The more I read about @delta, the more I like it. With one exception:
> Delta Chat apps (and other Autocrypt-compatible e-mail apps) share the keys required for end-to-end-encryption automatically as the first messages are sent. After this, all subsequent messages are encrypted end-to-end automatically. If one of the chat partners uses a non-Autocrypt e-mail app, subsequent messages are not encrypted until an Autocrypt-compliant app is available again.
This screams "downgrade attacks" at me.
I remember having this conversation with some other people building Autocrypt-enabled mail clients. I need a way to say: "no, really, *reject any attempt of unencrypted communication, always*."
This is non-negotiable (ha!). Downgrade attacks are real, and when I'm encrypting my mail it's partially because I do not trust my e-mail provider entirely.
A security breach of the provider can allow an attacker to disable encryption on a conversation, that's not okay in my threat model.
I do not see a reason why the client software could not be told *by the user* "please ignore anything that tries to trick you to stop encrypting".
It boggles my mind that this is even up for debate in 2021...
Seems like the easiest thing to do would be to visualize to the user when encryption is broken. Not unlike what the Conversations XMPP client does with OMEMO.
It might even do that, im not sure. Been playing with it some this morning but not enough where it's obvious to me.
@trashheap @rysiek In fact Delta chat has an feature called "verified groups" that guarantees e2e encryption safe against active attacks. See https://countermitm.readthedocs.io/en/latest/new.html for more background on this.
That said, I work with people who actually need e2ee. A tool that supports unencrypted comms, especially if a running conversation can be downgraded to cleartext, is simply dangerous to them.
Any chance of implementing some form of "pinning" a conversation with a contact to *always* encrypt?
@rysiek @trashheap that's coming yes and continously discussed. It's a pretty complex discussion and involves also the what is discussed at the intro of the autocrypt spec https://autocrypt.org/level1.html -- but the "verified" chats are build on top of this and we plan to offer this for Autocrypt level 2 discussions that were however hugely disrupted by the pandemic (we need physical gatherings to move such things forward)
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!