic end-to-end encryption of email and how this spec will address those problems. Tim On 28 August 2017 at 19:41, Robert Pluim wrote: > Rajeev Narang writes: > > > Is anyone working on supporting Autocrypt in emacs. > > > > https://autocrypt.org/en/latest/level1.html > > > > I don't think so. I didn't see any rationale on that page for why we > need yet another way of transferring keys and specifying encryption > options in email headers, perhaps you could explain why Autocrypt > would be a good thing? > > Regards > > Robert > > > -- regards, Tim -- Tim Cross --001a113cdf0c99a4070557cfb2a7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I agree. This spec looks very under developed yet and I= 9;m not sure it actually addresses the key issue which prevents more univer= sal adoption of end-to-end encrypted email.=C2=A0

The pr= oblem is and remains one of key management and humans, which becomes even m= ore difficult because it is trying to retro-fit encryption to a protocol = =C2=A0which has no support for it.=C2=A0

The real = challenge for specs like this is that they mean nothing unless a majority o= f mail clients support them. Getting them added is going to be extremely di= fficult - near impossible. It is more likely we will just see people move t= o different comms channels which are secure rather than trying to retro fit= traditional email.=C2=A0 A bigger problem is that their spec for level 1 o= nly deals with users using a single mail client. I'm not sure in this d= ay of multiple devices this will be sufficient. The reason I moved to an im= ap based setup is that I regularly use 3+ different mail clients on 4+ diff= erent devices. I need to be able to access my email from all of these devic= es and this spec will fail to provide that.=C2=A0 Level 2 looks like where = this functionality will be targeted. However, the problem is that level 1 m= ay not get the uptake/momentum needed to get to level 2.=C2=A0
Note that I'm not meaning to disparage the effort - it is = a good/meaningful effort. However, I think it needs to mature a fair bit be= fore any real implementation/support can be added to existing mail clients.= It is likely efforts like this are what is needed to work out a better sol= ution, but this spec so far seems to lack some meat. It needs to provide mo= re detail on exactly what the key problems are which prevent automatic end-= to-end encryption of email and how this spec will address those problems.= =C2=A0


Tim


On 28 August 20= 17 at 19:41, Robert Pluim <rpluim@gmail.com> wrote:
Rajeev Narang <rajeevn@riseup.net> writes:

> Is anyone working on supporting Autocrypt in emacs.
>
>=C2=A0 =C2=A0https://autocrypt.org/en/latest/lev= el1.html
>

I don't think so. I didn't see any rationale on that page fo= r why we
need yet another way of transferring keys and specifying encryption
options in email headers, perhaps you could explain why Autocrypt
would be a good thing?

Regards

Robert





--
regards,

Tim

--
Tim Cross

--001a113cdf0c99a4070557cfb2a7--